Composer Chinese Documentation
Composer command full analysis
Common commands
mirror image
Configure China Mirror
composer config -g repo.packagist composer https://packagist.phpcomposer.com
Configure other vendor mirrors
Alibaba Cloud (it seems to be disabled)
composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/
Tencent
composer config -g repo.packagist composer https://mirrors.cloud.tencent.com/composer/
Huawei
composer config -g repo.packagist composer https://repo.huaweicloud.com/repository/php/
Unmirror
composer config -g --unset repos.packagist
project
search item
composer search ThinkPHP
create project
composer create-project topthink/ThinkPHP=5.1.* ./tp5
install extension
composer require laravel/laravel ">=5.5"
remove extension
composer remove laravel/laravel
Production Best Practices
Convert PSR-0/4 autoloading to classmap for faster loading, disable developer mode
composer dump-autoload -o --no-dev
autoload autoload
Currently supports four automatic loading methods:
PSR-0
The PSR-0 specification is a namespace mapping specification before PHP5.2, which specifies the correspondence between namespaces and file paths as follows
- Each underscore character (_) in the namespace is converted to a directory separator (/);
- Each namespace separator (\) in the namespace will be converted to a directory separator (/);
- Initial letters and underscore characters in namespaces are converted to lowercase letters in directory names and file names;
- The filename for each class must match the class name exactly, including capitalization.
"psr-0" : {
"Foo\\" : "psr0src/",
#
"Foo_Bar_" : "psr0src/"
},
After composer install/update, all PSR-0 references are merged into vendor/composer/autoload_namespaces.php
PSR-4
The PSR-4 specification is a newer namespace mapping specification, which differs from the PSR-0 specification in that:
The underscore character in the namespace is no longer treated specially, only the namespace separator (\) will be converted into a directory separator (/); the
first letter and the underscore character in the namespace are no longer forced to be converted to lowercase letters;
the class The file name and class name of the file may not be exactly the same, but must meet the corresponding relationship between relative file path and class name
"psr-4": {
#查找Afishpapa\Httptool\Http类时的路径为src/Http.php
"Afishpapa\\Httptool\\": "src/"
#可以在src/和lib/ 下面找 Monolog命名空间下的类
"psr-4": {
"Monolog\\": ["src/", "lib/"] }
#所有命名空间都来src/目录下找
"" : "src/"
}
After composer install/update, all PSR-4 references are merged into vendor/composer/automoad_psr4.php.
return array(
'Afishpapa\\Httptool\\' => array($baseDir . '/src'),
);
Classmap
After composer install/update, all PSR-4 references are merged into vendor/composer/autoload_classmap.php.
You can use classmap to generate non-PSR-0/4-compliant class libraries that support custom loading.
Files
Usually used as a way to load a function library (rather than a class library).
{
"autoload": {
"files": ["src/MyLibrary/functions.php"]
}
}
global configuration
-v : Increase the detail level of the message, output normally
-vv : Increase the detail level of the message, output in more detail
-vvv : Increase the detail level of the message, use -h for debug
: display help
-q : do not display any information
-n : Don't ask any interactive questions
-d : set working directory
–ansi: force output ANSI encoding
–no-ansi: disable ANSI encoding
–version (-V): show all application versions
–profile: show time and memory information
Common configuration
--prefer-install: The default value is dist
dist: Check the local cache compressed package, if there is a direct copy to the vendor directory, if the local cache does not, go to the remote warehouse to download the compressed package, if the remote warehouse does not provide a compressed package, try to download it from github Install the package in , and delete the .git version information. In short, dist can quickly download and install dependent packages, which is suitable for most production environments.
source: Download the source code directly from github, keep the .git information, if you need to make custom modifications to the package or require a special build process, you should use source.
auto: deprecated since version 2.1
-o: generate an optimized version of the autoloader file for faster class loading.
-a: By default, Composer will generate an autoloader based on the PSR-4 and PSR-0 configuration in composer.json, use the --classmap-authoritative option to allow Composer to ignore the PSR-4 and PSR-0 configuration, and Generate a class map directly from the class file and use it as the only source for the autoloader. It should be noted that using the --classmap-authoritative option may cause some problems, such as the need to regenerate the class map table when adding a new class file, otherwise the newly added class cannot be loaded by the autoloader. Therefore, it is recommended to use this option in the development environment to improve performance, but do not use it in the production environment to avoid problems.
--dry-run: Perform a dry run of the installation process without actually downloading or installing any packages.
