If we try to look at tools that change the PHP environment and community, for sure we will find there the Composer. It’s the tool that allows us to manage dependencies in our projects. We don’t have to download zip files and store vendors in our repositories. We got two files (composer.json and composer.lock), which describe what is needed to run our software and the Composer manages fetching and installing dependencies for us.

When I look at my experience with the Composer, I use it every day. But, my using it usually finish to use composer require or composer update. If you are not familiar with the Composer, the first command allows you to add a (dev)dependency to your project, the second one allows you to update a dependency when maintainers release the newest version of their library.

As you can imagine, the Composer has much more possibilities than that two commands. I’m here to describe part of them. The most important from my point of view.

If you are looking for instruction, how to install Composer on MacOs, check linked article.



    'scripts' : {
    // ... here

The Composer allows us to custom our project in a different way during different stages of installing dependencies. From my point of view (a person who creates software, but not libraries) the most useful are pre-install-cmd and post-install-cmd. The names are meaningful, first allows us to declare scripts that are run before installing dependencies, second one after dependencies are installed.

It’s perfect place to clear cache, prepare assets for our website, perform checks health status, inform service mesh that microservice is ready (or isn’t). Everything that is needed to run our project, just right after a process of installation has been done.


Once we installed some dependencies there maintainer still develop new features, our fix some security issues. Probably you don’t want to follow information every day about all the libraries that are used in your project. This is a place where composer outdated comes. It shows you all dependencies, that are outdated (newest version is available).

$ composer outdated
symfony/browser-kit                v4.3.7  v5.0.5  Symfony BrowserKit Component
symfony/cache                      v4.3.7  v5.0.5  Symfony Cache component with PSR-6, PSR-16, and tags
symfony/cache-contracts            v1.1.7  v2.0.1  Generic abstractions related to caching
symfony/config                     v4.3.7  v5.0.5  Symfony Config Component
symfony/console                    v4.3.7  v5.0.5  Symfony Console Component

I strictly recommend using it during a Continuous Integration process, especially with flags --strict. Which finish executing command with exit-code 1 (which means fail) when any package is outdated.

It’s worth to take a look at flag --direct (-D) if we don’t have a possibility to resolve outdated dependencies of other dependencies. With this flag, the Composer will analyze only our dependencies from composer.json.

Why and why-not

A project grows, and there are more and more dependencies. Some day you will take a look at ./vendor and you will be surprised what is inside. composer why library-name tells you why the dependency is installed.

$ composer why symfony/routing
symfony/framework-bundle  v4.3.7  requires  symfony/routing (^4.3)

On another side, you want to update some dependency and you have got a message that it’s not possible. Then you can use composer why-not library-name:X.X.X and you will know which dependency didn’t allow you to upgrade another dependency.

Composer and Memory Limit

I’m a person who has the Composer installed globally, so from a command line I use just composer. On another side of a stick are people, who use it a way similar to this php composer.phar.

The first method is shorter, the second one gave you more possibilities since you can pass an extra parameter to php. One of the most useful is -dmemory_limit=-1 when we want to turn off the limitation of memory.

When you use the first method, it’s not possible and this is why the Composer gives us COMPOSER_MEMORY_LIMIT. We have possibility to change PHP’s memory_limit property using it that way: COMPOSER_MEMORY_LIMIT=-1 composer install