2012-02-18 17:11:00 +00:00
|
|
|
# Basic usage
|
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
## Introduction
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
If you have not yet installed Composer, refer to the [Intro](00-intro.md)
|
|
|
|
chapter. For our basic usage introduction, we will be installing
|
|
|
|
`monolog/monolog`, a logging library. Note that for the sake of simplicity,
|
|
|
|
this introduction will assume you have performed a [local](00-intro.md#locally)
|
|
|
|
install of Composer.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-03-14 03:07:22 +00:00
|
|
|
## `composer.json`: Project Setup
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-03-15 12:53:34 +00:00
|
|
|
To start using Composer in your project, all you need is a `composer.json`
|
2012-02-20 10:08:18 +00:00
|
|
|
file. This file describes the dependencies of your project and may contain
|
2012-02-18 17:11:00 +00:00
|
|
|
other metadata as well.
|
|
|
|
|
2012-03-14 03:07:22 +00:00
|
|
|
### The `require` Key
|
|
|
|
|
2012-02-18 17:11:00 +00:00
|
|
|
The first (and often only) thing you specify in `composer.json` is the
|
2012-03-15 12:53:34 +00:00
|
|
|
`require` key. You're simply telling Composer which packages your project
|
2012-02-18 17:11:00 +00:00
|
|
|
depends on.
|
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```json
|
|
|
|
{
|
|
|
|
"require": {
|
|
|
|
"monolog/monolog": "1.0.*"
|
2012-02-18 17:11:00 +00:00
|
|
|
}
|
2014-05-19 10:17:07 +00:00
|
|
|
}
|
|
|
|
```
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
As you can see, `require` takes an object that maps **package names**
|
|
|
|
(e.g. `monolog/monolog`) to **version constraints** (e.g. `1.0.*`).
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-03-14 03:07:22 +00:00
|
|
|
### Package Names
|
2012-02-18 17:11:00 +00:00
|
|
|
|
|
|
|
The package name consists of a vendor name and the project's name. Often these
|
2015-06-22 14:24:59 +00:00
|
|
|
will be identical - the vendor name just exists to prevent naming clashes. It
|
|
|
|
allows two different people to create a library named `json`, which would then
|
|
|
|
just be named `igorw/json` and `seldaek/json`.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
|
|
|
Here we are requiring `monolog/monolog`, so the vendor name is the same as the
|
|
|
|
project's name. For projects with a unique name this is recommended. It also
|
|
|
|
allows adding more related projects under the same namespace later on. If you
|
|
|
|
are maintaining a library, this would make it really easy to split it up into
|
|
|
|
smaller decoupled parts.
|
|
|
|
|
2012-03-14 03:07:22 +00:00
|
|
|
### Package Versions
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
In the previous example we were requiring version
|
|
|
|
[`1.0.*`](http://semver.mwl.be/#?package=monolog%2Fmonolog&version=1.0.*) of
|
|
|
|
monolog. This means any version in the `1.0` development branch. It is the
|
|
|
|
equivalent of saying versions that match `>=1.0 <1.1`.
|
|
|
|
|
|
|
|
Version constraints can be specified in several ways, read
|
|
|
|
[versions](articles/versions.md) for more in-depth information on this topic.
|
2014-09-25 13:27:10 +00:00
|
|
|
|
2013-10-01 23:11:53 +00:00
|
|
|
### Stability
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
By default only stable releases are taken into consideration. If you would
|
|
|
|
like to also get RC, beta, alpha or dev versions of your dependencies you can
|
|
|
|
do so using [stability flags](04-schema.md#package-links). To change that for
|
|
|
|
all packages instead of doing per dependency you can also use the
|
2012-12-08 19:50:48 +00:00
|
|
|
[minimum-stability](04-schema.md#minimum-stability) setting.
|
|
|
|
|
2015-06-30 09:57:32 +00:00
|
|
|
If you are using range comparisons when selecting non-stable packages, and you
|
|
|
|
specify a numeric version number (that is, no suffix indicating alpha, beta,
|
|
|
|
rc, or stable), then both non-stable and stable versions of a particular
|
|
|
|
release number will be treated as equally valid.
|
|
|
|
|
|
|
|
* `>=`/`<=` will accept non-stable releases as well as the stable release.
|
|
|
|
* `<`/`>` will reject non-stable releasese as well as the stable release.
|
|
|
|
|
|
|
|
If you wish to consider only the stable release in the comparison, add the
|
|
|
|
suffix `-stable` to the version number.
