Review composer

The following tutorial column will take you through composer to review composer. I hope it will be helpful to friends in need!

#Composer is a dependency management tool recommended by the PHP community. Composer is to PHP what npm is to Node. It is almost a necessary skill for modern PHP development. This article briefly reviews related concepts and usage of Composer.

Extensions and packages

The related concepts are frameworks and libraries. For the difference between frameworks and libraries, you can check out this article I wrote before

Extensions and packages They are two very similar concepts. In the PHP world, the two can generally be understood and distinguished in this way: extension and module are equivalent, and are a collection of functions written in C language; package and library are equivalent, and are mainly written in C language. A collection of functions implemented by PHP; extensions are loaded in the form of dynamic link libraries (dll or so), and packages are loaded through require/include. Most of the time, mixing the two will not cause difficulty in understanding.

Common extensions include GD, ZIP, XML, MySQLi, OPCache, etc. Common packages include PHPMailer, PHPOffice, HTMLPurifier, etc.

PEAR and PECL

Before Composer became popular, PEAR and PECL were the two tools (community) better known to PHP developers. PEAR is the abbreviation of PHP Extension and Application Repository, the official website is http://pear.php.net; PECL is the abbreviation of PHP Extension Community Library, the official website is http://pecl. php.net.

The difference between the two can be distinguished by extensions and packages: PECL hosting extensions, the source codes are mostly C files, such as APC, AMPQ, etc.; PEAR hosting packages, functions are implemented in PHP, such as PHP CodeSniffer, HTTP Request, etc. ;PEAR corresponds to the pear command, and PECL corresponds to the pecl command. You can use these two commands to install and manage extensions and packages (pear's build/pickle subcommand can also compile extensions in PECL). The two complement each other, and the official website describes their relationship as sisters.

PECL is a supplement to the official expansion and is still active. Some excellent expansions have the potential to become official expansions. Master Han Tianfeng’s swoole expansion is also hosted in PECL and is very well-known in China. In comparison, PEAR is a thing of the past. The emergence of PEAR2 and Pyrus (the next generation PEAR package installation tool, built based on PHP5.3, official website http://pear2.php.net) has not been able to save PEAR. The decline of PEAR is accompanied by the rise of Composer, the protagonist of this article.

PEAR's positioning is to "provide reusable PHP components" and provide developers with function packages in a centralized manner. The centralized release method ensures the quality of the code, but also brings inconvenience in maintenance: only packages that pass the review can be released, and the package obsolescence phenomenon is serious. The packages installed by PEAR are global, and dependent packages cannot be installed for individual projects. Unprivileged users cannot install dependent packages by themselves. Other disadvantages include poor dependency management. With the popularity of Github and the emergence of Composer, package management has entered the Composer era. PEAR has completed its historical mission and can go with peace of mind.

Composer

Strictly speaking, Composer is positioned as a dependency management tool rather than a package manager. Composer Chinese website introduces the work of Composer as follows:

Composer will solve the problem for you like this:

a) You have a project that depends on several libraries.

b) Some of these libraries depend on other libraries.

c) You declare what you depend on.

d) Composer will figure out which versions of packages need to be installed, and install them (download them into your project).

Composer can do everything PEAR can do (including installing PECL extensions), and some can do it better. Composer installs the package in the project directory by default, and ordinary users can use it normally (Composer officially recommends not to execute composer commands as root); it is encouraged to follow best practices (i.e. the famous PSR specification, for details, see the PHP-FIG official website https:/ /www.php-fig.org), which greatly promotes the standardization of coding style in the PHP community; Composer is a decentralized platform where anyone can publish code packages; there is no need to review the package when publishing it, and the quality of the package is determined by user voting. .As the successor of PEAR, Composer's performance has withstood the test of the community and has become the de facto standard tool for dependency management.

Composer has now formed a huge ecosystem, and in terms of quantity, Composer’s packages far exceed PEAR. Since anyone can publish packages freely without review, packages in the Composer ecosystem may have hidden concerns such as uneven code quality, different code styles, and backdoor vulnerabilities. In addition, Composer's dependency management is based on projects, and the same package may be installed multiple times on a machine. But its flaws outweigh its flaws. Overall, Composer has greatly changed the PHP development ecosystem and promoted code exchange and community development.

Composer usage

Composer is born to manage the dependencies of projects, and the composer.json file in the project is the basis for its work. The most important part of the file is the require section, which tells Composer which packages it expects to install and their versions, for example:

{
    "name": "tlanyan/foo",
    "version": "1.0.0",
    ....
    "require": {
        "php": ">=5.4.0",
        "yiisoft/yii2": ">=2.0.6",
        "yiisoft/yii2-swiftmailer": "*",
        "yiisoft/yii2-redis": ">=2.0.0",
        "smarty/smarty": "< =3.1.25",
        "yiisoft/yii2-smarty": ">=2.0.0",
        "phpoffice/phpexcel": ">=1.8.0",
        "tecnickcom/tcpdf": "~6.2.0"
    },
    ....
}

然后运行composer install命令，Composer会自动分析依赖，安装最合适的包到vendor目录下。加-v(-vv, -vvv)选项会打印命令执行过程中的详细信息。安装完毕后，vendor目录下会生成autoload.php文件。在项目的入口文件中包含此文件： require __DIR__ . "/vendor/autoload.php";，接下来便可在项目的任何地方引用依赖包中的接口和类。

除install命令，Composer提供了许多其他命令管理依赖。常用的命令场景包括：查找依赖、引入依赖、安装依赖、更新依赖。分别对应的命令是：

1. composer search: 根据关键字查找依赖包，例如查找本人发布的包：composer search tlanyan。该命令等同于上https://packagist.org进行包查找；
2. composer require: 引入依赖，声明项目或者全局(global，用户名全局，非系统全局)依赖某个包， 例如声明需要swiftmailer包： composer require [global] "swiftmailer/swiftmailer:dev-master"；该命令更新composer.json文件，并默认立即安装依赖（--no-update选项可阻止默认安装）；效果等同于编辑composer.json文件，然后执行install命令；
3. composer install：安装composer.json声明的依赖包，最终安装的依赖包版本可能取决于有无composer.lock文件；
4. composer update： 更新依赖到最新版本，相当于删除composer.lock文件后执行composer install。

以上四条命令涵盖使用Composer的大部分场景。以下是几个常用的辅助命令，与依赖分析相关：

1. composer info： 查看安装的依赖包信息，与composer show等价；
2. composer dumpautoload： 加-o选项可导出优化的加载器；
3. composer why(-not)： 查看（不）安装某个包的原因。

总结

从拷贝第三方代码到项目中(1994)，到PEAR安装依赖包(1999)，再到Composer兴起(2012)，PHP社区经历了将近20年的探索。PHP这门古老的语言，也在不断的发展更新，在web领域一直发光发热。Composer作为目前PHP包依赖管理的最佳工具，值得每一位PHP开发人员掌握。

The above is the detailed content of Review composer. For more information, please follow other related articles on the PHP Chinese website!