The document provides information about using Composer for library publishers and library consumers. For library publishers, it discusses naming conventions, semantic versioning, tagging releases, licensing, and documentation. For library consumers, it covers installing vs updating, version selection, using forks, composer in deployments, licensing, simulating environments, and private packages.

1. Composer
the right way
@rdohms
Rafael Dohms

2. photo: smileymanwithahat

4. photo: Rob Allen

5. Library Publisher
Library
Library Consumer
Packagist
photo: 18millionpixels

6. {
"require": {
"monolog/monolog": “2.0”
}
}
{
"name": “monolog/monolog”
...
}
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package monolog/monolog could not be found in any version, there may be a typo in the package name.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting
see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
Read <http://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.
Installation failed, reverting ./composer.json to its original content.
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Installing psr/log (1.0.0)
Loading from cache
- Installing monolog/monolog (1.11.0)
Downloading: 100%
monolog/monolog suggests installing graylog2/gelf-php (Allow sending log messages to a GrayLog2 server)
[...]
monolog/monolog suggests installing ext-mongo (Allow sending log messages to a MongoDB server)
monolog/monolog suggests installing aws/aws-sdk-php (Allow sending log messages to AWS services like DynamoDB)
monolog/monolog suggests installing rollbar/rollbar (Allow sending log messages to Rollbar)
Writing lock file
Generating autoload files
___
~1.1
photo: 18millionpixels

7. discovery source
installation
Packagist
!
Vendor
Folder
"
Repository
#
composercomposer.json$
composer.lock$

8. 2 054 229 509two billion, fifty-four million, two hundred and
twenty-nine thousand, five hundred and nine.
+

9. Stable!Go tell @seldaek, @naderman and the entire
composer team, thank you for all the
amazing work!

10. $ composer self-update
Production
$ composer self-update --snapshot
Development
$ composer self-update --preview
CI / Build

11. $ composer init
Library Publisher
$ composer require <vendor>/<package>
Library Consumer

12. $ composer require monolog/monolog
Tip
Using version ^1.11 for monolog/monolog

13. $ composer require monolog/monolog --sort-packages
Tip

14. $ composer remove monolog/monolog
Tip
removes packages and dependencies by default
— beta 2

15. Library Publishers
Composer for

16. Library Publisher Unique vendor names
vendor / package

17. Library Publisher Unique vendor names
pick your own
unique vendor

18. Library Publisher Unique vendor names
or join a collective

19. README$
CHANGELOG%
LICENSE&
Library Publisher What’s in your library?
' List relevant changes
' Make BC breaks prominent
' Show examples of how to upgrade
' Pick one that reflects your values
' choosealicense.com can help
' What problem does it solve?
' Usage examples
' Install instructions
' How can I contribute?

20. Library Publisher Semantic Versioning
1 . 2 3.major minor patch
API / BC
Breaks
New Features Bug Fixes

21. Library Publisher Tagging
Please, tag your
releases.
often!

22. Library Publisher “I'm out"
photo: nickwebb

23. Library Publisher “I'm out"
Click here and provide an alternative

24. Library Publisher “I'm out"

25. Pick the
correct
version
Library Publisher Pick a Version

26. *the asterisk○Library Publisher Pick a Version

27. ~the tilde
Library Publisher Pick a Version

28. ~1.2
>=1.2.0, <2.0.0
Library Publisher Pick a Version
)

29. ~1.2.3
>=1.2.3, <1.3
Library Publisher Pick a Version
)

30. Yo @rdohms, I’m
really happy for you and
I’m gonna let you finish, but
the tilde operator is
totally old news.

31. ^the caret
Library Publisher Pick a Version

32. 1.2.3
>=1.2.3, <2.0.0
Library Publisher Pick a Version
)
^
)

33. 0.3.0
>=0.3.0, <0.4.0
Library Publisher Pick a Version
^
)
Major Version Zero

34. "require": {
"zendframework/zend-stdlib": “2.1.*”,
"zendframework/zend-servicemanager": "2.1.*",
},
“require-dev": {
“phpunit/phpunit": “~3.7”
}
Library Publisher Pick a Version
"require": {
"zendframework/zend-stdlib": “^2.3”,
"zendframework/zend-servicemanager": “^2.3",
},
“require-dev": {
“phpunit/phpunit": “~4”
}
3rd party library
Your application
*
^2.1

35. Library Consumers
Composer for

36. Library Consumer Install or update?
install or update?

37. Library Consumer Install or update?
Make sure you have
installed the last
updates from other
developers.
?
install updateor

38. Library Consumer Install or update?
Make sure you have
installed the last
updates from other
developers.
?
install updateor

39. Library Consumer Install or update?
Deploying a new
release of your
application to
production.
?
install updateor

40. Library Consumer Install or update?
Deploying a new
release of your
application to
production.
?
install updateor

41. Library Consumer Install or update?
Checked out a new
project and want to
start coding.
?
install updateor

42. Library Consumer Install or update?
Checked out a new
project and want to
start coding.
?
install updateor

43. Library Consumer Install or update?
Grab new versions for
the dependencies of
your project.
?
install updateor

44. Library Consumer Install or update?
Grab new versions for
the dependencies of
your project.
?
install updateor

45. Your application
"
Public
Repository
#
Library Consumer Install or update?
composer.lock$
read grab version
check latest compatible release
update
composer install
composer update
no lock file? composer update
since beta2

