Composer Inline Aliases: Fake a PHP Package Version by Aliasing a Specific Commit to it

Great tip by Mattias: TIL: you can fake package versions in composer using the "as" alias. Useful to force install certain versions while keeping other dependencies in check! 👍 — Mattias Geniar (@mattiasgeniar) April 16, 2020 You can alias directly when requiring a package: composer require monolog/monolog:”dev-bugfix as 1.0.x-dev” Surely comes in handy when locally […]

“Composer require local package”: Working with symlinked Composer packages in PHP

When developing a PHP library/package, you most likely also have a project on disk that consumes said library. Take a WordPress plugin for example: to test it, you need a WordPress installation — both are linked but separate projects. To speed up development you can tell Composer to use the local version of the package, […]

Overriding the PHP version to use when installing Composer dependencies

If you have a (legacy) PHP project running on a legacy server (running PHP 5.4.27 for example), but are locally developing with a more modern PHP version (PHP 7.4 for example), you might end up installing dependencies that are not compatible with the PHP version on the server. To bypass this, you can tell Composer, […]

Selling Composer Packages through “Private Packagist for Vendors”

Nice new addition by Packagist: If you’re selling PHP packages, the easiest way to offer Composer package installation to your customers is now “Private Packagist for Vendors”. You get a unique URL and authentication token for each customer and they can use these in their composer.json file to install your packages. Especially if you’re still […]

PHP Roave Security Advisories

$ composer require roave/security-advisories:dev-master $ # following commands will fail: $ composer require symfony/symfony:2.5.2 $ composer require zendframework/zendframework:2.3.1 This package ensures that your PHP application doesn’t have installed dependencies with known security vulnerabilities. This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and […]