Dependency Manager for PHP

Overview

Composer - Dependency Management for PHP

Composer helps you declare, manage, and install dependencies of PHP projects.

See https://getcomposer.org/ for more information and documentation.

Continuous Integration

Installation / Usage

Download and install Composer by following the official instructions.

For usage, see the documentation.

Packages

Find packages on Packagist.

Community

IRC channels are on irc.freenode.org: #composer for users and #composer-dev for development.

For support, Stack Overflow also offers a good collection of Composer related questions.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project and its community you agree to abide by those terms.

Requirements

PHP 5.3.2 or above (at least 5.3.4 recommended to avoid potential bugs)

Authors

See also the list of contributors who participated in this project.

Security Reports

Please send any sensitive issue to [email protected]. Thanks!

License

Composer is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Comments
  • zlib_decode(): data error

    zlib_decode(): data error

    I realise this issue has been raised before (#3006, #3270) but no replies were given there and the results are many months old. Since a while, I'm getting the error mentioned in the issue title, when doing a composer require xxx/yyy or composer install Stack trace from the "very verbose" mode is as follows:

      [ErrorException]
      zlib_decode(): data error
    
    
    
    Exception trace:
     () at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Util/RemoteFilesystem.php:218
     Composer\Util\ErrorHandler::handle() at n/a:n/a
     zlib_decode() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Util/RemoteFilesystem.php:218
     Composer\Util\RemoteFilesystem->get() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Util/Remote
    Filesystem.php:83
     Composer\Util\RemoteFilesystem->getContents() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Rep
    ository/ComposerRepository.php:587
     Composer\Repository\ComposerRepository->fetchFile() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Compos
    er/Repository/ComposerRepository.php:296
     Composer\Repository\ComposerRepository->whatProvides() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Com
    poser/DependencyResolver/Pool.php:191
     Composer\DependencyResolver\Pool->computeWhatProvides() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Co
    mposer/DependencyResolver/Pool.php:180
     Composer\DependencyResolver\Pool->whatProvides() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/
    DependencyResolver/RuleSetGenerator.php:221
     Composer\DependencyResolver\RuleSetGenerator->addRulesForPackage() at phar://C:/ProgramData/ComposerSetup/bin/composer.
    phar/src/Composer/DependencyResolver/RuleSetGenerator.php:293
     Composer\DependencyResolver\RuleSetGenerator->addRulesForJobs() at phar://C:/ProgramData/ComposerSetup/bin/composer.pha
    r/src/Composer/DependencyResolver/RuleSetGenerator.php:333
     Composer\DependencyResolver\RuleSetGenerator->getRulesFor() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/sr
    c/Composer/DependencyResolver/Solver.php:172
     Composer\DependencyResolver\Solver->solve() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Insta
    ller.php:505
     Composer\Installer->doInstall() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Installer.php:230
    
     Composer\Installer->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Command/RequireCommand.
    php:158
     Composer\Command\RequireCommand->execute() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfony/cons
    ole/Symfony/Component/Console/Command/Command.php:257
     Symfony\Component\Console\Command\Command->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfon
    y/console/Symfony/Component/Console/Application.php:874
     Symfony\Component\Console\Application->doRunCommand() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/s
    ymfony/console/Symfony/Component/Console/Application.php:195
     Symfony\Component\Console\Application->doRun() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Co
    nsole/Application.php:146
     Composer\Console\Application->doRun() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfony/console/S
    ymfony/Component/Console/Application.php:126
     Symfony\Component\Console\Application->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Cons
    ole/Application.php:82
     Composer\Console\Application->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/bin/composer:43
     require() at C:\ProgramData\ComposerSetup\bin\composer.phar:25
    

    Any thoughts on why this happens and/or how to fix it? I'm only getting this on one of my systems, and it worked fine in the past, I'm not sure what changed since. I have reinstalled Composer just now, so I'm using the latest version. Specs of my system: Windows 8.1 x64, PHP 5.6.5 x64

    Edit: when I require a new dependency on an other machine, then run composer install on my own system, that works just fine.

    Edit 2: I just noticed Composer is connecting to http://packagist.org, despite having openssl enabled.

    Support 
    opened by Ugoku 267
  • Composer update runs out of memory

    Composer update runs out of memory

    Running the "composer update" command results in a fatal error:

    Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 79 bytes) in phar:///usr/local/bin/composer/src/Composer/DependencyResolver/RuleWatchGraph.php on line 100

    Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 71 bytes) in phar:///usr/local/bin/composer/src/Composer/DependencyResolver/Solver.php on line 700

    Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 72 bytes) in phar:///usr/local/bin/composer/src/Composer/DependencyResolver/RuleWatchGraph.php on line 104

    I already tried removing the vendors in my Symfony2 project. After removing the vendors and running a "composer install" command I get no errors. Running a "composer update" directly after the install results in the same memory error. The current memory limit is set to 512MB, that should be enough, right?

    What can be the cause of the sudden memory issue? Can I take other steps in solving this issue? As far as I can tell, the dependencies haven't changed and I don't include many vendors.

    Any help is much appreciated!

    Kind regards, Jeroen van Rooij

    Ps. I'm using the latest composer version and al the requires in the json are set to a fixed version

    opened by jrooi 181
  • Installs plugins and dependencies before installation of other packages

    Installs plugins and dependencies before installation of other packages

    | Q | A | | --- | --- | | Bug fix? | yes (installation plugin order) | | New feature? | yes | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #2972, #2879, #2878, #1121, #3078 | | License | MIT |

    This feature allows installing plugins and their dependencies before restarting the installation of other packages in the project. It allows the plugins to be added directly in the project and must not be installed in global.

    With this feature it is for example possible to create a plugin adding automatically the repositories, without that Composer throws an error when the first installation.

    It does not change the original behavior of the install, but at the same time, fixes a "strange" behavior of the order of the installation of plugins and their dependencies.

    The dependencies plugins must be installed before the plugin, then the plugin must be installed, and then the rest of depedencies can be installed.