–dev: Install development dependencies, including testing frameworks and debugging tools, etc.
composer init
Initialize composer interactively
–name: package name, the format is author/name, such as monolog/monolog
–description: short description
–author: author name
–type: package installation type, default library
library: it will simply copy the file to the vendor directory
project: The current package is a project, not a library
metapackage: an empty package that contains dependencies and needs to trigger the installation of dependencies, which will not write additional files to the system.
composer-plugin : It has a custom installer type that provides an installer for other packages.
–homepage: official website homepage
–require: import package, the format is package: version foo/bar:1.0.0
–require-dev: development components
-s: minimum stability value dev stable
–license (-l): license
–repository: Specify one or more Composer warehouses
-a: Add an object of autoload.psr-4 to composer.json
composer install
If there is a composer.lock file, it will read the dependency version from this file, which ensures that every consumer of the library will get the same dependency version.
If there is no composer.lock file, it will read the dependency version from the composer.json file and install it into the vendor directory.
If there is no composer.lock file, composer will create it after processing dependencies.
composer require
Add a package to the composer.json file, or create one if there is no composer.json
# 该命令会安装两个不同的软件包
# vendor/package:2.* : 版本号以 2. 开头,后面跟着任何版本号。
# vendor/package2:dev-master : 使用 dev-master 分支。这意味着它将安装该分支的最新版本,通常是开发版本,不属于正式发布。
composer require "vendor/package:2.*" vendor/package2:dev-master
composer update
Get latest version of dependencies
# 只更新这两个包vendor/package vendor/package2
composer update vendor/package vendor/package2
# 更新符合正则匹配的包
composer update "vendor/*"
# 更新依赖包到指定版本,需符合composer.json的约束
composer update --with vendor/package:2.0.1
composer remove
Remove dependencies
# 移除这两个包
composer remove vendor/package vendor/package2
composer reinstall
重装包,如果不小心改了包文件,可以使用重装命令恢复
# 重装两个包
composer reinstall acme/foo acme/bar
# 重装正则匹配的包
composer.phar reinstall "acme/*"
composer check-platform-reqs
Used to check that your PHP and extension versions meet the platform requirements of the installed package
--lock: 仅从锁定文件中检查要求,而不是从已安装的包中检查要求。
--no-dev: 不检查 require-dev 包要求。
-f: 格式
> composer check-platform-reqs
Checking platform requirements for packages in the vendor dir
ext-json 1.7.0 success
ext-libxml 7.3.4 success
ext-mbstring 7.3.4 success
ext-openssl 7.3.4 success
ext-simplexml 7.3.4 success
php 7.3.4 success
composer global
global allows you to run other commands globally like install, remove, require, update
composer search monolog
Search dependencies
-N : only search package name
-O : only search author
-t : search full name
λ composer search monolog
monolog/monolog Sends your logs to files, sockets, inboxes, databases and various web services
symfony/monolog-bundle Symfony MonologBundle
symfony/monolog-bridge Provides integration for Monolog with various Symfony components
...
composer show / composer info
List all available package information
λ composer show
defuse/php-encryption v2.3.1 Secure PHP Encryption Library
laminas/laminas-diactoros 2.5.0 PSR HTTP Message implementations
laminas/laminas-zendframework-bridge 1.4.1 Alias legacy ZF class names to Laminas Project equivalents.
...
List details of a single package
λ composer show slim/slim
name : slim/slim
descrip. : Slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs
keywords : api, framework, micro, router
versions : * 3.12.4
type : library
license : MIT License (MIT) (OSI approved) https://spdx.org/licenses/MIT.html#licenseText
homepage : https://slimframework.com
source : [git] https://github.com/slimphp/Slim.git ce3cb65a06325fc9fe3d0223f2ae23113a767304
dist : [zip] https://api.github.com/repos/slimphp/Slim/zipball/ce3cb65a06325fc9fe3d0223f2ae23113a767304 ce3cb65a06325fc9fe3d0223f2ae23113a767304
path : D:\workspace\oauth\examples\vendor\slim\slim
names : slim/slim, psr/http-message-implementation
support
issues : https://github.com/slimphp/Slim/issues
source : https://github.com/slimphp/Slim/tree/3.12.4
autoload
psr-4
Slim\ => Slim
requires
ext-json *
ext-libxml *
ext-simplexml *
nikic/fast-route ^1.0
php >=5.5.0
pimple/pimple ^3.0
psr/container ^1.0
psr/http-message ^1.0
requires (dev)
phpunit/phpunit ^4.0
squizlabs/php_codesniffer ^3.6.0
provides
psr/http-message-implementation 1.0
composer outdated
List all installed packages whether they can be updated
λ composer outdated
Direct dependencies required in composer.json:
laminas/laminas-diactoros 2.5.0 2.14.0 PSR HTTP Message implementations
league/event 2.2.0 3.0.1 Event package
slim/slim 3.12.4 4.9.0 Slim is a PHP micro framework that helps you quickly write simple yet po...
