I am currently dealing with something with the php composer theme. I have some github projects installed using composer and loaded with the autoload. Now I would like to find in my PHP code the current version number and packagename. How can I do that?
thanks
bjoern
After installing the dependencies, Composer writes the list of the exact versions it installed into a composer.lock file. You can parse composer.lock file to get version numbers and package names for all project's dependencies.
Related
I need to install only 1 package for my SF2 distribution (DoctrineFixtures).
When I run
php composer.phar update
I get
- Updating twig/twig (dev-master 39d94fa => v1.13.0)
The package has modified files:
M CHANGELOG
M doc/filters/batch.test
M doc/filters/index.rst
M doc/filters/url_encode.rst
M doc/functions/index.rst
M doc/tags/index.rst
M doc/tests/index.rst
M lib/Twig/Autoloader.php
M lib/Twig/Compiler.php
M lib/Twig/CompilerInterface.php
-10 more files modified, choose "v" to view the full list
It appears the last developer edited a lot of files inside vendor.
In order to get around this, I tried
php composer.phar update <package_name>
But that doesn't seem to work. How can I update/install only one library from composer.json?
To install doctrine/doctrine-fixtures-bundle with version 2.1.* and minimum stability #dev use this:
composer require doctrine/doctrine-fixtures-bundle:2.1.*#dev
then to update only this single package:
composer update doctrine/doctrine-fixtures-bundle
If you just want to update a few packages and not all, you can list them as such:
php composer.phar update vendor/package:2.* vendor/package2:dev-master
You can also use wildcards to update a bunch of packages at once:
php composer.phar update vendor/*
As commented by #ZeroThe2nd ZSH users may need to wrap their vendor/* in quotation marks:
php composer.phar update "vendor/*"
--prefer-source: Install packages from source when available.
--prefer-dist: Install packages from dist when available.
--ignore-platform-reqs: ignore php, hhvm, lib-* and ext-* requirements and force the installation even if the local machine does not fulfill these. See also the platform config option.
--dry-run: Simulate the command without actually doing anything.
--dev: Install packages listed in require-dev (this is the default behavior).
--no-dev: Skip installing packages listed in require-dev. The autoloader generation skips the autoload-dev rules.
--no-autoloader: Skips autoloader generation.
--no-scripts: Skips execution of scripts defined in composer.json.
--no-plugins: Disables plugins.
--no-progress: Removes the progress display that can mess with some terminals or scripts which don't handle backspace characters.
--optimize-autoloader (-o): Convert PSR-0/4 autoloading to classmap to get a faster autoloader. This is recommended especially for production, but can take a bit of time to run so it is currently not done by default.
--lock: Only updates the lock file hash to suppress warning about the lock file being out of date.
--with-dependencies: Add also all dependencies of whitelisted packages to the whitelist.
--prefer-stable: Prefer stable versions of dependencies.
--prefer-lowest: Prefer lowest versions of dependencies. Useful for testing minimal versions of requirements, generally used with --prefer-stable.
Difference between install, update and require
Assume the following scenario:
composer.json
"parsecsv/php-parsecsv": "0.*"
composer.lock file
"name": "parsecsv/php-parsecsv",
"version": "0.1.4",
Latest release is 1.1.0. The latest 0.* release is 0.3.2
install: composer install parsecsv/php-parsecsv
This will install version 0.1.4 as specified in the lock file
update: composer update parsecsv/php-parsecsv
This will update the package to 0.3.2. The highest version with respect to your composer.json. The entry in composer.lock will be updated.
require: composer require parsecsv/php-parsecsv
This will update or install the newest version 1.1.0. Your composer.lock file and composer.json file will be updated as well.
You can use the following command to update any module with its dependencies
composer update vendor-name/module-name --with-dependencies
You can basically do following one to install new package as well.
php composer.phar require
then terminal will ask you to enter the name of the package for searching.
$ Search for a package []: //Your package name here
Then terminal will ask the version of the package (If you would like to have the latest version just leave it blank)
$ Enter the version constraint to require (or leave blank to use the latest version) []: //your version number here
Then you just press the return key. Terminal will ask for another package, if you dont want to install another one just press the return key and you will be done.
Just use
composer require {package/packagename}
like
composer require phpmailer/phpmailer
if the package is not in the vendor folder.. composer installs it and if the package exists, composer update package to the latest version.
Update:
require install or update the latest package version. if you want update one package just use update.
To ensure that composer update one package already installed to the last version within the version constraints you've set in composer.json remove the package from vendor and then execute :
php composer.phar update vendor/package
Because you wanted to install specific package
"I need to install only 1 package for my SF2 distribution (DoctrineFixtures)."
php composer.phar require package/package-name:package-version
would be enough
I freshly installed a PHP application given with a composer.lock file.
When running composer install, command line tool is still asking for a composer.json.... I don't have.
In composer documentation, it's said that install command first look for a composer.lock and then for a composer.json.