46. Library Consumer Install or update?
commit your lock file

47. $ composer update —interactive (-i)
Tip
since beta1

48. $ composer why-not <package>
doctrine/doctrine-bundle 1.6.2 requires symfony/framework-bundle (~2.3|~3.0)
doctrine/doctrine-cache-bundle 1.3.0 requires symfony/doctrine-bridge (~2.2|~3.0)
doctrine/doctrine-fixtures-bundle 2.3.0 requires symfony/doctrine-bridge (~2.3|~3.0)
doctrine/doctrine-migrations-bundle dev-master requires symfony/framework-bundle (~2.3|~3.0)
doctrine/migrations dev-master requires symfony/yaml (~2.3|~3.0)
doctrine/orm v2.5.4 requires symfony/console (~2.5|~3.0)
friendsofsymfony/rest-bundle 1.7.7 requires symfony/http-kernel (^2.3.24|~3.0)
incenteev/composer-parameter-handler v2.1.2 requires symfony/yaml (~2.3|~3.0)
jms/serializer-bundle 1.1.0 requires symfony/framework-bundle (~2.3|~3.0)
knplabs/knp-paginator-bundle 2.5.1 requires symfony/framework-bundle (~2.3|~3.0)
kriswallsmith/assetic v1.3.2 requires symfony/process (~2.1|~3.0)
Tip
since beta1

49. $ composer outdated
composer/composer 1.0.3 1.1.0
filp/whoops 2.1.0 2.1.2
justinrainbow/json-schema 1.6.1 2.0.3
nikic/fast-route v0.7.0 v1.0.0
oscarotero/psr7-middlewares v3.14.3 v3.15.1
Tip

50. Pick the
correct
version
Library Consumer Version Selection

51. Library Consumer Version Selection
dev-master

52. Library Consumer Version Selection

53. Library Consumer Using forks
found a bug?

54. Library Consumer Using forks
$ composer install --prefer-source
Tip

55. Library Consumer Using forks
patch it,
fork it,
push it…
wait for it.

56. Library Consumer Using forks
symfony/symfony
rdohms/symfony
"repositories": [
{
"type": "vcs",
"url": "https://github.com/rdohms/symfony"
}
]
+

57. Library Consumer Using forks
Do not put
forked repositories
on packagist
,

58. Library Consumer Using forks
"require": {
"symfony/symfony": "dev-my-patch as 2.5.0"
}
Tip

59. Library Consumer Composer and deployments
Composer
and
production

60. Library Consumer Composer and deployments
$ composer install --prefer-dist --no-dev --optimize-autoloader
,
- Install same versions
- Uses information defined in the composer.lock file

61. $ composer install --prefer-dist --no-dev --optimize-autoloader
Library Consumer Composer and deployments
,
- Downloads distribution packages
- Can use local cache for previously downloaded
- No git required

62. $ composer install --prefer-dist --no-dev --optimize-autoloader
Library Consumer Composer and deployments
,
- Avoids download unnecessary developer libraries

63. $ composer install --prefer-dist --no-dev --optimize-autoloader
Library Consumer Composer and deployments
,
- Generates classmap from PSR-0/4 autoloaders
- Speeds up autoloading

64. Library Consumer Licensing
$ composer licenses
Name: __root__
Version: 1.0.0
Licenses: none
Dependencies:
doctrine/annotations v1.2.1 MIT
doctrine/cache v1.3.1 MIT
doctrine/collections v1.2 MIT
doctrine/common v2.4.2 MIT
doctrine/inflector v1.0 MIT
doctrine/lexer v1.0 MIT
psr/log 1.0.0 MIT
symfony/symfony v2.5.6 MIT
twig/twig v1.16.2 BSD-3-Clause
Tip

65. Library Consumer Simulating Environments
"config": {
"platform": {
"php": “5.6.2”,
“ext-mongodb”: “1.1”
}
},
Tip
Production
Server
.
Development
Server
.PHP
7.0
PHP
5.6

66. Library Consumer Simulating Environments
$ composer install —-ignore-platform-reqs
Tip

67. Library Consumer Private Packages and Proxy
Satis and Toran

68. composer Packagist
!
Your application
"
Public
Repository
#
Library Consumer Private Packages and Proxy

69. composer
Packagist
!
Your application
"
Public
Repository
#
Satis / Toran
!
Private
Repository
/
proxy
Library Consumer Private Packages and Proxy

70. Library Consumer Private Packages and Proxy
toranproxy.com
private repos, automatic packagist proxy
and support composer development

71. Library Consumer One last thing
One last thing…

72. Library Consumer pickle!

73. Library Consumer pickle!
$ pickle install memcache
https://wiki.php.net/rfc/pickle
https://github.com/FriendsOfPHP/pickle

74. Thank you.any questions?
0 http://slides.doh.ms
1 http://doh.ms
2 @rdohms