    Test example:

    {
        "repositories": [
            {
                "type": "package",
                "package": [
                    { "name": "pkg", "version": "1.0.0" },
                    { "name": "pkg2", "version": "1.0.0" },
                    { "name": "inst", "version": "1.0.0", "type": "composer-plugin" },
                    { "name": "inst2", "version": "1.0.0", "type": "composer-plugin", "require": { "pkg2": "*" } }
                ]
            }
        ],
        "require": {
            "pkg": "1.0.0",
            "inst": "1.0.0",
            "inst2": "1.0.0"
        }
    }
    

    The order should be:

    Installing inst (1.0.0)
    Installing pkg2 (1.0.0)
    Installing inst2 (1.0.0)
    Installing pkg (1.0.0)
    

    and not (actually):

    Installing inst (1.0.0)
    Installing pkg (1.0.0)
    Installing pkg2 (1.0.0)
    Installing inst2 (1.0.0)
    
    Feature 
    opened by francoispluchino 131
  • Install fails because of getcomposer.org certificate verify failed

    Install fails because of getcomposer.org certificate verify failed

    @Seldaek @naderman we just saw this in a capifony deploy:

    Download failed: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed file_get_contents(): Failed to enable crypto file_get_contents(https://getcomposer.org/composer.phar): failed to open stream: operation failed

    Bug 
    opened by ChristianRiesen 113
  • Drupal can't use composer install because it requires a Github Auth token on installation

    Drupal can't use composer install because it requires a Github Auth token on installation

    See also https://www.drupal.org/node/1475510

    Problem: when running composer install the user is prompted to input a Github auth token. That is a serious burden for 3000+ Drupal core contributors that will need to run composer install and a significant waste of developer time. Some users do not want to create a Github account.

    It seems that composer only prompts for a Github auth token in interactive shells? I have never seen that prompt on Travis CI for PHP projects for example.

    Proposed solution: make composer install on interactive shells behave the same as in non interactive ones: always fall back to install from source (git clone) and never prompt the user for a Github token. Users should be able to opt-in for faster downloads with Github auth tokens, but this should never be an interactive usability WTF.

    opened by klausi 104
  • Beginners being herded into command line due to composer

    Beginners being herded into command line due to composer

    You wanted a specific complaint? Here it is:

    Why are beginners being herded into the command line, due to composer?

    Application developers are now frequently only including composer installs.

    This effectively locks beginners out of the learning process. It creates yet another barrier to entry, simply for the convenience of a minority.

    Question 
    opened by devlikes 93
  • Allow comments in composer.json

    Allow comments in composer.json

    I know comments are not allowed in the json spec, but some parsers are more tolerant than others. And being able to annotate composer.json would be of great use (f.e. when playing around commenting different parts of composer.json without having to commit, stash or save to a different file)

    opened by gggeek 82
  • Using YAML for configuration?

    Using YAML for configuration?

    Why didn't composer founders choose YAML? Json even does not support comments inside a file. Yaml is proved to be the best choise for configuration and Symfony proved that.

    But it's not too late to also allow yaml usage aswell. 4 example search for composer.json, if not found - for composer.yml

    opened by olegstepura 82
  • ErrorException: proc_open(): fork failed - Cannot allocate memory in phar

    ErrorException: proc_open(): fork failed - Cannot allocate memory in phar

    ErrorException: proc_open(): fork failed - Cannot allocate memory in phar:///var/www/workspace/MyProject/build/composer/composer.phar/vendor/symfony/console/Symfony/Component/Console/Application.php on line 943

    Call Stack: 0.0523 765208 1. {main}() /var/www/workspace/MyProject/build/composer/composer.phar:0 0.0528 763216 2. require('phar:///var/www/workspace/MyProject/build/composer/composer.phar/bin/composer') /var/www/workspace/MyProject/build/composer/composer.phar:15 0.0830 3504584 3. Composer\Console\Application->run() phar:///var/www/workspace/MyProject/build/composer/composer.phar/bin/composer:13 0.0865 3865984 4. Symfony\Component\Console\Application->run() phar:///var/www/workspace/MyProject/build/composer/composer.phar/src/Composer/Console/Application.php:66 31.9725 246198552 5. Symfony\Component\Console\Application->renderException() phar:///var/www/workspace/MyProject/build/composer/composer.phar/vendor/symfony/console/Symfony/Component/Console/Application.php:113 31.9726 246199624 6. Symfony\Component\Console\Application->getTerminalWidth() phar:///var/www/workspace/MyProject/build/composer/composer.phar/vendor/symfony/console/Symfony/Component/Console/Application.php:771 31.9726 246199784 7. Symfony\Component\Console\Application->getSttyColumns() phar:///var/www/workspace/MyProject/build/composer/composer.phar/vendor/symfony/console/Symfony/Component/Console/Application.php:848 31.9727 246202984 8. proc_open() phar:///var/www/workspace/MyProject/build/composer/composer.phar/vendor/symfony/console/Symfony/Component/Console/Application.php:943 31.9728 246204736 9. Composer\Util\ErrorHandler::handle() phar:///var/www/workspace/MyProject/build/composer/composer.phar/src/Composer/Util/ErrorHandler.php:0

    Bug 
    opened by yooper 81
  • [RFC] Preloading support

    [RFC] Preloading support

    As a general preloading file seems to become a thing in PHP 7.4 (🎉) I think we should start the discussion on how this could be implemented in Composer. I'm willing to work on a PR for that but there are a few things to be clarified first. Here are just a few thoughts that come to my mind when thinking about the implementation:

    • Should the preloading section be handled separately from the autoload section?
    • Does it even make sense to separate them? I mean, if you dump the optimized autoloader, why would you not want to preload all classes? Are there even scenarios where you would not want to preload all of your files?
    • Does it even make sense to preload all of the files or is that hurting the performance? Should we opt for hot-path preloading which in turn would imply that autoloading and preloading indeed must be separated?
    • vendor/preload.php?
    • If preloading can be seen as an extension to the optimized autoload, how would the command look like? composer dump-autoload -o -p (-p would then also generate the preload.php)

    I'm sure there's more to be considered and discussed. There are some very smart cookies in our community, so let's try to lay out the best solution together first and only then start coding 😊

    Feature 
    opened by Toflar 78
  • Php version shows 7 but composer does not work

    Php version shows 7 but composer does not work

    My composer.json:

    cat composer.json 
    {
        "name": "laravel/laravel",
        "description": "The Laravel Framework.",
        "keywords": ["framework", "laravel"],
        "license": "MIT",
        "type": "project",
        "require": {
            "php": ">=7.0.0",
            "barryvdh/laravel-debugbar": "^3.1",
            "fideloper/proxy": "~3.3",
            "laravel/framework": "5.5.*",
            "laravel/tinker": "~1.0"
        },
        "require-dev": {
            "filp/whoops": "~2.0",
            "fzaninotto/faker": "~1.4",
            "mockery/mockery": "~1.0",
            "phpunit/phpunit": "~6.0"
        },
        "autoload": {
            "classmap": [
                "database/seeds",
                "database/factories"
            ],
            "psr-4": {
                "App\\": "app/"
            }
        },
        "autoload-dev": {
            "psr-4": {
                "Tests\\": "tests/"
            }
        },
        "extra": {
            "laravel": {
                "dont-discover": [
                ]
            }
        },
        "scripts": {
            "post-root-package-install": [
                "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
            ],
            "post-create-project-cmd": [
                "@php artisan key:generate"
            ],
            "post-autoload-dump": [
                "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
                "@php artisan package:discover"
            ]
        },
        "config": {
            "preferred-install": "dist",
            "sort-packages": true,
            "optimize-autoloader": true
        }
    }
    
