2.8.3.2. Work with Composer

Composer is a package manager for PHP. It allows you to download and update the libraries used by your project, along with their dependencies, from the official repository packagist.org. This eliminates the need to download and integrate each one manually, and there is no need to store them directly within the project itself, which reduces its size.

Detailed information on using Composer is available in the official documentation.

To run Composer, do the following:

composer

If the PHP version used to run Composer differs from the version displayed while it is running, run the following command:

export PATH=/usr/local/php73/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

Replace php73 with the desired PHP version.

• install — install the packages listed in composer.json. The packages are installed in the directory from which the command was run.
• update — update of all packages (if any packages were accidentally removed, they will be automatically reinstalled).
• update package/name — update of a specific package.
• dumpautoload — rebuild the autoloader.
• require somepackage/somepackage:someversion — add a new package (by default, packages are installed from the official repository). When installed, the package is added to composer.json.
• update –lock — update of the composer.lock lock file.
• –profile — add this parameter to any command to display the execution time and the amount of memory used.
• –verbose — detailed information about the operation being performed.
• show — list of installed packages with a description of each.
• show –platform — information about PHP.
• –dry-run — command execution simulation. Can be added to the install and update commands. Simulates the execution of the command without actually running it. This is necessary to verify whether the installation of packages and dependencies will succeed.
• remove — removes a package. The exact opposite of require.

composer.json — is a key file for Composer. It contains a list of libraries and their versions required for the project to run.

Each package also has its own composer.json file, which lists all of its dependencies. This file is created by the package developer. The file schema is available on the official site.

The composer.lock file stores the current list of installed dependencies and their versions. It is necessary to ensure that anyone cloning the project has an identical package environment (i.e., the same set of libraries with the same versions).

When running install, Composer primarily relies on the contents of composer.lock. Each time you run update, the updated package versions are recorded in composer.lock.

The composer.lock file contains a hash of the composer.json file. If the JSON file has been edited, Composer will issue a warning that the lock file no longer matches the JSON file. In this case, you will need to update composer.lock using the update –lock command.

The installation is performed using the following command:

composer install

As a result, Composer:

1. Checks for the presence of composer.lock:
   1. If it exists, it will retrieve the names of the required packages and their versions from it.
   2. If it doesn't exist, it will parse the contents of the composer.json file and extract the names of the required packages and their versions from it.
2. Downloads/installs the required versions of the packages into the vendor directory.
3. It will automatically generate the autoload.php file.
4. If the composer.lock file does not exist, it will create it.

To allow the project to access the installed libraries, simply include autoload.php:

require_once '../vendor/autoload.php';

The update is performed using the following command:

composer update

As a result, Composer:

1. Checks the contents of composer.json.
2. Determines the latest versions based on the data in this file.
3. Installs the latest versions of the packages.
4. Updates composer.lock based on the installed packages.

To specify the required package, use the require command, which is embedded in the composer.json file, or use the following command in the console:

composer require поставщик/пакет версия

Dependencies are specified in the composer.json file as follows:

"require": {
    "vendor/package1": "version",
    "vendor/package2": "version",
    "vendor/package3": "version"
}

• vendor — the provider of the library to be installed.
• package — the name of the package provided by the vendor.
• version — the version of the requested library. If not specified, the latest version of the package will be installed. Versions are specified using numeric (1.2.1, 3.5.1) or textual designations (dev-master, master). You can also use approximate designations following the standard described in SemVer.

For example, to install the monolog package, run the following command:

composer require "monolog/monolog"

Or add the following lines to the composer.json file:

{
    "require": {
        "monolog/monolog": "*"
    }
}

Then run the following in the console:

composer update

To remove packages, you need to delete the lines referencing them from the composer.json file. For example, for Monolog, you need to delete:

 "monolog/monolog": "*"

Next, run the following command in the console:

composer update

Alternatively, you can run the following command in the console:

composer remove monolog/monolog

If Composer reports that a package requires a version of PHP that is no lower than the one specified in the error message, install that version by updating the PATH variable following the instructions, and then rerun the Composer command that caused the error.

If you encounter the error "Fatal error: Allowed memory size of XXX bytes exhausted" while running a Composer command, try running it as follows:

php -d memory_limit=-1 /usr/local/bin/composer команда