Composer with PHP

Many PHP projects are now starting to use Composer, a tool for dependency management. Here we look at how to create a project using Composer with PHP, including downloading, installing and running composer commands.

To start with, why is Composer used by so many developers? Well, let’s say you have a project that requires you to have specific library, for example Zend Framework. Zend Framework then requires a specific version of PHP. These dependencies can be managed with Composer.

Download and Install

Downloading and installing Composer is simple. Simply head to the Composer download page, and run the commands suggested on the page.

If you have installed it correctly, you should be able to run the following command that will list the options available for the composer.phar command.

$ php composer.phar --help

Usage

To start using composer in your own project, the minimum requirement is for you to include a composer.json file within your project. This lets Composer know that your project depends on a library.

The composer.json file might look like the following.

{
    "require": {
        "zendframework/zendframework": "3.0.*"
    }
}

Here we are using the require key, that takes an object that maps package names to version constraints. In the above example, we’re stating that the project requires Zend Framework 3.0.*.

The zendframework/zendframework is the name of the repository. Composer will look for this repository firstly under a repositories key in the composer.json file. If this doesn’t exist, it is assumed that zendframework/zendframework is a package registered on Packagist.

Install the Dependencies

To install these dependencies, run the install command.

$ php composer.phar install

In the example above, the zendframework/zendframework repository will be added to the project. If the Zend Framework repository itself has dependencies listed, these will also be installed.

The installed repositories are stored within the vendor directory of your project.

You may also notice that a composer.lock is generated after running the install command. This lock file writes the packages and their versions downloaded into this file, and essentially locks the projects into using those versions.

If the project is being used by other developers and you’re using a VCS, you should commit this file so that other developers are locked into using the same package versions for the project.

There may be cases where you run the composer install command, whilst a composer.lock file already exists. This scenario may occur if another developer has worked on the same project, run the install command and committed the composer.lock file.

This is fine, as Composer uses the exact versions listed in composer.lock to ensure that the repository versions are consistent for every person working on your project. So when running the install command with a composer.lock file present, you will have all dependencies requested by your composer.json file, but they may not all be at the very latest available versions due to the versions listed in the lock file.

Update the Dependencies

Should you wish to update the versions of your dependencies, you can run the update command.

$ php composer.phar update

If you only wish to update the versions of specific dependencies, you can run the update command passing in the name of the repository.

$ php composer.phar update zendframework/zendframework

Composer generates an autoload.php file when running the install command, located within the vendor directory. You can include this file in your project and start including the classes that the repositories provide.

// /path/to/project/index.php

include __DIR__ . '/vendor/autoload.php';
$logger = new Zend\Log\Logger();

// Do something with the Logger class below