The document provides an introduction and overview of basic commands, files, and concepts for using the Composer dependency manager. It outlines commands for installing, updating, removing, and requiring packages. It also discusses semver version ranges, checking for outdated packages, and ensuring changes don't break existing functionality with tests. The goal is to help users get started with Composer and safely manage dependencies.

1. Composer Yourself
A Reintroduction to Composer
@eric_poe

2. Basic Commands
Basic Commands
● composer self-update
● composer install
● Composer outdated
● composer update vendor/packageName --dry-run
● composer dump-autoload
● composer require [--dev] vendor/packageName
"^majorVersion"
● composer remove [--dev] vendor/packageName

3. ● General recipe
● You can edit this file
● Commit this if changed
● You can update everything at once, but
please do not!
○ composer update
Sections of note:
● Name
● Autoload
● Require
● Require-dev
● Config
● Scripts
Basic Files - composer.json

4. Basic Files - composer.lock
● Exact Recipe
● DO NOT EDIT THIS FILE
● Commit this if changed
Install everything:
● composer install
● composer install -o --no-dev
Dealing with merge conflicts in this file
● Typically, the merge conflict is the
“content-hash”
● See if you can fix via:
○ composer update --lock

5. Package Versions
Exact Version:
● 2.5.4
Version Range:
● >=2.5.4
● >=2.5.4 < 3.0 || >= 3.1
Hyphenated Version Range:
● 2.5.4 - 2.5.7
Wildcard Version Range:
● 2.5.*
Next Significant Release
● Tilde: ~2.5
○ 2.5 >= , < 3.0.0
○ ~2.5.5
■ 2.5.5 >= , < 2.6.0
● Carat: ^2.5.4
○ 2.5.4 >= , < 3.0.0
○ Use ONLY IF the package uses semantic
versioning

6. Packagist
Packagist is a great source to check on
composer packages
● https://packagist.org
● Find vendor/packageName
● Check on requirements
● Look into different versions

7. Check for Updates
To see which packages are outdated:
● composer outdated
Output colors:
● Green: up to date
● Red: at least 1 minor or patch update
behind
● Yellow: are at least 1 major update behind

8. Update Package
If needed, change package version in “require”
section of composer.json
● composer update
vendor/packageName --dry-run
○ Test to see if package can be updated
without conflict
○ Update conflicting packages first
○ Look at the package repo/docs for BC
breaks & upgrade tips
Note & WARNING: You can also update a
package installed as part of a larger package in
composer.json. In other words, you can update a
package that’s in composer.lock, just don’t
modify the version number!
Finally, update the package
● composer update
vendor/packageName
● Run unit tests to ensure everything still
works
○ vendor/bin/phpunit -c
<dir/with/phpunit.xml>
● Commit!

9. Install Package
Install the latest package available
● composer require
vendor/packageName
Install a package in a range
● composer require
vendor/packageName
"^majorVersion"
If it’s only needed for dev work, but not for
production:
● composer require --dev
vendor/packageName
● composer require --dev
vendor/packageName
"^majorVersion"

10. Remove Package
Remove package and then run tests!
● composer remove vendor/packageName
● composer remove --dev vendor/packageName

11. Th-th-that’s all, folks!
Composer documentation:
● getcomposer.org/doc
Composer Cheat Sheet (interactive)
● composer.json.jolicode.com
DEMO TIME?