Composer

Composer is one of many Dependency managers. Composer makes it easier to distribute PHP code that relies on other code.

To use Composer in your PHP project, see

• this primer,
• plus Matthieu Moquet's "5 Features About Composer",
• and also this handy-dandy cheatsheet (with mouseovers!)

in MediaWiki[edit]

1. mw:Composer is used in the MediaWiki engine to manage all core libraries and dependencies since version 1.25 (including composer-local.json)

   cd $IP
   cp composer.local.json-sample composer.local.json
   composer update --no-dev --dry-run

2. mw:Composer/For extensions on using Composer to manage extensions
3. mw:Manual:composer.json best practices for how to add Composer support to your extensions (including extension.json and skin.json)
4. Jeroen DeDauw wrote this blog post in 2014 that is probably still not only relevant, but also contains wisdom not addressed in other places (e.g. Extension developers should specify "type": "mediawiki-extension" in their extension's composer.json so that Composer installs your package into the 'extensions' folder instead of the typical 'vendor' folder that is Composer's default.)

With Meza[edit]

MezaLocalExtensions.yml[edit]

If the extension should be installed by Composer, then use a stanza like:

- name: Mermaid
  composer: "mediawiki/mermaid"
  version: ~2.2
  config: |
    wfLoadExtension( 'Mermaid' );
    $mermaidgDefaultTheme = 'neutral';

If the extension source is controlled by git, and you want to have the extension's composer.json file "seen" (merged) by MediaWiki, then simply add the line:

   composer_merge: true

to the 'normal' extension stanza specifying the source.

Install libraries[edit]

In general, if you want to install something into your MediaWiki instance, you can do the following from the '$IP' (Install Path) directory:

# add the library to composer.local.json
COMPOSER=composer.local.json composer require --no-update mwstake/mediawiki-component-events:~4
# install it to 'vendor' without dev requirements and optimize the autoloader
composer update mwstake/mediawiki-component-events --no-dev -o
# check to see that it's installed
composer show |grep mwstake

Check / Overwrite Local Modifications[edit]

If you're using Meza to deploy your MediaWiki platform, you may wonder whether there are local modifications that a new deploy could overwrite.

composer status -v will show you where you have modified any extensions installed by composer.

To overwrite changes, there isn't any 'force' option to composer. In the situation where you would like to overwrite local modifications with an unattended composer (aka --no-interaction) then you should add to composer's configuration (composer.local.json)

    "config": {
        "discard-changes": true
    },

Prefer Source[edit]

Say you installed Semantic Mediawiki with composer require and then when you went to your 'extensions' directory you were because it wasn't a git checkout. You can rectify that by redoing the command, but with the --prefer-source option. nb. You first have to move the existing directory out of the way: mv SemanticMediaWiki unused/ cd ../ composer require --update-no-dev --sort-packages --optimize-autoloader -vvv mediawiki/semantic-media-wiki "~2.4" --prefer-source But, it's still a bit different than you might expect, because Composer leaves you with a detached head owing to the specific version that it checks out (see composer.lock).

Dependency resolution completed in 0.002 seconds
  - Installing mediawiki/semantic-media-wiki (2.4.3)
Executing command (CWD): git --version
    Cloning 6661acdd8c8420a7e07c178aad47590d086c83d6
Executing command (CWD): git clone --no-checkout 'https://github.com/SemanticMediaWiki/SemanticMediaWiki.git' 'extensions/SemanticMediaWiki/' && cd 'extensions/SemanticMediaWiki/' && git remote add composer 'https://github.com/SemanticMediaWiki/SemanticMediaWiki.git' && git fetch composer
Executing command (extensions/SemanticMediaWiki/): git remote set-url --push origin 'git@github.com:SemanticMediaWiki/SemanticMediaWiki.git'
Executing command (extensions/SemanticMediaWiki/): git branch -r
Executing command (extensions/SemanticMediaWiki/): git checkout '2.4.3' --
Executing command (extensions/SemanticMediaWiki/): git reset --hard '6661acdd8c8420a7e07c178aad47590d086c83d6' --

