Question posted in 
According to docs, composer install (composer update too, since it includes install script), among other things, downloads the requirements and puts these packages inside the vendor directory: https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies :
It then implicitly runs the install command. This will download the dependencies’ files into the vendor directory in your project.
What the docs don’t say is: we often write the following in composer.JSON…
"require": {
"php": "^8.0",
… so if we try to apply what the docs say, it means that Composer would download the PHP interpretor (a package available in Packagist for example) and put it inside the vendor directory, when we run either composer install or composer update. What is the interest of putting a PHP interpretor inside a site’s folder (here, vendor)?
But we know it doesn’t do that. It won’t download any PHP interpretor. It won’t obviously put it inside the vendor directory. Instead, it will just check the server’s PHP interpretor’s version and returns a fatal error or something else if this version doesn’t match the requirement‘s version.
So does it mean that in the Composer’s install and update scripts, there is an exception made for PHP when treating the require‘s lines in the composer.JSON file?
3
Answers
All lines in
requiresection ofcomposer.JSONare not packages available on a repository like Packagist: indeed, we can put some "virtual packages" inside thisrequiresection (https://getcomposer.org/doc/01-basic-usage.md#platform-packages).phpis one of these virtual packages. So Composer treat the following line...... as a virtual package (other name: "plateform package"), and not a package that could be put in
vendor.Then, if we extend a little the following definition of
require...(https://getcomposer.org/doc/04-schema.md#require)
..., then we can say that "if server's PHP interpretor's version doesn't meet the requirements versions, then Composer will raise a fatal error or something like that.
**Conclusion: being seen as a "virtual/plateform package" by Composer,
phpwon't be installed (put) invendordirectory. It will just make Composer to check if server PHP version matches or not the requirements (if not, an error will be raised). This behavior is different than for other packages that would be, them, downloaded from for example Packagist and installed (put) insidevendordirectory. **In composer there’s a special exception for require php, it only checks if your system’s PHP version meets the requirement.
It’s in the composer website under Package links: https://getcomposer.org/doc/04-schema.md#package-links.
Its not literally written though, its quite hard to find in the composer documentation.
If your
requirecontains something like withthis does not mean: Install PHP or the JSON extension through Composer, but require that PHP and that extension in the given versions are already installed. That’s what the documentation at https://getcomposer.org/doc/04-schema.md#package-links tells you:
A regular expression that matches all such platform requirements can be found at https://github.com/composer/composer/blob/9ba042ded8b26230d33ebceb692bf29111d51ba4/src/Composer/Repository/PlatformRepository.php#L34 – currently, it contains:
…which matches:
ext-jsonorlib-bz2