    

    Output of composer diagnose:

    composer diagnose
    Checking composer.json: OK
    Checking platform settings: OK
    Checking git settings: OK
    Checking http connectivity to packagist: Warning: Accessing packagist.org over http which is an insecure protocol.
    OK
    Checking https connectivity to packagist: OK
    Checking github.com rate limit: OK
    Checking disk free space: OK
    Checking pubkeys: FAIL
    Missing pubkey for tags verification
    Missing pubkey for dev verification
    Run composer self-update --update-keys to set them up
    Checking composer version: FAIL
    You are not running the latest stable version, run `composer self-update` to update (1.1.2 => 1.5.6)
    
    

    When I run this command:

    composer install
    

    I get the following output:

    
      Problem 1
        - This package requires php >=7.0.0 but your PHP version (5.6.32) does not satisfy that requirement.
      Problem 2
        - Installation request for barryvdh/laravel-debugbar ^3.1 -> satisfiable by barryvdh/laravel-debugbar[v3.1.0].
        - barryvdh/laravel-debugbar v3.1.0 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
      Problem 3
        - laravel/framework v5.5.9 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.8 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.7 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.6 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.5 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.4 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.3 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.26 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.25 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.24 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.23 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.22 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.21 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.20 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.2 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.19 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.18 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.17 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.16 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.15 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.14 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.13 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.12 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.11 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.10 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.1 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - laravel/framework v5.5.0 requires php >=7.0 -> your PHP version (5.6.32) does not satisfy that requirement.
        - Installation request for laravel/framework 5.5.* -> satisfiable by laravel/framework[v5.5.0, v5.5.1, v5.5.10, v5.5.11, v5.5.12, v5.5.13, v5.5.14, v5.5.15, v5.5.16, v5.5.17, v5.5.18, v5.5.19, v5.5.2, v5.5.20, v5.5.21, v5.5.22, v5.5.23, v5.5.24, v5.5.25, v5.5.26, v5.5.3, v5.5.4, v5.5.5, v5.5.6, v5.5.7, v5.5.8, v5.5.9].
    
    
    

    And I expected composer to install laravel dependencies

    Output of php -v

    ea-php-cli Copyright 2017 cPanel, Inc.
    PHP 7.0.26 (cli) (built: Dec  4 2017 16:05:39) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    

    Delete all kind of caches but still no success , I don't want to update composer if possible. Thanks

    Support 
    opened by StepanyanAlbert 77
  • When installing composer i get an error saying something is missing in the php.ini file but it doesn't specify what is missing.

    When installing composer i get an error saying something is missing in the php.ini file but it doesn't specify what is missing.

    My composer.json:

    ...replace me...
    

    Output of composer diagnose:

    ...replace me...
    

    When I run this command:

    ...replace me...
    

    I get the following output:

    ...replace me...
    

    And I expected this to happen:

    opened by Jhonattan-Rapprecht 2
  • `composer require --fixed` does not use fixed version anymore

    `composer require --fixed` does not use fixed version anymore

    My composer.json:

    {}
    

    Output of composer diagnose:

    Checking composer.json: WARNING
    No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
    Checking platform settings: OK
    Checking git settings: OK git version 2.37.1
    Checking http connectivity to packagist: OK
    Checking https connectivity to packagist: OK
    Checking github.com oauth access: OK
    Checking disk free space: OK
    Checking pubkeys:
    Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
    Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
    OK
    Checking composer version: OK
    Composer version: 2.5.1
    PHP version: 8.1.13
    PHP binary path: /opt/homebrew/Cellar/[email protected]/8.1.13/bin/php
    OpenSSL version: OpenSSL 1.1.1s  1 Nov 2022
    cURL version: 7.87.0 libz 1.2.11 ssl (SecureTransport) OpenSSL/1.1.1s
    zip: extension present, unzip present, 7-Zip not available
    

    When I run this command:

    composer require --dev --fixed vimeo/psalm
    

    I get the following output:

