Select Page

A prior edition of this educational used to be written via Brennen Bearnes.


Composer is a well-liked dependency control device for PHP, created principally to facilitate set up and updates for task dependencies. It’ll test which different programs a selected task is dependent upon and set up them for you, the use of the correct variations in line with the task necessities.

On this educational, you’ll be able to set up and get began with Composer on an Ubuntu 18.04 method.


To finish this educational, you are going to want:

Step 1 — Putting in the Dependencies

Ahead of you obtain and set up Composer, it would be best to be certain your server has all dependencies put in.

First, replace the bundle supervisor cache via operating:

Now, let’s set up the dependencies. We will want curl with a purpose to obtain Composer and php-cli for putting in and operating it. The php-mbstring bundle is important to offer purposes for a library we’re going to be the use of. git is utilized by Composer for downloading task dependencies, and unzip for extracting zipped programs. The entirety may also be put in with the next command:

  • sudo apt set up curl php-cli php-mbstring git unzip

With the must haves put in, we will be able to set up Composer itself.

Step 2 — Downloading and Putting in Composer

Composer supplies an installer, written in PHP. We will obtain it, check that it isn’t corrupted, after which use it to put in Composer.

Be sure you’re in your house listing, then retrieve the installer the use of curl:

  • cd ~
  • curl -sS -o composer-setup.php

Subsequent, check that the installer suits the SHA-384 hash for the most recent installer discovered at the [Composer Public Keys / Signatures][composer-sigs] web page. Replica the hash from that web page and retailer it as a shell variable:

  • HASH=544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061

Just remember to exchange the most recent hash for the highlighted price.

Now execute the next PHP script to ensure that the set up script is secure to run:

  • php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

You can see the next output.


Installer verified

When you see Installer corrupt, then you’ll be able to wish to redownload the set up script once more and double test that you are the use of the proper hash. Then run the command to ensure the installer once more. After getting a verified installer, you’ll be able to proceed.

To put in composer globally, use the next command which is able to obtain and set up Composer as a system-wide command named composer, underneath /usr/native/bin:

  • sudo php composer-setup.php --install-dir=/usr/native/bin --filename=composer

You can see the next output:


All settings proper for the use of Composer Downloading... Composer (edition 1.6.5) effectively put in to: /usr/native/bin/composer Use it: php /usr/native/bin/composer

To check your set up, run:

And you’ll be able to see this output showing Composer’s edition and arguments.


______ / ____/___ ____ ___ ____ ____ ________ _____ / / / __ / __ `__ / __ / __ / ___/ _ / ___/ / /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ / ____/____/_/ /_/ /_/ .___/____/____/___/_/ /_/ Composer edition 1.6.5 2018-05-04 11:44:59 Utilization: command [options] [arguments] Choices: -h, --help Show this assist message -q, --quiet Don't output any message -V, --version Show this utility edition --ansi Pressure ANSI output --no-ansi Disable ANSI output -n, --no-interaction Don't ask any interactive query --profile Show timing and reminiscence utilization data --no-plugins Whether or not to disable plugins. -d, --working-dir=WORKING-DIR If specified, use the given listing as operating listing. -v|vv|vvv, --verbose Build up the verbosity of messages: 1 for standard output, 2 for extra verbose output and three for debug . . .

This verifies that Composer put in effectively for your method and is to be had system-wide.

Word: If you desire to have separate Composer executables for each and every task you host in this server, you’ll be able to set up it in the community, on a per-project foundation. Customers of NPM will probably be conversant in this manner. This system could also be helpful when your method person does not have permission to put in instrument system-wide.

To do that, use the command php composer-setup.php. This will likely generate a composer.phar report to your present listing, which may also be done with ./composer.phar command.

Now let’s take a look at the use of Composer to regulate dependencies.

Step 3 — The usage of Composer in a PHP Venture

PHP tasks ceaselessly rely on exterior libraries, and managing the ones dependencies and their variations may also be tough. Composer solves that via monitoring your dependencies and making it simple for others to put in them.

In an effort to use Composer to your task, you’ll be able to want a composer.json report. The composer.json report tells Composer which dependencies it must obtain on your task, and which variations of each and every bundle are allowed to be put in. That is extraordinarily necessary to stay your task constant and steer clear of putting in risky variations that might probably reason backwards compatibility problems.

You do not wish to create this report manually – it is simple to run into syntax mistakes while you accomplish that. Composer auto-generates the composer.json report while you upload a dependency on your task the use of the require command. You’ll be able to upload further dependencies in the similar approach, with out the wish to manually edit this report.

The method of the use of Composer to put in a bundle as dependency in a task comes to the next steps:

  • Establish what sort of library the applying wishes.
  • Analysis an acceptable open supply library on, the legit bundle repository for Composer.
  • Make a selection the bundle you wish to have to rely on.
  • Run composer require to incorporate the dependency within the composer.json report and set up the bundle.

Let’s do this out with a demo utility.

The purpose of this utility is to grow to be a given sentence right into a URL-friendly string – a slug. That is repeatedly used to transform web page titles to URL paths (like the general portion of the URL for this educational).

Let’s get started via making a listing for our task. We will name it slugify:

  • cd ~
  • mkdir slugify
  • cd slugify

Now it is time to seek for a bundle that may assist us generate slugs. When you seek for the time period “slug” on Packagist, you’ll be able to get a end result very similar to this:

Packagist Search: easy-slug/easy-slug, muffin/slug, ddd/slug, zelenin/slug, webcastle/slug, anomaly/slug-field_type

You can see two numbers at the proper aspect of each and every bundle within the record. The quantity at the most sensible represents how again and again the bundle used to be put in, and the quantity at the backside displays how again and again a bundle used to be starred on GitHub. You’ll be able to reorder the hunt effects in keeping with those numbers (search for the 2 icons at the proper aspect of the hunt bar). Most often talking, programs with extra installations and extra stars have a tendency to be extra solid, since such a lot of persons are the use of them. Additionally it is necessary to test the bundle description for relevance to verify it is what you wish to have.

