Beruflich Dokumente
Kultur Dokumente
Source:
https://decodeweb.in/php/php-frameworks/laravel-framework/what-is-dependency-managem
ent-in-laravel/
This idea is not new and Composer is strongly inspired by node's npm
and ruby's bundler.”
Installation of Composer
Composer is available to all major operating systems. On Windows you
should use the Composer Setup file which can be found on the Getting
Started page. For Ubuntu and Mac OSX, follow the below steps:
Back on the track now, You might have come across a file in your project
directory, named as composer.json. Let's check it out once again,
{
"name": "laravel/laravel",
"description": "The Laravel Framework.",
"keywords": ["framework", "laravel"],
"license": "MIT",
"type": "project",
"require": {
"php": ">=7.0.0",
"fideloper/proxy": "~3.3",
"laravel/framework": "5.5.*",
"laravel/tinker": "~1.0",
"php-junior/laravel-video-chat": "^1.0"
},
"require-dev": {
"filp/whoops": "~2.0",
"fzaninotto/faker": "~1.4",
"mockery/mockery": "~1.0",
"phpunit/phpunit": "~6.0"
},
"autoload": {
"classmap": [
"database/seeds",
"database/factories"
],
"psr-4": {
"App\\": "app/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": [
]
}
},
"scripts": {
"post-root-package-install": [
"@php -r \"file_exists('.env') ||
copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate"
],
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDum
p",
"@php artisan package:discover"
]
},
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true
}
}
This is a typical composer.json file, composer uses this file and another
file called composer.lock, I will be coming to this also later on in this
post only, do not worry :)
require
Require section tells composer to include the mentioned packages
which are indispensable for the project to run on production i.e.
whole application is dependent on these packages.
"require": {
"php": ">=7.0.0",
"fideloper/proxy": "~3.3",
"laravel/framework": "5.5.*",
"laravel/tinker": "~1.0",
"php-junior/laravel-video-chat": "^1.0"
},
For instance, here project has vital dependency on PHP7+, laravel
framework 5.5, tinker etc.
require-dev
Moreover, the require-dev packages are packages that aren't necessary
for your project to work and shouldn't be included in the production
version of your project.
"require-dev": {
"filp/whoops": "~2.0",
"fzaninotto/faker": "~1.4",
"mockery/mockery": "~1.0",
"phpunit/phpunit": "~6.0"
},
Typically, these are packages such as phpunit/phpunit that you would
only use during development.
If you want to dig more into it, you can find all the dependencies or in
general, packages and their sub-packages mentioned in composer.json
file in vendor directory of your Laravel project. T
hat is why we need
composer dependency manager in Laravel.
How to install packages using Composer in Laravel ?
Suppose, you need to install a package called dump-server, that collects
all your dump call outputs, so that it does not interfere with HTTP / API
responses.
"require-dev": {
. . .
composer update
composer update
"mockery/mockery": "0.9.*",
and you have actually installed the 0.9.1 version of the package, running
composer update will cause an upgrade of this package (for example to
0.9.2, if it's already been released)
1. Read composer.json
2. Remove installed packages that are no more required in
composer.json
3. Check the availability of the latest versions of your required
packages
4. Install the latest versions of your packages
5. Update composer.lock to store the installed packages version
6. composer install
composer install
composer install will not update anything; it will just install all the
dependencies as specified in the composer.lock file
{
"_readme": [
"This file locks the dependencies of your project
to a known state",
"Read more about it at
https://getcomposer.org/doc/01-basic-usage.md#composer-lo
ck-the-lock-file",
"This file is @generated automatically"
],
"hash": "06e85b1eef2fa596fec9c70d523e6837",
"content-hash": "4352b38d9919370c89977a1fb30cdfd9",
"packages": [
{
"name": "aws/aws-sdk-php",
"version": "3.94.1",
"source": {
"type": "git",
"url":
"https://github.com/aws/aws-sdk-php.git",
"reference":
"759a55324d...ee783de541ce65bddd46"
},
. . .
}
You see that massive string with key as reference ? that is the actual
commit version that was put in once composer followed the directions in
your composer.json file. It additionally keeps track of all the versions of
your dependencies' dependencies. Even your dependencies'
dependencies and so on. Well, I hope you have got my point. Your entire
application dependency hierarchy can have their versions 'locked' in
your composer.lock file.
Foremost, You should commit this file so that the packages you are
using are exactly of same versions as your team pull your code locally.
Conclusion
Laravel is itself a package of packages, hence to develop our projects
smoothly among the team members dependency management becomes
a must and composer does its work under the hood, silently but
efficiently.