    ./composer.json has been updated
    Running composer update vimeo/psalm
    Loading composer repositories with package information
    Updating dependencies
    Lock file operations: 31 installs, 0 updates, 0 removals
      - Locking amphp/amp (v2.6.2)
      - Locking amphp/byte-stream (v1.8.1)
      - Locking composer/package-versions-deprecated (1.11.99.5)
      - Locking composer/pcre (3.1.0)
      - Locking composer/semver (3.3.2)
      - Locking composer/xdebug-handler (3.0.3)
      - Locking dnoegel/php-xdg-base-dir (v0.1.1)
      - Locking felixfbecker/advanced-json-rpc (v3.2.1)
      - Locking felixfbecker/language-server-protocol (v1.5.2)
      - Locking fidry/cpu-core-counter (0.4.1)
      - Locking netresearch/jsonmapper (v4.1.0)
      - Locking nikic/php-parser (v4.15.2)
      - Locking phpdocumentor/reflection-common (2.2.0)
      - Locking phpdocumentor/reflection-docblock (5.3.0)
      - Locking phpdocumentor/type-resolver (1.6.2)
      - Locking psr/container (2.0.2)
      - Locking psr/log (3.0.0)
      - Locking sebastian/diff (4.0.4)
      - Locking spatie/array-to-xml (2.17.1)
      - Locking symfony/console (v6.2.3)
      - Locking symfony/deprecation-contracts (v3.2.0)
      - Locking symfony/filesystem (v6.2.0)
      - Locking symfony/polyfill-ctype (v1.27.0)
      - Locking symfony/polyfill-intl-grapheme (v1.27.0)
      - Locking symfony/polyfill-intl-normalizer (v1.27.0)
      - Locking symfony/polyfill-mbstring (v1.27.0)
      - Locking symfony/polyfill-php80 (v1.27.0)
      - Locking symfony/service-contracts (v3.2.0)
      - Locking symfony/string (v6.2.2)
      - Locking vimeo/psalm (5.4.0)
      - Locking webmozart/assert (1.11.0)
    Writing lock file
    Installing dependencies from lock file (including require-dev)
    Package operations: 31 installs, 0 updates, 0 removals
      - Downloading psr/log (3.0.0)
      - Downloading symfony/console (v6.2.3)
      - Downloading sebastian/diff (4.0.4)
      - Downloading felixfbecker/advanced-json-rpc (v3.2.1)
      - Downloading dnoegel/php-xdg-base-dir (v0.1.1)
      - Downloading amphp/byte-stream (v1.8.1)
      - Installing composer/package-versions-deprecated (1.11.99.5): Extracting archive
      - Installing composer/pcre (3.1.0): Extracting archive
      - Installing symfony/polyfill-ctype (v1.27.0): Extracting archive
      - Installing webmozart/assert (1.11.0): Extracting archive
      - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
      - Installing phpdocumentor/type-resolver (1.6.2): Extracting archive
      - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
      - Installing psr/log (3.0.0): Extracting archive
      - Installing symfony/deprecation-contracts (v3.2.0): Extracting archive
      - Installing psr/container (2.0.2): Extracting archive
      - Installing symfony/service-contracts (v3.2.0): Extracting archive
      - Installing symfony/polyfill-mbstring (v1.27.0): Extracting archive
      - Installing symfony/polyfill-intl-normalizer (v1.27.0): Extracting archive
      - Installing symfony/polyfill-intl-grapheme (v1.27.0): Extracting archive
      - Installing symfony/string (v6.2.2): Extracting archive
      - Installing symfony/polyfill-php80 (v1.27.0): Extracting archive
      - Installing symfony/filesystem (v6.2.0): Extracting archive
      - Installing symfony/console (v6.2.3): Extracting archive
      - Installing spatie/array-to-xml (2.17.1): Extracting archive
      - Installing sebastian/diff (4.0.4): Extracting archive
      - Installing nikic/php-parser (v4.15.2): Extracting archive
      - Installing netresearch/jsonmapper (v4.1.0): Extracting archive
      - Installing fidry/cpu-core-counter (0.4.1): Extracting archive
      - Installing felixfbecker/language-server-protocol (v1.5.2): Extracting archive
      - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
      - Installing dnoegel/php-xdg-base-dir (v0.1.1): Extracting archive
      - Installing composer/xdebug-handler (3.0.3): Extracting archive
      - Installing composer/semver (3.3.2): Extracting archive
      - Installing amphp/amp (v2.6.2): Extracting archive
      - Installing amphp/byte-stream (v1.8.1): Extracting archive
      - Installing vimeo/psalm (5.4.0): Extracting archive
    4 package suggestions were added by new dependencies, use `composer suggest` to see details.
    Generating autoload files
    19 packages you are using are looking for funding.
    Use the `composer fund` command to find out more!
    No security vulnerability advisories found
    Using version ^5.4 for vimeo/psalm
    

    And I expected this to happen:

    I expected that a fixed version is used (5.4.0) instead of a version range (^5.4).

    opened by gharlan 0
  • Declaration of Monolog\Logger::emergency must be compatible with Psr\Log\LoggerInterface::emergency

    Declaration of Monolog\Logger::emergency must be compatible with Psr\Log\LoggerInterface::emergency

    I think this is a compatibility issue with

    • composer
    • monolog (as in composer's version)
    • using monolog in the application - the latest version
    • and running a script in composer.json, which invokes monolog

    aside from the composer.json listed below, this test script is being called from the composer.json file post-update

    I was able to set up a test environment with just the 2 files - test.php and composer.json, and run composer u, you can see the issue at the bottom of the output

    if monolog is set to less than 3, there is no problem

    the problem is the same if I run composer self-update, I use wsl and Alpine linux as my dev environment

    cheers - thanks for a great product !

    test.php

    <?php
    
    use Monolog\Formatter\LineFormatter;
    use Monolog\Handler\ErrorLogHandler;
    use Monolog\Logger;
    
    abstract class test {
    
      static function demo() {
    
        $monolog = new Logger('demo');
    
    
        $syslog = new ErrorLogHandler;
        $formatter = new LineFormatter("%channel%.%level_name%: %message% %context%");
        $syslog->setFormatter($formatter);
        $monolog->pushHandler($syslog);
    
        $monolog->info('hello world');
      }
    }
    

    My composer.json:

    {
        "license": "MIT",
        "autoload": {
            "psr-4": {
                "": "."
            }
        },
        "require": {
            "monolog/monolog": "^3.2"
        },
        "scripts": {
            "post-update-cmd": [
                "test::demo"
            ]
        }
    }
    

    Output of composer diagnose:

    Checking composer.json: WARNING
    Defining autoload.psr-4 with an empty namespace prefix is a bad idea for performance
    Checking platform settings: OK
    Checking git settings: No git process found
    Checking http connectivity to packagist: OK
    Checking https connectivity to packagist: OK
    Checking github.com rate limit: OK
    Checking disk free space: OK
    Checking pubkeys: FAIL
    Missing pubkey for tags verification
    Missing pubkey for dev verification
    Run composer self-update --update-keys to set them up
    Checking composer version: You are not running the latest stable version, run `composer self-update` to update (2.4.4 => 2.5.1)
    Composer version: 2.4.4
    PHP version: 8.1.13
    PHP binary path: /usr/bin/php81
    OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
    cURL version: 7.87.0 libz 1.2.13 ssl OpenSSL/3.0.7
    zip: extension present, unzip present, 7-Zip not available
    

    When I run this command:

    composer u -vvv
    

    I get the following output:

    Running 2.4.4 (2022-10-27 14:39:29) with PHP 8.1.13 on Linux / 5.15.79.1-microsoft-standard-WSL2
    Reading ./composer.json (/mnt/c/Users/davbr/GitHub/tmonolog/composer.json)
    Loading config file ./composer.json (/mnt/c/Users/davbr/GitHub/tmonolog/composer.json)
    Checked CA file /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a file.
    Checked directory /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a directory.
    Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): git describe --exact-match --tags
    Executing command (CWD): git --version
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): git log --pretty="%H" -n1 HEAD
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): hg branch
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): fossil branch list
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): fossil tag list
    Executing command (/mnt/c/Users/davbr/GitHub/tmonolog): svn info --xml
    Running cache garbage collection
    Failed to initialize global composer: Composer could not find the config file: /home/davbr/.config/composer/composer.json
    