We’d like a easy string-to-slug converter. From the hunt effects, the bundle cocur/slugify appears to be a excellent fit, with an affordable quantity of installations and stars. (The bundle is a little additional down the web page than the screenshot displays.)

Programs on Packagist have a supplier title and a bundle title. Each and every bundle has a novel identifier (a namespace) in the similar structure GitHub makes use of for its repositories, within the shape supplier/bundle. The library we need to set up makes use of the namespace cocur/slugif. You want the namespace with a purpose to require the bundle to your task.

Now that you understand precisely which bundle you wish to have to put in, run composer require to incorporate it as a dependency and likewise generate the composer.json report for the task:

  • composer require cocur/slugify

You can see this output as Composer downloads the dependency:


The usage of edition ^3.1 for cocur/slugify ./composer.json has been created Loading composer repositories with bundle data Updating dependencies (together with require-dev) Bundle operations: 1 set up, Zero updates, Zero removals - Putting in cocur/slugify (v3.1): Downloading (100%) Writing lock report Producing autoload recordsdata

As you’ll be able to see from the output, Composer routinely determined which edition of the bundle to make use of. When you test your task’s listing now, it is going to include two new recordsdata: composer.json and composer.lock, and a supplier listing:


general 12 -rw-rw-r-- 1 sammy sammy 59 Jul 11 16:40 composer.json -rw-rw-r-- 1 sammy sammy 2934 Jul 11 16:40 composer.lock drwxrwxr-x Four sammy sammy 4096 Jul 11 16:40 supplier

The composer.lock report is used to retailer details about which variations of each and every bundle are put in, and make sure the similar variations are used if any individual else clones your task and installs its dependencies. The supplier listing is the place the task dependencies are situated. The supplier folder does not wish to be dedicated into edition regulate – you handiest wish to come with the composer.json and composer.lock recordsdata.

When putting in a task that already incorporates a composer.json report, run composer set up with a purpose to obtain the task’s dependencies.

Let’s take a handy guide a rough have a look at edition constraints. When you test the contents of your composer.json report, you’ll be able to see one thing like this:


{ "require": { "cocur/slugify": "^3.1" } } sam

You may realize the particular persona ^ ahead of the edition quantity in composer.json. Composer helps a number of other constraints and codecs for outlining the specified bundle edition, with a purpose to supply flexibility whilst additionally protecting your task solid. The caret (^) operator utilized by the auto-generated composer.json report is the advisable operator for max interoperability, following semantic versioning. On this case, it defines 3.1 because the minimal appropriate edition, and permits updates to any long run edition underneath 4.0.

Most often talking, you will not wish to tamper with edition constraints to your composer.json report. Alternatively, some eventualities would possibly require that you just manually edit the limitations–for example, when a significant new edition of your desired library is launched and you wish to have to improve, or when the library you wish to have to make use of does not practice semantic versioning.

Listed below are some examples to come up with a greater figuring out of ways Composer edition constraints paintings:

ConstraintWhich meansInstance Variations Allowed
^1.0>= 1.01.0, 1.2.3, 1.9.9
^1.1.0>=, 1.5.6, 1.9.9
~1.0>= 1.01.0, 1.4.1, 1.9.9
~1.0.0>=, 1.0.4, 1.0.9
1.*>=, 1.4.5, 1.9.9
1.2.*>=, 1.2.3, 1.2.9

For a closer view of Composer edition constraints, see the official documentation.

Subsequent, let’s take a look at tips on how to load dependencies routinely with Composer.

Step 4 — Together with the Autoload Script

Since PHP itself does not routinely load categories, Composer supplies an autoload script that you’ll be able to come with to your task to get autoloading at no cost. This makes it a lot more straightforward to paintings together with your dependencies.

The one factor you wish to have to do is come with the supplier/autoload.php report to your PHP scripts ahead of any magnificence instantiation. This report is routinely generated via Composer while you upload your first dependency.

Let’s check it out in our utility. Create the report take a look at.php and open it to your textual content editor:

Upload the next code which brings within the supplier/autoload.php report, a lot the cocur/slugify dependency, and makes use of it to create a slug:

take a look at.php

slugify('Hi Global, it is a lengthy sentence and I wish to make a slug from it!');

Save the report and go out your editor.

Now run the script:

This produces the output hello-world-this-is-a-long-sentence-and-i-need-to-make-a-slug-from-it.

Dependencies want updates when new variations pop out, so let’s take a look at tips on how to care for that.

Step 5 — Updating Venture Dependencies

Every time you wish to have to replace your task dependencies to more moderen variations, run the replace command:

This will likely test for more moderen variations of the libraries you required to your task. If a more moderen edition is located and it is appropriate with the edition constraint outlined within the composer.json report, Composer will substitute the former edition put in. The composer.lock report will probably be up to date to mirror those adjustments.

You’ll be able to additionally replace a number of particular libraries via specifying them like this:

  • composer replace supplier/bundle vendor2/package2

Make sure to test to your composer.json and composer.lock recordsdata after you replace your dependencies in order that others can set up those more moderen variations.


Composer is a formidable device each PHP developer must have of their application belt. On this educational you put in Composer and used it in a easy task. You currently understand how to put in and replace dependencies.

Past offering a very simple and dependable approach for managing task dependencies, it additionally establishes a brand new de facto same old for sharing and finding PHP programs created via the neighborhood.