Why composer is still asking for a file it doesn't need to install my dependencies ?
composer install > returns :
Composer could not find a composer.json file
You still need the composer.json file to install or update any dependencies.
Having a composer.lock file means that composer will not search for the latest commits of the dependencies
A few weeks ago on Twitter, I noticed that the OpenCFP project doesn’t have a composer.lock file in it’s repository. “So what,” you might say, “just composer install and away you go. You’ll get the same dependencies, right?”
Wrong.
The point of the lock file is to record the exact versions that are installed so they can be re-installed. This means that if you have a version spec of 1.* and your co-worker runs composer update which installs 1.2.4, and then commits the composer.lock file, when you composer install, you will also get 1.2.4, even if 1.3.0 has been released. This ensures everybody working on the project has the same exact version.
Source: Composer: It's all about Lock File
You must have a composer.json to install dependencies, because it's the file where dependencies theirself are listed. Refer to the documentation.
composer.lock lists dependencies which has already been installed. The composer looks first into it in order to keep versions consistent.
The (documentation states)[https://getcomposer.org/doc/01-basic-usage.md#installing-with-composer-lock]:
running install when a composer.lock file is present resolves and installs all dependencies that you listed in composer.json, but Composer uses the exact versions listed in composer.lock to ensure that the package versions are consistent for everyone working on your project.
If you have lost your composer.json you can reverse engineering your composer.lock. Open it and read all the packages installed, then create a composer.json which requires them. Not every single package will be a direct dependency for your problem: you should identify and remove those which are not.
Does anyone know if Wordpress Roots Bedrock Composer updates the Wordpress version? I have tried composer update but it doesn't update the Wordpress version. Any help will be highly appreciated.
Thanks,
Danish.
Wordpress is treated as a required dependency by composer, so yes. It is updated when you run composer update.
You can check if your composer packages are outdated with: composer outdated (or composer show -l). Each package will be listed showing the desired version (the version number specified in composer.json) and the current released version.
Running composer update, (or composer.phar update) will update each package to your specified version. If you want to update the package to the latest version, but you're unaware of the current version number. You can remove the package, and then add it back in. Composer will add the package to your required dependency list with the latest version.
So I did composer update and now my dependencies updated to the latest version.
I have a copy of my repo locally with the same vendor dependency - how do I find out what exact version this package is so I can update my composer.json to pull the older working version?
Guess the answer is:
composer show -i
I'm trying to understand this part: http://getcomposer.org/doc/02-libraries.md#lock-file
this lock file will not have any effect on other projects that depend on it. It only has an effect on the main project"
Does that mean that if project P depends on library A, and library A depends on library B v1.3, project P won't care about the version of library B, and will possibly install B 1.4 instead? What's the point then?
Or does it mean the opposite, as one would expect from a dependency manager?
composer.lock records the exact versions that are installed. So that you are in the same versions with your co-workers.
composer install
Check for composer.lock file
If not, auto generate composer.lock file (Using composer update)
Install the specified versions recorded in the composer.lock file
composer update
Go through the composer.json file
Check availability of newer (latest) versions, based on the version criteria mentioned (e.g. 1.12.*)
Install the latest possible (according to above) versions
Update composer.lock file with installed versions
So in a simple check list.
If you want to keep all co-workers in the same versions as you...
Commit your composer.lock to GIT (or vcs you have)
Ask others to get the that version of composer.lock file
Always use composer install to get the correct dependencies
If you want to Upgrade the system dependencies to new versions
Check the composer.json file for version specs.
Do a composer update
This will change the composer.lock file with newest versions
Commit it to the GIT (or vcs)
Ask others to get it and composer install
Following will be a very good reading
https://blog.engineyard.com/2014/composer-its-all-about-the-lock-file
Enjoy the power of composer.lock file!
Composer dependencies are defined in composer.json. When running composer install for the first time, or when running composer update a lock file called composer.lock will be created. 1
The quoted documentation refers to the lock file only. If your project P depends on library A and A depends on B v1.3.**, then if A contains a lock file saying someone ran "composer update" resulting in B v1.3.2 being installed, then installing A in your project P might still install 1.3.3, as the composer.json (not .lock!) defined the dependency to be on 1.3..
Lock files always contain exact version numbers, and are useful to communicate the version you tested with to colleagues or when publishing an application. For libraries the dependency information in composer.json is all that matters.
1 composer.lock is created by default as the lock configuration option[ref] is true. Setting the option to false Composer won't create nor read the composer.lock file.
The point of the lock file is to record the exact versions that are installed so they can be re-installed. This means that if you have a version spec of 1.* and your co-worker runs composer update which installs 1.2.4, and then commits the composer.lock file, when you composer install, you will also get 1.2.4, even if 1.3.0 has been released. This ensures everybody working on the project has the same exact version.Read more here Composer: It’s All About the Lock File