    Reading ./composer.lock (/mnt/c/Users/davbr/GitHub/tmonolog/composer.lock)
    Reading /mnt/c/Users/davbr/GitHub/tmonolog/vendor/composer/installed.json
    Loading composer repositories with package information
    Reading /home/davbr/.cache/composer/repo/https---repo.packagist.org/packages.json from cache
    Downloading https://repo.packagist.org/packages.json if modified
    [200] https://repo.packagist.org/packages.json
    Info from https://repo.packagist.org: #StandWithUkraine
    Writing /home/davbr/.cache/composer/repo/https---repo.packagist.org/packages.json into cache
    Reading /home/davbr/.cache/composer/repo/https---repo.packagist.org/provider-monolog~monolog.json from cache
    Downloading https://repo.packagist.org/p2/monolog/monolog.json if modified
    [304] https://repo.packagist.org/p2/monolog/monolog.json
    Reading /home/davbr/.cache/composer/repo/https---repo.packagist.org/provider-psr~log.json from cache
    Downloading https://repo.packagist.org/p2/psr/log.json if modified
    [304] https://repo.packagist.org/p2/psr/log.json
    Built pool.
    Running pool optimizer.
    Pool optimizer completed in 0.003 seconds
    Found 46 package versions referenced in your dependency graph. 1 (2%) were optimized away.
    Updating dependencies
    Generating rules
    Resolving dependencies through SAT
    Looking at all rules.
    
    Dependency resolution completed in 0.000 seconds
    Analyzed 45 packages to resolve dependencies
    Analyzed 47 rules to resolve dependencies
    Nothing to modify in lock file
    Installing dependencies from lock file (including require-dev)
    Nothing to install, update or remove
    Generating autoload files
    1 package you are using is looking for funding.
    Use the `composer fund` command to find out more!
    > post-update-cmd: test::demo
    PHP Fatal error:  Declaration of Monolog\Logger::emergency(Stringable|string $message, array $context = []): void must be compatible with Psr\Log\LoggerInterface::emergency($message, array $context = []) in /mnt/c/Users/davbr/GitHub/tmonolog/vendor/monolog/monolog/src/Monolog/Logger.php on line 651
    
    Fatal error: Declaration of Monolog\Logger::emergency(Stringable|string $message, array $context = []): void must be compatible with Psr\Log\LoggerInterface::emergency($message, array $context = []) in /mnt/c/Users/davbr/GitHub/tmonolog/vendor/monolog/monolog/src/Monolog/Logger.php on line 651
    

    And I expected this to happen:

    opened by bravedave 0
  • Failed to autoload classes by upgrading composer to `2.5.1`

    Failed to autoload classes by upgrading composer to `2.5.1`

    My composer.json:

    {
        "require": {
            "php": "^7.0.0",
            "aws/aws-sdk-php": "3.224.*",
            "facebook/graph-sdk": "5.6.*",
            "google/protobuf": "v3.7.1",
            "grpc/grpc": "1.19.0",
            "justinrainbow/json-schema": "^5.2",
            "mongodb/mongodb": "1.4.*",
            "phpunit/phpunit": "6.5.*"
        },
        "config": {
            "platform": {
                "php": "7.0"
            }
        },
        "autoload": {
            "psr-0": {
                ... // proprietary packages
            },
            "psr-4": {
                "GPBMetadata\\": "./Protobuf/GPBMetadata/",
                "Protobuf\\": "./Protobuf/Protobuf/",
                ... // proprietary packages
            }
        },
        "minimum-stability": "stable"
    }
    
    

    Output of composer diagnose:

    Checking platform settings: OK
    Checking git settings: OK git version 2.30.1
    Checking http connectivity to packagist: OK
    Checking https connectivity to packagist: OK
    Checking github.com oauth access: OK
    Checking disk free space: OK
    Checking pubkeys:
    Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
    Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
    OK
    Checking composer version: OK
    Composer version: 2.5.1
    PHP version: 8.2.0
    PHP binary path: /opt/homebrew/Cellar/php/8.2.0/bin/php
    OpenSSL version: OpenSSL 1.1.1s  1 Nov 2022
    cURL version: 7.87.0 libz 1.2.11 ssl (SecureTransport) OpenSSL/1.1.1s
    zip: extension present, unzip present, 7-Zip not available
    

    When I launched my program, an error thrown with:

    PHP Fatal error:  Uncaught TypeError: Return value of Composer\Autoload\ClassLoader::initializeIncludeClosure() must be an instance of Composer\Autoload\void, none returned in /var/app/current/_libs/vendor/composer/ClassLoader.php:580
    Stack trace:
    #0 /var/app/current/_libs/vendor/composer/ClassLoader.php(112): Composer\Autoload\ClassLoader::initializeIncludeClosure()
    #1 /var/app/current/_libs/vendor/composer/autoload_real.php(28): Composer\Autoload\ClassLoader->__construct('/var/app/curren...')
    #2 /var/app/current/_libs/vendor/autoload.php(25): ComposerAutoloaderInit8cbab0e9160881f88c44458183518071::getLoader()
    #3 /var/app/current/ajax.php(24): require_once('/var/app/curren...')
    #4 {main}
      thrown in /var/app/current/_libs/vendor/composer/ClassLoader.php on line 580
    

    Though I am using PHP 8 on my dev machine, we're actually running codes with PHP 7.0, and the ClassLoader.php in newer version seems to have 7.0 incompatible syntax like:

    private static function initializeIncludeClosure(): void // void return types are not allowed in PHP 7.0
    {
        if (self::$includeFile !== null) {
            return;
        }
    
        /**
         * Scope isolated include.
         *
         * Prevents access to $this/self from included files.
         *
         * @param  string $file
         * @return void
         */
        self::$includeFile = static function($file) {
            include $file;
        };
    }
    

    Reference to RFC: https://wiki.php.net/rfc/void_return_type

    opened by seoker 1
  • Set default config for namespace and author

    Set default config for namespace and author

    I just created a composer.json file via composer init and was wondering how I can set default values for the package namespace and the author. I read the documentation, but couldn't find anything about it. Obviously it is read somewhere, where? 😅 I would like to change it.

    I see a ton of options here, but is anything of this set via global config? If yes I'm happy to add documentation, if not I'm happy to add a PR for it :-) https://github.com/composer/composer/blob/main/src/Composer/Command/InitCommand.php#L272-L292

    Same for the author: https://github.com/composer/composer/blob/main/src/Composer/Command/InitCommand.php#L321-L337

    So if I'm correct, it should be documented here:

    https://getcomposer.org/doc/03-cli.md#environment-variables

    and should work like the other env vars, correct? Then I would provide a PR with a couple of lines description and add COMPOSER_DEFAULT_VENDOR and COMPOSER_DEFAULT_AUTHOR.

    -> % composer init
    
      Welcome to the Composer config generator
    
    This command will guide you through creating your composer.json config.
    
