All about Composer Commands publisher image
Lamai Institute

All about Composer Commands

May 10, 2022 1 minute read 457 views
Composer Dependency manager Composer cheat sheet Composer commands

Today’s PHP is an entirely different, much more elegant and mature language with countless improvements and additions.

One of the key additions is Composer, the de facto standard for managing PHP project dependencies which, by default, gives you access to hundreds of ready-made libraries, via Packagist.org.

I’m not going to go over how to use Composer, as it’s been covered so well here already; especially by this article.

All composer commands, depending on your install, may need to use php composer.phar in the install folder for composer, instead of global/plain composer.

Let's dive in:

Updating packages

These commands change only the composer.lock file

composer update Updates all packages
composer update --with-dependencies Updates all packages and its dependencies
composer update vendor/package Updates a certain package from vendor
composer update vendor/* Updates all packages from vendor
composer update --lock Updates composer.lock hash without updating any packages

 

Adding Packages

These commands change both the composer.json and composer.lock files.

composer require vendor/package. Adds package from vendor to composer.json’s require section and installs it
composer require vendor/package --dev Adds package from vendor to composer.json’s require-dev section and installs it.

 

Removing packages

composer remove vendor/package Removes vendor/package from composer.json and uninstalls it

This command changes both the composer.json and composer.lock files. 

 

Verifying

composer outdated --direct Show only packages that are outdated directly required by the root package

 

Installing dependencies

composer install Downloads and installs all the libraries and dependencies outlined in the composer.lock file. If the file does not exist it will look for composer.json and do the same, creating a composer.lock file.
composer install --dry-run Simulates the install without installing anything

The dry-run command doesn’t change any file. If composer.lock is not present, it will create it.

composer.lock should always be committed to the repository. It has all the information needed to bring the local dependencies to the last committed state. If that file is modified on the repository, you will need to run composer install again after fetching the changes to update your local dependencies to those on that file.

 

Updating autoloader

composer dumpautoload -o Generates optimized autoload files

 

Passing versions

composer require vendor/pkg "1.3.2" Installs 1.3.2
composer require vendor/pkg ">=1.3.2" Above or equal 1.3.2
composer require vendor/pkg "<1.3.2" Below 1.3.2
composer require vendor/pkg "1.3.*" Latest of >=1.3.0 <1.4.0
composer require vendor/pkg "~1.3.2" Latest of >=1.3.2 <1.4.0
composer require vendor/pkg "~1.3" Latest of >=1.3.0 <2.0.0
composer require vendor/pkg "^1.3.2" Latest of >=1.3.2 <2.0.0
composer require vendor/pkg "^1.3" Latest of >=1.3.0 <2.0.0
composer require vendor/pkg "^0.3.2" Latest of >=0.3.0 <0.4.0 (for pre-1.0)
composer require vendor/pkg "dev-BRANCH_NAME" From the branch BRANCH_NAME

If you’re running the install command from your local environment doesn’t fulfill the platform requirement ext-* but have it in your environment then you can run the following which will ignore the platform requirement.

composer [require|update|install] --ignore-platform-reqs

If your environment runs out of memory (Maximum allowed memory allocation problem) you can run the following command.

COMPOSER_MEMORY_LIMIT=-1 composer [command_here]

If your composer [command] screen is frozen, and you want to know if it’s working or not, use the following -vvv flag to print out all the debug logs.

COMPOSER_MEMORY_LIMIT=-1 composer update -vvv

To clear all the cached packages.

composer [clearcache|clear-cache|cc]

Show a list of the packages installed with their version number.

composer show# alias
composer info

Check the list of root level required packages (with dev).

composer show -s

Show the tree of a required package.

composer show --tree vendor-name/package-name

Check why a package was installed.

composer why [--tree] vendor-name/package-name# alias
composer depends [--tree] vendor-name/package-name

Check why a package version was not installed.

composer why-not vendor-name/package-name VERSION.NUMBER# alias
composer prohibits vendor-name/package-name VERSION.NUMBER

Shows if you modified a package locally in vendor directory.

composer status -v

Visit the package’s repository.

composer home vendor-name/package-name

Shows a list of new updates of the installed packages.

composer outdated

Finally, view all the list of available commands.

composer list

Composer's documentation is a bit geeky, but if that's your kinda thing, here's the link: https://getcomposer.org/doc/03-cli.md

 

Happy coding!