Composer, an administrator to install dependencies in PHP projects

Few days ago the launch of the new version of Composer 2.0 was announced, which is an administrator to install dependencies in PHP projects.

Compose, stands out for allowing to the user the determine which function libraries are required for the project to work, after which it takes care of the job of installing missing dependencies and updating new versions.

The libraries available for installation are in the Packagist repository, which contains more than 287 thousand packages.

About Composer

Composer is positioned as a dependency installation system designed with npm and bundler package managers in mind in the Node.js and Ruby communities.

The system operates packages in relation to specific projects and it is designed to install dependencies on local project directories (as an option, there is also a global installation mode for the whole system).

By default, stable library installation is suggested, but it is also possible to use experimental updates (alpha / beta) and snapshots (snapshots of the development codebase), which are useful for organizing test builds on continuous integration systems.

The Composer code is written in PHP and is distributed under the MIT license.

About the new version of Composer 2.0

In the new version major performance optimizations have been made and memory consumption has been reduced. A lot has been reworked, from the protocol to call down to methods for determining dependencies.

The upload is provided in various metadata streams and zip files, plus the mode of parallel installation of packages was implemented. Optimizations have been added to the code for calculations. By uploading only the package metadata, require and / or remove operations and partial updates are significantly sped up. In some projects an acceleration of up to 50% is observed.

The mechanism for updating dependencies has been reworked, which is free of bindings to the state of the directory on the local file system. After completing the upgrade, the installation process now automatically begins with the preliminary execution of all operations that require network access.

Performing network operations before the actual installation begins eliminates the appearance of incompletely updated directories in the event of a network failure during the installation process. Whenever possible, network downloads are multi-threaded.

By default, an additional platform verification stage is added to runtime when initializing vendor / autoload.php, which verify that the PHP version and extensions used match the versions supported in the dependencies. If there is a discrepancy, an error is displayed.

Validation is done using the new Composer \ InstalledVersions class, which is loaded for each project to determine what packages and versions are available in the project.

Also, it is mentioned that reworked error messages related to dependency detection issues. These messages are shorter, clearer, and with fewer duplicates.

To temporarily limit versions during the upgrade, use the construct "Composer update vendor / package: 1.0. * ", Which will not change the content of the block in" composer.json and will not mark the locked file as obsolete.

Of the other changes that stand out in this new version:

  • Added support for time-limited partial updates, which can be used when you need to temporarily update or roll back a version of a package to test or wait for a bug fix. Automatic removal of packages that are no longer needed has been implemented.
  • Only new options, exclude and canonical have been added to the repository.
  • New events were added before operations, execution, pre-group creation, and post-file download.
  • A large number of new flags have been added.

Finally, if you are interested in knowing more about this new version, you can consult the details In the following link.

On the other hand, if you want to consult the documentation, you can do it from this link.

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.