    Package name (<vendor>/<name>) [fabian/shopify-tools]: winkelwagen/shopify-tools
    Description []:
    Author [Fabian Blechschmidt <[email protected]>, n to skip]:
    
    opened by Schrank 0
  • installing a package from an empty location should error

    installing a package from an empty location should error

    When running composer install with a dependency that is set up as a path repository which points to an empty directory, composer symlinks or copies that empty directory and then silently deletes it again, without showing any indication in its output that this happened. As far as I can tell, this happens in the cleanup function of the FileDownloader: https://github.com/composer/composer/blob/d047f38f73629f876226f61331db6b889f4dcafe/src/Composer/Downloader/FileDownloader.php#L322-L339

    In my opinion trying to install an empty package should be treated as an error condition instead of pretending that the install was successful.

    opened by gwenya 0
Releases(2.5.1)
  • 2.5.1(Dec 22, 2022)

  • 2.5.0(Dec 20, 2022)

    • BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
    • Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
    • Improved version selection in archive command (#11230)
    • Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
    • Added autocompletion of config option names in the config command (#11130)
    • Added support for writing custom commands as Command classes (#11151)
    • Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
    • Added support for bump command to bump >=x to >=installed-version (#11179)
    • Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
    • Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
    • Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
    • Added interactive prompt to run-script and exec commands if run without any argument (#11157)
    • Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
    • Fixed full disk warning to be shown when less than 100MiB is available (#11190)
    • Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
    • Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.70 MB)
    composer.phar.asc(589 bytes)
  • 2.4.4(Oct 27, 2022)

    • Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
    • Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
    • Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
    • Fixed --dry-run flag missing from bump command (#11047)
    • Fixed status command reporting differences when the source ref is a tag (#11155)
    • Fixed outdated command outputting legend on stdout instead of stderr
    • Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.68 MB)
    composer.phar.asc(589 bytes)
  • 2.4.3(Oct 14, 2022)

    • BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
    • Fixed json format of audit command which was missing affectedVersions (#11120)
    • Fixed plugin commands not being loaded during bash completions (#11074)
    • Fixed parsing of inline aliases within complex constraints with || or , (#11086)
    • Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
    • Fixed JsonFile reading files without checking if they are readable first (#11077)
    • Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.67 MB)
    composer.phar.asc(589 bytes)
  • 2.4.2(Sep 14, 2022)

    • Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
    • Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
    • Fixed package filter on bump command (#11053)
    • Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037)
    • Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
    • Fixed handling of zero-major versions in outdated command with --major-only (#11032)
    • Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046)
    • Fixed a few strict type errors
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.67 MB)
    composer.phar.asc(589 bytes)
  • 2.4.1(Aug 20, 2022)

    • Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998)
    • Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000)
    • Fixed local git repos being copied to cache unnecessarily (#11001)
    • Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.66 MB)
    composer.phar.asc(589 bytes)
  • 2.2.18(Aug 20, 2022)

  • 2.4.0(Aug 16, 2022)

    Read the Composer 2.4 Release Announcement for more details on the release highlights.

    Complete Changelog

    • Added bash completions for Composer commands, package names, etc (see how to setup) (#10320)
    • Added bump command to bump requirements to the currently installed version (#10829)
    • Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898)
    • Added automatic auditing of security vulnerabilities after update is done, can be overridden with --no-audit (#10798, #10898)
    • Added --audit to install command to also do an audit (#10798, #10898)
    • Added json format output to the check-platform-reqs command (#10979)
    • Added GitLab 15+ token refresh support (#10988)
    • Added r alias to require command (#10953)
    • Added composer/class-map-generator dependency to replace Composer\Autoload\ClassMapGenerator which is now deprecated (#10885)
    • Added --locked to depends/prohibits commands (#10834)
    • Added --strict-psr flag to dump-autoload command to fail the process if PSR violations were detected, useful for CI (#10886)
    • Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars to turn on --prefer-stable/--prefer-lowest on update and require command, useful for CI (#10919)
    • Added support for temporary update constraints on all packages (now also including non-root dependencies) (#10773)
    • Added --major-only flag to the outdated command to show only packages with major version updates (#10827)
    • Added sections for direct and transitive deps in outdated command output (#10779)
    • Added ability for cache GC to clean up vcs and repo caches (#10826)
    • Added --gc flag to clear-cache to only trigger a garbage collection instead of clearing everything (#10826)
    • Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait for the child process to exit before Composer exits to avoid dropping output (#10958)
    • Added prompt suggesting using --dev when requiring packages with dev/testing/static analysis keywords present (#10960)
    • Added warning in require, init and create-project commands when the latest version of a package cannot be used due to platform requirements (#10896)
    • Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#10995)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.67 MB)
    composer.phar.asc(589 bytes)
  • 2.4.0-RC1(Jul 21, 2022)

    Composer 2.4 is ready for a release, and we need your help to test it and report any regression.

    Please try it out!

    • Running composer self-update --preview will get you the 2.4.0-RC1
    • Running composer self-update --stable will get you back on the latest 2.3 stable release if anything broke.
    • Report any issues you encounter as a new issue specifying you tried the 2.4 RC and please include stack traces & repro details.

    Full Changelog

    • Added bash completions for Composer commands, package names, etc (see how to setup) (#10320)
    • Added bump command to bump requirements to the currently installed version (#10829)
    • Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898)
    • Added automatic auditing of security vulnerabilities after update is done, can be overridden with --no-audit (#10798, #10898)
    • Added --audit to install command to also do an audit (#10798, #10898)
    • Added r alias to require command (#10953)
    • Added composer/class-map-generator dependency to replace Composer\Autoload\ClassMapGenerator which is now deprecated (#10885)
    • Added --locked to depends/prohibits commands (#10834)
    • Added --strict-psr flag to dump-autoload command to fail the process if PSR violations were detected, useful for CI (#10886)
    • Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars to turn on --prefer-stable/--prefer-lowest on update and require command, useful for CI (#10919)
    • Added support for temporary update constraints on all packages (now also including non-root dependencies) (#10773)
    • Added --major-only flag to the outdated command to show only packages with major version updates (#10827)
    • Added sections for direct and transitive deps in outdated command output (#10779)
    • Added ability for cache GC to clean up vcs and repo caches (#10826)
    • Added --gc flag to clear-cache to only trigger a garbage collection instead of clearing everything (#10826)
    • Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait for the child process to exit before Composer exits to avoid dropping output (#10958)
    • Added prompt suggesting using --dev when requiring packages with dev/testing/static analysis keywords present (#10960)
    • Added warning in require, init and create-project commands when the latest version of a package cannot be used due to platform requirements (#10896)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.67 MB)
    composer.phar.asc(589 bytes)
  • 2.3.10(Jul 13, 2022)

    PSA: If you are seeing issues running non-interactive create-project with a project that does not configure allow-plugins, see the top post of #10928 for a workaround.

    • Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935)
    • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
    • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
    • Fixed support for disable_functions containing disk_free_space (#10936)
    • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.59 MB)
    composer.phar.asc(589 bytes)
  • 2.2.17(Jul 13, 2022)

    PSA: If you are seeing issues running non-interactive create-project with a project that does not configure allow-plugins, see the top post of #10928 for a workaround.

    • Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935)
    • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
    • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
    • Fixed support for disable_functions containing disk_free_space (#10936)
    • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.27 MB)
    composer.phar.asc(589 bytes)
  • 2.3.9(Jul 5, 2022)

  • 2.2.16(Jul 5, 2022)

  • 2.3.8(Jul 1, 2022)

    • Fixed support for cache-read-only where the filesystem is not writable (#10906)
    • Fixed type error when using allow-plugins: true (#10909)
    • Fixed @putenv scripts receiving arguments passed to the command (#10846)
    • Fixed support for spaces in paths with binary proxies on Windows (#10836)
    • Fixed type error in GitDownloader if branches cannot be listed (#10888)
    • Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
    • Fixed type errors (#10904, #10897)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.59 MB)
    composer.phar.asc(589 bytes)
  • 2.2.15(Jul 1, 2022)

    • Fixed support for cache-read-only where the filesystem is not writable (#10906)
    • Fixed type error when using allow-plugins: true (#10909)
    • Fixed @putenv scripts receiving arguments passed to the command (#10846)
    • Fixed support for spaces in paths with binary proxies on Windows (#10836)
    • Fixed type error in GitDownloader if branches cannot be listed (#10888)
    • Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.26 MB)
    composer.phar.asc(589 bytes)
  • 2.3.7(Jun 6, 2022)

    • Fixed a few PHPStan ConfigReturnTypeExtension bugs
    • Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#10814)
    • Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
    • Fixed bin proxies to allow a proxy to include another one safely (#10823)
    • Fixed openssl 3.x version parsing as it is now semver compliant
    • Fixed type error when a json file cannot be read (#10818)
    • Fixed parsing of multi-line arrays in funding.yml (#10784)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.59 MB)
    composer.phar.asc(589 bytes)
  • 2.2.14(Jun 6, 2022)

    • Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
    • Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
    • Fixed bin proxies to allow a proxy to include another one safely (#10823)
    • Fixed gitlab-token JSON schema definition (#10800)
    • Fixed openssl 3.x version parsing as it is now semver compliant
    • Fixed type error when a json file cannot be read (#10818)
    • Fixed parsing of multi-line arrays in funding.yml (#10784)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.26 MB)
    composer.phar.asc(589 bytes)
  • 2.3.6(Jun 1, 2022)

    • Added Composer\PHPStan\ConfigReturnTypeExtension to improve return types of Config::get() which you can also use in plugins CI (#10635)
    • Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
    • Fixed unnecessary HTTP request in BitbucketDriver (#10729)
    • Fixed invalid credentials loop when setting up GitLab token (#10748)
    • Fixed PHP 8.2 deprecations (#10766)
    • Fixed lock file changes being output even when the lock file creation is disabled
    • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763)
    • Fixed quoting of commas on Windows (#10775)
    • Fixed issue installing path repos with a disabled symlink function (#10786)
    • Fixed various type errors (#10753, #10739, #10751)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.59 MB)
    composer.phar.asc(589 bytes)
  • 2.2.13(May 25, 2022)

    • Fixed invalid credentials loop when setting up GitLab token (#10748)
    • Fixed PHP 8.2 deprecations (#10766)
    • Fixed lock file changes being output even when the lock file creation is disabled
    • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763)
    • Fixed quoting of commas on Windows (#10775)
    • Fixed issue installing path repos with a disabled symlink function (#10786)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.26 MB)
    composer.phar.asc(589 bytes)
  • 2.3.5(Apr 13, 2022)

    • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
    • Added warning when downloading a file with verify_peer[_name] disabled (#10722)
    • Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
    • Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
    • Fixed validate command checking the lock file even if the lock option is disabled (#10723)
    • Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.57 MB)
    composer.phar.asc(589 bytes)
  • 2.2.12(Apr 13, 2022)

    • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
    • Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
    • Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
    • Fixed validate command checking the lock file even if the lock option is disabled (#10723)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.25 MB)
    composer.phar.asc(589 bytes)
  • 1.10.26(Apr 13, 2022)

  • 2.3.4(Apr 7, 2022)

    • Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions (#10714)
    • Fixed run-script --list flag regression (#10710)
    • Fixed curl downloader handling of DNS resolution failures to do an automatic retry (#10716)
    • Fixed script handling of external commands not setting the Path env correctly on windows (#10700)
    • Fixed various type errors (#10694, #10696, #10702, #10712, #10703)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.57 MB)
    composer.phar.asc(589 bytes)
  • 2.3.3(Apr 1, 2022)

    • Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
    • Added missing config.bitbucket-oauth in composer-schema.json
    • Fixed type errors in SvnDriver (#10681)
    • Fixed --version output to match the pre-2.3 one (#10684)
    • Fixed config/auth.json files not being validated against the composer-schema.json (#10685)
    • Fixed generation of autoload crashing if a package has a broken path (#10688)
    • Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687)
    • Updated semver, jsonlint deps for minor fixes
    • Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.56 MB)
    composer.phar.asc(589 bytes)
  • 2.2.11(Apr 1, 2022)

    • Added missing config.bitbucket-oauth in composer-schema.json
    • Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
    • Updated semver, jsonlint deps for minor fixes
    • Fixed generation of autoload crashing if a package has a broken path (#10688)
    • Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.25 MB)
    composer.phar.asc(589 bytes)
  • 2.3.2(Mar 30, 2022)

  • 2.3.1(Mar 30, 2022)

  • 2.3.0(Mar 30, 2022)

    Read the Composer 2.3 Release Announcement for more details on the release highlights.

