089972db87
This will simplify secure installation of composer in GitHub Actions to two
calls to `gh` cli with no need to manually import any PGP signing keys:
gh release --repo composer/composer download --pattern composer.phar
gh attestation verify --repo composer/composer composer.phar
Given that the current PGP signing key is stored as a GitHub Action secret,
this type of attestation is no less secure than the existing PGP signing.
|
||
|---|---|---|
| .github | ||
| bin | ||
| doc | ||
| phpstan | ||
| res | ||
| src | ||
| tests | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .php-cs-fixer.php | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| LICENSE | ||
| PORTING_INFO | ||
| README.md | ||
| UPGRADE-2.0.md | ||
| composer.json | ||
| composer.lock | ||
| phpunit.xml.dist | ||
README.md
Dependency Management for PHP
Composer helps you declare, manage, and install dependencies of PHP projects.
See https://getcomposer.org/ for more information and documentation.
Installation / Usage
Download and install Composer by following the official instructions.
For usage, see the documentation.
Packages
Find public packages on Packagist.org.
For private package hosting take a look at Private Packagist.
Community
Follow @packagist or @seldaek on Twitter for announcements, or check the #composerphp hashtag.
For support, Stack Overflow offers a good collection of Composer related questions, or you can use the GitHub discussions.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project and its community you agree to abide by those terms.
Requirements
Latest Composer
PHP 7.2.5 or above for the latest version.
Composer 2.2 LTS (Long Term Support)
PHP versions 5.3.2 - 8.1 are still supported via the LTS releases of Composer (2.2.x). If you
run the installer or the self-update command the appropriate Composer version for your PHP
should be automatically selected.
Binary dependencies
7z(or7zz)unzip(if7zis missing)gziptarunrarxz- Git (
git) - Mercurial (
hg) - Fossil (
fossil) - Perforce (
p4) - Subversion (
svn)
It's important to note that the need for these binary dependencies may vary
depending on individual use cases. However, for most users, only 2 dependencies
are essential for Composer: 7z (or 7zz or unzip), and git.
Authors
- Nils Adermann | GitHub | Twitter | naderman@naderman.de | naderman.de
- Jordi Boggiano | GitHub | Twitter | j.boggiano@seld.be | seld.be
See also the list of contributors who participated in this project.
Security Reports
Please send any sensitive issue to security@packagist.org. Thanks!
License
Composer is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- This project's Solver started out as a PHP port of openSUSE's Libzypp satsolver.