Composer
Composer is the dependency manager for PHP. Install and manage project dependencies, handle autoloading, and manage scripts.
Installation
Linux/macOS
# Download Composer installer
curl -sS https://getcomposer.org/installer | php
# Move to system path
sudo mv composer.phar /usr/local/bin/composer
# Verify installation
composer --version
# Update Composer
composer self-update
# Or install via Homebrew (macOS)
brew install composerWindows
# Download installer
# https://getcomposer.org/download
# Or use Chocolatey
choco install composer
# Or use Scoop
scoop install composer
# Verify installation
composer --versionBasic Commands
| Command | Description |
|---|---|
composer --version | Show Composer version |
composer --help | Display help information |
composer init | Create new composer.json file |
composer install | Install dependencies from composer.lock |
composer require [package] | Add new dependency |
composer remove [package] | Remove dependency |
composer update | Update dependencies to latest versions |
composer show | List installed packages |
composer dump-autoload | Regenerate autoloader |
Project Setup
# Initialize new project (interactive)
composer init
# Create project from package
composer create-project symfony/skeleton my-app
# Create Laravel project
composer create-project laravel/laravel my-app
# Create Symfony project
composer create-project symfony/website-skeleton my-websiteInstalling Dependencies
From composer.json
# Install all dependencies
composer install
# Install without dev dependencies (production)
composer install --no-dev
# Don't download, only check compatibility
composer install --dry-run
# Skip scripts
composer install --no-scripts
# Prefer lowest versions
composer install --prefer-lowestAdding New Dependencies
# Add single package
composer require monolog/monolog
# Add with specific version
composer require monolog/monolog:^2.0
# Add multiple packages
composer require symfony/http-kernel symfony/routing
# Add as development dependency
composer require --dev phpunit/phpunit
# Add with version constraint
composer require "symfony/console:^5.0"
# Add dev dependency
composer require --dev squizlabs/php_codesniffer
# Require by stability
composer require --prefer-stable vendor/packageUpdating Dependencies
# Update all packages
composer update
# Update specific package
composer update monolog/monolog
# Update with new lock file
composer update --lock
# Only update dependencies (not dev)
composer update --no-dev
# Check what would be updated
composer update --dry-run
# Interactive update (select packages)
composer update -i
# Update composer itself
composer self-update
# Update to latest major version
composer require vendor/package:^2.0Removing Packages
# Remove package
composer remove monolog/monolog
# Remove dev package
composer remove --dev phpunit/phpunit
# Remove multiple packages
composer remove monolog/monolog symfony/routing
# Check what would be removed
composer remove --dry-run monolog/monologViewing Installed Packages
# List installed packages
composer show
# Show with versions
composer show --all
# Show only dev packages
composer show --dev
# Show only prod packages
composer show --prod
# Show direct dependencies only
composer show --direct
# Show outdated packages
composer show --outdated
# Show package info
composer show symfony/http-kernel
# Show dependencies of package
composer show symfony/http-kernel --tree
# Show outdated with update info
composer outdatedAutoloader Management
# Regenerate autoloader
composer dump-autoload
# Optimize autoloader (production)
composer dump-autoload --optimize
# Classmap-only autoloader (faster)
composer dump-autoload --classmap-authoritative
# No-dev autoloader
composer dump-autoload --no-dev
# APCu autoloader cache
composer dump-autoload --apcu
# Regenerate with authorization
composer dump-autoload --strict-psrComposer.json Configuration
Basic Structure
{
"name": "myvendor/mypackage",
"description": "Short package description",
"type": "library",
"require": {
"php": "^8.0",
"monolog/monolog": "^2.0"
},
"require-dev": {
"phpunit/phpunit": "^9.5"
},
"autoload": {
"psr-4": {
"MyVendor\\MyPackage\\": "src/"
}
},
"authors": [
{
"name": "Your Name",
"email": "your@email.com"
}
],
"license": "MIT"
}Version Constraints
{
"require": {
"symfony/console": "5.2.*",
"monolog/monolog": "^2.0",
"guzzlehttp/guzzle": "~6.3",
"laravel/framework": ">=6.0,<9.0"
}
}Scripts
Define Scripts in composer.json
{
"scripts": {
"test": "phpunit",
"lint": "phpcs src/",
"fix": "phpcbf src/",
"serve": "php -S localhost:8000",