    Complete Changelog

    • BC Break: the minimum PHP version is now 7.2.5+, use the Composer 2.2 LTS if you are stuck with an older PHP (#10343)
    • BC Break: added native parameter & return types to many internal APIs, we explicitly left the most extended/implemented symbols untouched but if this causes problems nonetheless please report it ASAP (#10547, #10561)
    • BC Break: added visibility to all constants, a few internal ones have been made private/protected, if this causes problems please report it ASAP (#10550)
    • BC Break: the minimum supported Symfony components version is now 5.4, this only affects you if you are requiring composer/composer directly however, which is generally frowned upon
    • Bumped composer-plugin-api to 2.3.0
    • Bumped bundled Symfony components from 2.8 to 5.4 🥳
    • Added declare(strict_types=1) to all the classes, which for sure could cause regressions in edge cases, please report with stack traces (#10567)
    • Added --patch-only to the outdated command to only show updates to patch versions and ignore new major/minor versions (#10589)
    • Added clickable links to various commands for terminals which support it (#10430)
    • Added ProcessExecutor ability to receive commands as arrays by (internals/plugin change only) (#10435)
    • Added abandoned flag to show/outdated commands JSON-formatted output (#10485)
    • Added config.reference option to path repositories to configure the way the reference is generated, and possibly reduce composer.lock conflicts (#10488)
    • Added automatic removal of allow-plugins rules when removing a plugin via the remove command (#10615)
    • Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS env vars to configure the equivalent flags (#10616)
    • Added support for Symfony 6.0 components
    • Added support for psr/log 3.x (#10454)
    • Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
    • Performance improvement in pool optimization step (#10585)
    • Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.56 MB)
    composer.phar.asc(589 bytes)
  • 2.2.10(Mar 29, 2022)

  • 2.3.0-RC2(Mar 20, 2022)

    • Fixed invalid return value in ComposerRepository::findPackage (#10622)
    • Fixed many show command issues due to a flipped condition (#10623)
    • Fixed phpversion() handling when it returns false due to an extension defining no version (#10631)
    • Fixed remove command failing when no allow-plugin is defined in config (#10629)
    • Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632)
    Source code(tar.gz)
    Source code(zip)
    composer.phar(2.56 MB)
    composer.phar.asc(589 bytes)
💎 Flexible, compiled and full-featured Dependency Injection Container with perfectly usable autowiring and support for all new PHP 7 features.

Nette Dependency Injection (DI) Introduction Purpose of the Dependecy Injection (DI) is to free classes from the responsibility for obtaining objects

Nette Foundation 781 Dec 15, 2022
PSR-11 compatible Dependency Injection Container for PHP.

bitexpert/disco This package provides a PSR-11 compatible, annotation-based dependency injection container. Have a look at the disco-demos project to

bitExpert AG 137 Sep 29, 2022
🚀 PHP Service Container with fast and cachable dependency injection.

ClanCats Container A PHP Service Container featuring a simple meta-language with fast and compilable dependency injection. Requires PHP >= 7.0 Pros: M

ClanCats 28 Apr 13, 2022
Twittee is the smallest, and still useful, Dependency Injection Container in PHP

What is Twittee? Twittee is the smallest, and still useful, Dependency Injection Container in PHP; it is also probably one of the first public softwar

null 133 Dec 5, 2022
The dependency injection container for humans

layout home PHP-DI is a dependency injection container meant to be practical, powerful, and framework-agnostic. Read more on the website: php-di.org G

null 2.4k Jan 4, 2023
IoC Dependency Injector

auryn auryn is a recursive dependency injector. Use auryn to bootstrap and wire together S.O.L.I.D., object-oriented PHP applications. How It Works Am

Daniel Lowrey 725 Nov 23, 2022
Small but powerful dependency injection container

Container (Dependency Injection) This package is compliant with PSR-1, PSR-2, PSR-4 and PSR-11. If you notice compliance oversights, please send a pat

The League of Extraordinary Packages 779 Dec 30, 2022
Dependency Injection System

Aura.Di A serializable dependency injection container with constructor and setter injection, interface and trait awareness, configuration inheritance,

Aura for PHP 342 Dec 1, 2022
IoC Dependency Injector

auryn auryn is a recursive dependency injector. Use auryn to bootstrap and wire together S.O.L.I.D., object-oriented PHP applications. How It Works Am

Daniel Lowrey 710 Apr 15, 2021
Yii Dependency Injection PSR-11 compatible

Yii Dependency Injection PSR-11 compatible dependency injection container that is able to instantiate and configure classes resolving dependencies. Fe

Yii Software 161 Nov 10, 2022
Adapters for PHP framework containers to an interoperable interface

Acclimate - Container Adapters Get Acclimated! Use any third-party dependency injection containers and service locators in your code by adapting them

Acclimate Container 215 Dec 16, 2022
An amazing Rank and Permissions Manager. The best ranks manager for PocketMine-MP.

?? RankSystem ?? An amazing Rank and Permissions Manager Description: An amazing Rank and Permissions Manager. The best ranks manager for PocketMine-M

null 22 Nov 7, 2022
TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application

TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows the creation of multiple users and each user can have its own directory and a build-in support for managing text files with cloud9 IDE and it supports syntax highlighting for over 150+ languages and over 35+ themes.

Prasath Mani 3.5k Jan 7, 2023
flare Manager .flare framework Manager

flare-Manager flare Manager .flare framework Manager Welcome to the flare-Manager install Flare form https://github.com/flare-framework/Flare move ind

Flare framework 1 Aug 14, 2022
Laravel Podcast Manager is a complete podcast manager package for Laravel 5.3+ that enables you to manage RSS feeds for your favorite podcasts and listen to the episodes in a seamless UI.

laravelpodcast | A Laravel podcast manager package - v0.0.8 Introduction Laravel Podcast Manager is a complete podcast manager package for Laravel 5.3

Jeremy Kenedy 22 Nov 4, 2022
CI4-Lic is a software license manager modul for Codeigniter 4, connecting to WordPress license server based on the Software License Manager Plugin.

CI4-Lic CI4-Lic is a software license manager modul for Codeigniter 4, connecting to WordPress license server based on Software License Manager Plugin

George Lewe 1 Jan 15, 2022
Laragon MultiPHP per App + PECL Module + Extension manager + Ini Manager

LMPA Laragon MultiPHP per App This tools allow you to run multiple PHP version per app with Laragon, so you can have multiple site running different p

Gilbert Paquin 8 Oct 10, 2022
Laravel Manager - provides some manager functionality for Laravel

Laravel Manager Laravel Manager was created by, and is maintained by Graham Campbell, and provides some manager functionality for Laravel. Feel free t

Graham Campbell 371 Dec 17, 2022
Laravel Manager provides some manager functionality for Laravel

Laravel Manager Laravel Manager was created by, and is maintained by Graham Campbell, and provides some manager functionality for Laravel. Feel free t

Graham Campbell 371 Jul 11, 2022
A small PHP dependency injection container

Pimple Caution! Pimple is now closed for changes. No new features will be added and no cosmetic changes will be accepted either. The only accepted cha

Silex 2.6k Dec 29, 2022