    REASON: Required by the root package: Install command rule (install mediawiki/semantic-media-wiki 2.4.3|install mediawiki/semantic-media-wiki 2.4.0|install mediawiki/semantic-media-wiki 2.4.1|install mediawiki/semantic-media-wiki 2.4.2|install mediawiki/semantic-media-wiki 2.4.3)

$ git branch
* (detached from 2.4.3)
  master
$ git status
HEAD detached at 2.4.3
nothing to commit, working directory clean

Installation[edit]

Installing it on your own host would look something like this

curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer
echo 'export PATH="$HOME/.composer/vendor/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
# now you can use it to do things like install the latest version of Drush
composer global require drush/drush:dev-master

while installing it on a shared host like WebFaction would be slightly modified

ln -s `which php54` ~/bin/php
curl -sS https://getcomposer.org/installer | php54
mv composer.phar ~/bin/composer
echo -e '\n# Composer\nalias composer="php54 $HOME/composer.phar"' >> ~/.bash_profile
source ~/.bash_profile
which composer
# now you can use it to do things like install the latest version of Drush
composer global require drush/drush:dev-master
drush --version

Semantic Versioning[edit]

Using Composer correctly means that you understand and follow Semantic Versioning

Don't use the "Death Star" version constraint (since it's not a constraint at all).

Don't use explicit references (specific commit hashes). This particular issue is probably the root of all confusion and disdain for Composer as a dependency manager amongst MediaWiki developers.

Commands[edit]

composer --help will show you something like this:

   ______
  / ____/___  ____ ___  ____  ____  ________  _____
 / /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
                    /_/
Composer version 2.8.4 2024-12-11 11:57:47

Usage:
  command [options] [arguments]

Options:
  -h, --help                     Display help for the given command. When no command is given display help for the list command
  -q, --quiet                    Do not output any message
  -V, --version                  Display this application version
      --ansi|--no-ansi           Force (or disable --no-ansi) ANSI output
  -n, --no-interaction           Do not ask any interactive question
      --profile                  Display timing and memory usage information
      --no-plugins               Whether to disable plugins.
      --no-scripts               Skips the execution of all scripts defined in composer.json file.
  -d, --working-dir=WORKING-DIR  If specified, use the given directory as working directory.
      --no-cache                 Prevent use of the cache
  -v|vv|vvv, --verbose           Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:
  about                Shows a short information about Composer
  archive              Creates an archive of this composer package
  audit                Checks for security vulnerability advisories for installed packages
  browse               [home] Opens the package's repository URL or homepage in your browser
  bump                 Increases the lower limit of your composer.json requirements to the currently installed versions
  check-platform-reqs  Check that platform requirements are satisfied
  clear-cache          [clearcache|cc] Clears composer's internal package cache
  completion           Dump the shell completion script
  config               Sets config options
  create-project       Creates new project from a package into given directory
  depends              [why] Shows which packages cause the given package to be installed
  diagnose             Diagnoses the system to identify common errors
  dump-autoload        [dumpautoload] Dumps the autoloader
  exec                 Executes a vendored binary/script
  fund                 Discover how to help fund the maintenance of your dependencies
  global               Allows running commands in the global composer dir ($COMPOSER_HOME)
  help                 Display help for a command
  init                 Creates a basic composer.json file in current directory
  install              [i] Installs the project dependencies from the composer.lock file if present, or falls back on the composer.json
  licenses             Shows information about licenses of dependencies
  list                 List commands
  outdated             Shows a list of installed packages that have updates available, including their latest version
  prohibits            [why-not] Shows which packages prevent the given package from being installed
  reinstall            Uninstalls and reinstalls the given package names
  remove               [rm|uninstall] Removes a package from the require or require-dev
  require              [r] Adds required packages to your composer.json and installs them
  run-script           [run] Runs the scripts defined in composer.json
  search               Searches for packages
  self-update          [selfupdate] Updates composer.phar to the latest version
  show                 [info] Shows information about packages
  status               Shows a list of locally modified packages
  suggests             Shows package suggestions
  update               [u|upgrade] Updates your dependencies to the latest version according to composer.json, and updates the composer.lock file
  validate             Validates a composer.json and composer.lock

See Also[edit]

Composer/autoloading