"post-install-cmd": ["php artisan migrate"],
"post-update-cmd": ["php artisan migrate"]
}
}Run Scripts
# Run custom script
composer test
# Run lint script
composer lint
# Run multiple scripts
composer test lint
# List available scripts
composer list
# Run all scripts of type
composer run-script test
# Show scripts
composer run-script --listDependency Resolution
# Show dependency tree
composer show --tree
# Show package dependencies
composer show symfony/http-kernel --tree
# Check for conflicts
composer validate
# Analyze dependencies
composer show -l
# Show why package is required
composer why monolog/monolog
# Show why dev package is needed
composer why-not vendor/package
# Show package constraints
composer show vendor/packageLock Files
# Create/update lock file without installing
composer lock
# Create lock file
composer update --lock
# Lock specific package
composer lock vendor/package
# Generate lock file
composer install --dry-run
# Update lock file from latest composer.json
composer lock
# Remove lock file (reinstall)
rm composer.lock
composer installDevelopment Workflow
# Initial project setup
composer install
# Add new dev tool
composer require --dev phpstan/phpstan
# Run tests
composer test
# Fix code style
composer fix
# Run linting
composer lint
# Update dependencies safely
composer update --dry-run
composer update
# Deploy to production
composer install --no-dev --optimize-autoloaderPerformance & Production
# Optimized installation for production
composer install --no-dev --optimize-autoloader
# Strict autoloader (fastest)
composer install --no-dev --optimize-autoloader --classmap-authoritative
# With APCu caching
composer install --no-dev --optimize-autoloader --apcu
# Production deployment
composer require --no-dev
composer install --no-dev --optimize-autoloader
# Generate optimized autoloader
composer dump-autoload --optimize --no-devTroubleshooting
Dependency Issues
# Validate composer.json
composer validate
# Check for problems
composer diagnose
# Clear composer cache
composer clearcache
# Update with no cache
composer update --no-cache
# Force update
composer update --with-all-dependencies
# Regenerate lock file
rm composer.lock
composer installCommon Issues
# Out of memory during install
php -d memory_limit=512M composer install
# Memory for large projects
php -d memory_limit=-1 composer install
# Slow installation (use snapshot)
composer install --prefer-dist
# Git authentication issues
composer config --global github-oauth.github.com <token>
# Diagnose issues
composer diagnose
# Reset Composer
composer self-update --rollbackPackage Conflicts
# Show conflicting packages
composer show --tree
# Check what conflicts
composer why-not vendor/package
# Install with constraints
composer require vendor/package:^2.0
# Update specific package
composer update vendor/package
# Force resolution
composer update --with-all-dependenciesGlobal Packages
# Install package globally
composer global require symfony/console
# List global packages
composer global show
# Update global packages
composer global update
# Remove global package
composer global remove symfony/console
# Global composer home
composer config -g homeAdvanced Configuration
# Show all config
composer config --list
# Set GitHub token
composer config --global github-oauth.github.com <token>
# Set Gitlab token
composer config --global gitlab-oauth.gitlab.com <token>
# Disable plugins
composer update --no-plugins
# Show config file location
composer config --list --globalUseful Aliases
# Add to ~/.bashrc or ~/.zshrc
alias ci='composer install'
alias cid='composer install --no-dev'
alias cu='composer update'
alias cr='composer require'
alias crd='composer require --dev'
alias crm='composer remove'
alias cs='composer show'
alias cda='composer dump-autoload --optimize'
alias cv='composer validate'Best Practices
- Always commit composer.lock to version control
- Use semantic versioning for dependencies (^, ~)
- Keep composer up to date with
composer self-update - Use
--no-devflag for production deployments - Optimize autoloader with
dump-autoload --optimizefor production - Use
composer validatebefore committing - Pin major.minor versions in production
- Use version constraints to allow patch updates
- Regularly update dependencies with
composer update - Document development requirements in composer.json
Resources
composer help- Composer helpcomposer help require- Specific command help- Composer Documentation
- Packagist - Package repository
- Official Website
- Schema Reference
Last updated: 2026-03-30