skip to Main Content

According to docs, composer install (composer update too, since it includes install script), among other things, downloads the requirements and puts these packages inside the vendor directory: https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies :

It then implicitly runs the install command. This will download the dependencies’ files into the vendor directory in your project.

What the docs don’t say is: we often write the following in composer.JSON

"require": {
    "php": "^8.0",

… so if we try to apply what the docs say, it means that Composer would download the PHP interpretor (a package available in Packagist for example) and put it inside the vendor directory, when we run either composer install or composer update. What is the interest of putting a PHP interpretor inside a site’s folder (here, vendor)?

But we know it doesn’t do that. It won’t download any PHP interpretor. It won’t obviously put it inside the vendor directory. Instead, it will just check the server’s PHP interpretor’s version and returns a fatal error or something else if this version doesn’t match the requirement‘s version.

So does it mean that in the Composer’s install and update scripts, there is an exception made for PHP when treating the require‘s lines in the composer.JSON file?

3

Answers


  1. Chosen as BEST ANSWER

    All lines in require section of composer.JSON are not packages available on a repository like Packagist: indeed, we can put some "virtual packages" inside this require section (https://getcomposer.org/doc/01-basic-usage.md#platform-packages).

    php is one of these virtual packages. So Composer treat the following line...

    "require": {
        "php": "^8.0",
    

    ... as a virtual package (other name: "plateform package"), and not a package that could be put in vendor.

    Then, if we extend a little the following definition of require...

    Map of packages required by this package. The package will not be installed unless those requirements can be met.

    (https://getcomposer.org/doc/04-schema.md#require)

    ..., then we can say that "if server's PHP interpretor's version doesn't meet the requirements versions, then Composer will raise a fatal error or something like that.

    **Conclusion: being seen as a "virtual/plateform package" by Composer, php won't be installed (put) in vendor directory. It will just make Composer to check if server PHP version matches or not the requirements (if not, an error will be raised). This behavior is different than for other packages that would be, them, downloaded from for example Packagist and installed (put) inside vendor directory. **


  2. In composer there’s a special exception for require php, it only checks if your system’s PHP version meets the requirement.

    It’s in the composer website under Package links: https://getcomposer.org/doc/04-schema.md#package-links.

    Its not literally written though, its quite hard to find in the composer documentation.

    Login or Signup to reply.
  3. If your require contains something like with

        "php": "^8.0",
        "ext-json": "*",
    

    this does not mean: Install PHP or the JSON extension through Composer, but require that PHP and that extension in the given versions are already installed. That’s what the documentation at https://getcomposer.org/doc/04-schema.md#package-links tells you:

    require and require-dev also support references to specific PHP versions and PHP extensions your project needs to run successfully.

    A regular expression that matches all such platform requirements can be found at https://github.com/composer/composer/blob/9ba042ded8b26230d33ebceb692bf29111d51ba4/src/Composer/Repository/PlatformRepository.php#L34 – currently, it contains:

    const PLATFORM_PACKAGE_REGEX = '{^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*|composer-(?:plugin|runtime)-api)$}iD';

    …which matches:

    • PHP runtimes in several versions
    • HHVM, a virtual machine that runs a forked version of PHP
    • all kinds of extensions and core libraries, like ext-json or lib-bz2
    • Composer itself, as some packages require special features of Composer v2 which were not available in v1
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search