|
|
|
|
|
|
|
|
Here are some examples:
|
|
|
|
|
|
|
|
Example | Interpretation
|
|
|
|
--------------- | --------------
|
|
|
|
`>=1.0.0` | Any release, stable or non-, of 1.0.0 will be allowed
|
|
|
|
`>=1.0.0-stable` | Only the stable release of 1.0.0 will be allowed
|
|
|
|
`<2.0.0` | Neither release, stable or non-, of 2.0.0 will be allowed
|
|
|
|
`<2.0.0-stable` | Only the stable release of 2.0.0 will be disallowed; non-stable releases will be allowed
|
|
|
|
|
|
|
|
Note that the packages matched by these constraints are still checked against
|
|
|
|
the `minimum-stability` setting and each package's stability flags.
|
|
|
|
|
2015-04-14 07:21:48 +00:00
|
|
|
### Test version constraints
|
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
You can test version constraints using [semver.mwl.be](http://semver.mwl.be).
|
|
|
|
Fill in a package name and it will autofill the default version constraint
|
|
|
|
which Composer would add to your `composer.json` file. You can adjust the
|
|
|
|
version constraint and the tool will highlight all releases that match.
|
2015-04-14 07:21:48 +00:00
|
|
|
|
2012-03-14 03:07:22 +00:00
|
|
|
## Installing Dependencies
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
To install the defined dependencies for your project, just run the
|
|
|
|
`install` command.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```sh
|
|
|
|
php composer.phar install
|
|
|
|
```
|
2012-02-18 17:11:00 +00:00
|
|
|
|
|
|
|
This will find the latest version of `monolog/monolog` that matches the
|
2012-04-16 09:48:12 +00:00
|
|
|
supplied version constraint and download it into the `vendor` directory.
|
2012-02-18 17:11:00 +00:00
|
|
|
It's a convention to put third party code into a directory named `vendor`.
|
|
|
|
In case of monolog it will put it into `vendor/monolog/monolog`.
|
|
|
|
|
2012-02-26 11:40:35 +00:00
|
|
|
> **Tip:** If you are using git for your project, you probably want to add
|
2015-06-22 14:24:59 +00:00
|
|
|
> `vendor` in your `.gitignore`. You really don't want to add all of that
|
2012-02-26 11:40:35 +00:00
|
|
|
> code to your repository.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
You will notice the `install` command also created a `composer.lock` file.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-03-14 05:25:17 +00:00
|
|
|
## `composer.lock` - The Lock File
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-03-15 12:53:34 +00:00
|
|
|
After installing the dependencies, Composer writes the list of the exact
|
2012-02-18 17:11:00 +00:00
|
|
|
versions it installed into a `composer.lock` file. This locks the project
|
|
|
|
to those specific versions.
|
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
**Commit your application's `composer.lock` (along with `composer.json`)
|
|
|
|
into version control.**
|
2012-03-14 03:07:22 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
This is important because the `install` command checks if a lock file is
|
|
|
|
present, and if it is, it downloads the versions specified there (regardless
|
|
|
|
of what `composer.json` says).
|
2013-04-08 16:15:08 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
This means that anyone who sets up the project will download the exact same
|
|
|
|
version of the dependencies. Your CI server, production machines, other
|
|
|
|
developers in your team, everything and everyone runs on the same dependencies,
|
|
|
|
which mitigates the potential for bugs affecting only some parts of the
|
|
|
|
deployments. Even if you develop alone, in six months when reinstalling the
|
|
|
|
project you can feel confident the dependencies installed are still working even
|
|
|
|
if your dependencies released many new versions since then.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-06-21 08:12:27 +00:00
|
|
|
If no `composer.lock` file exists, Composer will read the dependencies and
|
2015-06-22 14:24:59 +00:00
|
|
|
versions from `composer.json` and create the lock file after executing the
|
|
|
|
`update` or the `install` command.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
This means that if any of the dependencies get a new version, you won't get the
|
|
|
|
updates automatically. To update to the new version, use the `update` command.
|
|
|
|
This will fetch the latest matching versions (according to your `composer.json`
|
|
|
|
file) and also update the lock file with the new version.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```sh
|
|
|
|
php composer.phar update
|
|
|
|
```
|
2015-06-22 14:24:59 +00:00
|
|
|
> **Note:** Composer will display a Warning when executing an `install` command
|
|
|
|
> if `composer.lock` and `composer.json` are not synchronized.
|
|
|
|
|
2013-04-08 16:15:08 +00:00
|
|
|
If you only want to install or update one dependency, you can whitelist them:
|
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```sh
|
|
|
|
php composer.phar update monolog/monolog [...]
|
|
|
|
```
|
2013-04-08 16:15:08 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
> **Note:** For libraries it is not necessarily recommended to commit the lock
|
|
|
|
> file, see also: [Libraries - Lock file](02-libraries.md#lock-file).
