Master Composer: Dependency Management, Autoloading, and Global Configuration for PHP

Overview

Composer is a dependency management tool for PHP that lets developers declare required libraries in a composer.json file and automatically installs them, improving project stability and maintainability.

Main Features

Dependency Management

Automatically downloads and installs required libraries and frameworks, ensuring compatibility.

Dependencies and versions are specified in composer.json; Composer resolves and installs them.

Version Locking

Uses composer.lock to lock exact versions, guaranteeing reproducible installs.

Prevents version conflicts and ensures consistency across environments.

Autoloading

Provides autoloading based on the dependency graph, removing manual include statements.

Improves code readability and maintainability.

Extension Development

Supports publishing and managing PHP extensions via Composer.

Tool Integration

Integrates with PHPUnit, Travis CI, Packagist and other tools.

How It Works

Composer resolves package and library requirements defined in composer.json against repositories such as Packagist, downloads the appropriate versions, and generates a composer.lock file to lock those versions.

Installation

Download and install Composer:

curl -sS https://getcomposer.org/installer | php

Move and rename the binary: mv composer.phar /usr/local/bin/composer Check the installed version:

composer -v

Domestic Mirrors

For faster access in China, use one of the following mirrors:

Aliyun: https://developer.aliyun.com/composer

Tencent Cloud: https://mirrors.cloud.tencent.com/composer/

Huawei Cloud: https://mirrors.huaweicloud.com/repository/php/

Shanghai Jiao Tong University: https://packagist.mirrors.sjtug.sjtu.edu.cn

Packagist JP: https://packagist.jp

Global Configuration (Recommended)

Set a mirror for all projects:

composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/

Remove the global configuration:

composer config -g --unset repos.packagist

Project‑Specific Configuration

Configure a single project to use a mirror:

composer config repo.packagist composer https://mirrors.aliyun.com/composer/

Remove the project configuration: composer config --unset repos.packagist View the current configuration:

composer config -gl

Directly Requiring a Third‑Party Package

Install a package without prior configuration: composer require --dev phpunit/phpunit If composer.json does not exist, Composer creates one automatically:

{
    "require-dev": {
        "phpunit/phpunit": "^9.6"
    }
}

Installing/Updating Packages from composer.json

Run the following commands inside the project directory: composer install or

composer update

To install or update only a specific library, use composer install vendor/package or composer update vendor/package .

composer.lock File

Why It Is Needed

Locking exact dependency versions prevents divergent environments from pulling different versions, which can cause hard‑to‑track bugs.

How It Works

On the first composer install, Composer resolves the requirements, installs the packages, and writes the resolved versions to composer.lock. Subsequent installs read composer.lock and install the exact versions, ignoring version constraints in composer.json unless the lock file is updated.

Updating Dependencies

Running composer update re‑resolves requirements, updates the lock file, and fetches newer versions.

Committing composer.lock

Because composer.lock guarantees consistent builds, it should be committed to version control (e.g., Git) so every team member and CI environment uses identical dependency versions.