Transitive dependencies not required in composer.json:
psr/container 1.1.1 2.0.1 Common Container Interface (PHP FIG PSR-11)
composer browse / composer home
The browser directly opens the github repository of this package
# 打开这个包的官网
composer browser -H slim/slim
# 打印slim的github仓库链接
composer browser -s slim/slim
composer suggests
Give you some advice on your life journey
λ composer suggests
lcobucci/jwt suggests:
- lcobucci/clock: *
1 additional suggestions by transitive dependencies can be shown with --all
composer fund
```bash
#### 给出你所用的包的捐赠链接
```bash
composer depends / why
```bash
> composer depends 命令用于显示一个包的依赖关系树。如果你要删除一个包之前,可以用这个命令先看看它上面是不是有人
```bash
> composer depends psr/log -t
psr/log 1.1.4 Common interface for logging libraries
├──composer/composer 2.4.x-dev (requires psr/log ^1.0 || ^2.0 || ^3.0)
├──composer/composer dev-main (requires psr/log ^1.0 || ^2.0 || ^3.0)
├──composer/xdebug-handler 3.0.3 (requires psr/log ^1 || ^2 || ^3)
│ ├──composer/composer 2.4.x-dev (requires composer/xdebug-handler ^2.0.2 || ^3.0.3)
│ └──composer/composer dev-main (requires composer/xdebug-handler ^2.0.2 || ^3.0.3)
└──symfony/console v5.4.11 (conflicts psr/log >=3) (circular dependency aborted here)
composer prohibits / why-not
Tell you which packages are blocking the package you want to install, and give reasons
composer validate
If you manually modify composer.json, it is best to execute this command to check before submitting the composer.json file
composer status
If you have manually modified a package and the installation source of this package is source, you can use this command to view your local modification records, which is equivalent to git status
composer self-update / selfupdate
The composer program self-updates
# 更新到指定版本
composer self-update 2.4.0-RC1
composer config
Modify the current project or global configuration
-g: modify the global configuration file
–unset: remove the configuration
-l: display all configuration information, if you add -g, it will display the global
–absolute: the configuration of *-dir returns the absolute path
–append: when adding a mirror, Set a lower priority
--source: show where the config is loaded from
# 添加一个测试foo到repositories
composer config repo.foo vcs https://github.com/foo/bar
# 添加一个阿里云镜像到repositories(阿里云镜像凉了)
composer config repo.packagist composer https://mirrors.aliyun.com/composer/
#效果如下
"repositories": {
"packagist": {
"type": "composer",
"url": "https://mirrors.aliyun.com/composer/"
},
"foo": {
"type": "vcs",
"url": "https://github.com/foo/bar"
}
}
# 修改extra配置
composer config extra.foo.bar value
composer config --json extra.foo.bar '{"baz": true, "qux": []}'
composer create-project
Create project/package, equivalent to git clone + composer install
composer create-project doctrine/orm path "2.2.*"
composer dump-autoload
After modifying the class name in the package, or adding and deleting files, you need to execute this command
# -o 选项是为了生产环境中的性能优化,
composer dump-autoload -o
# -a 选项则是为了开发环境中的重新生成类映射。
composer dump-autoload -a
composer clear-cache / clearcache / cc
Clear local package cache
archive
Download a package from remote and pack it into a zip/tar archive
php composer.phar archive vendor/package 2.0.21 --format=zip
run-script / run
You can run this command to do it manually, just specify the name of the script, the optional --no-dev parameter allows you to disable developer mode.
{
"scripts": {
"post-update-cmd": "MyVendor\\MyClass::postUpdate",
"post-package-install": [
"MyVendor\\MyClass::postPackageInstall"
],
"post-install-cmd": [
"MyVendor\\MyClass::warmCache",
"phpunit -c app/"
]
}
}
# 将会运行所有 post-install-cmd 事件下定义的脚本。
`composer run-script post-install-cmd`
diagnose
It can be used to check whether the current Composer environment complies with best practices, including PHP environment, Composer configuration, etc.
audit
Checks the current project's dependencies for known security vulnerabilities.
help
Use help to obtain help information for the specified command.
php composer.phar help install