|
2012-03-27 20:49:35 +00:00
|
|
|
|
2012-02-18 17:15:57 +00:00
|
|
|
## Packagist
|
|
|
|
|
2012-11-08 14:08:02 +00:00
|
|
|
[Packagist](https://packagist.org/) is the main Composer repository. A Composer
|
2012-03-14 03:07:22 +00:00
|
|
|
repository is basically a package source: a place where you can get packages
|
2012-02-20 10:08:18 +00:00
|
|
|
from. Packagist aims to be the central repository that everybody uses. This
|
2015-06-22 14:24:59 +00:00
|
|
|
means that you can automatically `require` any package that is available there.
|
2012-02-18 17:15:57 +00:00
|
|
|
|
2012-11-08 14:08:02 +00:00
|
|
|
If you go to the [packagist website](https://packagist.org/) (packagist.org),
|
2012-02-20 10:08:18 +00:00
|
|
|
you can browse and search for packages.
|
2012-02-18 17:15:57 +00:00
|
|
|
|
2012-03-15 12:53:34 +00:00
|
|
|
Any open source project using Composer should publish their packages on
|
2015-06-22 14:24:59 +00:00
|
|
|
packagist. A library doesn't need to be on packagist to be used by Composer, but
|
|
|
|
it makes life quite a bit simpler.
|
2012-02-18 17:15:57 +00:00
|
|
|
|
2012-02-18 17:11:00 +00:00
|
|
|
## Autoloading
|
|
|
|
|
2012-04-13 10:06:53 +00:00
|
|
|
For libraries that specify autoload information, Composer generates a
|
2015-06-22 14:24:59 +00:00
|
|
|
`vendor/autoload.php` file. You can simply include this file and you will get
|
|
|
|
autoloading for free.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```php
|
|
|
|
require 'vendor/autoload.php';
|
|
|
|
```
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
This makes it really easy to use third party code. For example: If your project
|
|
|
|
depends on monolog, you can just start using classes from it, and they will be
|
|
|
|
autoloaded.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```php
|
|
|
|
$log = new Monolog\Logger('name');
|
|
|
|
$log->pushHandler(new Monolog\Handler\StreamHandler('app.log', Monolog\Logger::WARNING));
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
$log->addWarning('Foo');
|
|
|
|
```
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-02-26 11:40:35 +00:00
|
|
|
You can even add your own code to the autoloader by adding an `autoload` field
|
2012-02-20 10:08:18 +00:00
|
|
|
to `composer.json`.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```json
|
|
|
|
{
|
|
|
|
"autoload": {
|
|
|
|
"psr-4": {"Acme\\": "src/"}
|
2012-02-18 17:11:00 +00:00
|
|
|
}
|
2014-05-19 10:17:07 +00:00
|
|
|
}
|
|
|
|
```
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-01-03 15:46:56 +00:00
|
|
|
Composer will register a [PSR-4](http://www.php-fig.org/psr/psr-4/) autoloader
|
|
|
|
for the `Acme` namespace.
|
2012-04-13 10:06:53 +00:00
|
|
|
|
|
|
|
You define a mapping from namespaces to directories. The `src` directory would
|
2012-07-17 13:13:13 +00:00
|
|
|
be in your project root, on the same level as `vendor` directory is. An example
|
2014-01-03 15:46:56 +00:00
|
|
|
filename would be `src/Foo.php` containing an `Acme\Foo` class.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
After adding the `autoload` field, you have to re-run `dump-autoload` to
|
|
|
|
re-generate the `vendor/autoload.php` file.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2012-02-26 11:40:35 +00:00
|
|
|
Including that file will also return the autoloader instance, so you can store
|
|
|
|
the return value of the include call in a variable and add more namespaces.
|
|
|
|
This can be useful for autoloading classes in a test suite, for example.
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-05-19 10:17:07 +00:00
|
|
|
```php
|
|
|
|
$loader = require 'vendor/autoload.php';
|
|
|
|
$loader->add('Acme\\Test\\', __DIR__);
|
|
|
|
```
|
2012-02-18 17:11:00 +00:00
|
|
|
|
2014-01-03 15:46:56 +00:00
|
|
|
In addition to PSR-4 autoloading, classmap is also supported. This allows
|
2015-06-22 14:24:59 +00:00
|
|
|
classes to be autoloaded even if they do not conform to PSR-4. See the [autoload
|
|
|
|
reference](04-schema.md#autoload) for more details.
|
2012-04-13 10:06:53 +00:00
|
|
|
|
2015-06-22 14:24:59 +00:00
|
|
|
> **Note:** Composer provides its own autoloader. If you don't want to use that
|
|
|
|
> one, you can just include `vendor/composer/autoload_*.php` files, which return
|
|
|
|
> associative arrays allowing you to configure your own autoloader.
|
2012-03-07 16:35:53 +00:00
|
|
|
|
2012-03-08 05:41:29 +00:00
|
|
|
← [Intro](00-intro.md) | [Libraries](02-libraries.md) →
|