This workshop will be retired on May 1, 2025.

Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Dependency Management with Composer

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Maintaining Consistent Environments

5:28 with Alena Holligan

Having different versions of packages on different environments can cause issues with the application performing differently, and that can make tracking and fixing bugs next to impossible. Composer gives us another tool, a composer.lock file, that tells composer which version to use.

Download the final project

When updating to a patch version, nothing SHOULD break. But if you're trying to track down bugs, you want to make sure that it's not something introduced in someone else's code.

Reminder

When updating composer dependencies, make sure you commit your composer.lock file to Version Control system. DO NOT commit your vendor folder.

Commands

composer install will look for a composer.lock file first and install the versions specified there. If a lock file does not exist, composer will use the composer.json file to install dependencies.

composer update will update all packages as well as the composer.lock file.

composer show will list all installed packages and their versions

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    We've worked with composer in our local environment 0:00
    to control how external packages fit into our application. 0:03
    This has helped us to add a nice feature set to our application. 0:07
    But we don't want our project to stay in development. 0:11
    Eventually, we likely will deploy this to a production environment and 0:14
    maybe even work with other developers. 0:18
    Composer helps us maintain consistency between environments. 0:21
    Such as my development environment, your development environment, 0:25
    QA production and anywhere else we may want to use this code. 0:29
    A version control system or VCS such as get allows us to keep a backup and 0:34
    history of changes to our code. 0:40
    By making the VCS available outside our local environment 0:42
    we can share that code wherever we want. 0:46
    From there, we can push it to production or QA servers. 0:49
    And even allow other developers to download our work. 0:53
    Since composer can install the packages we're using wherever we need them and 0:56
    since those packages are already maintained in their own VCS, 1:01
    we don't need to include anything from our vendor folder in our VCS. 1:06
    You can even use the Get Ignore command to tell get to ignore that folder completely. 1:11
    Check the notes associated with this video for more information on Get. 1:17
    This is great so far but it poses another problem, if I use a composer .JSON file 1:22
    to install packages on one machine in March and use that same 1:28
    composer.json file to install packages on a second machine in June. 1:33
    If any of those packages have received bug fixes, 1:39
    the packages on these 2 machines won't match. 1:43
    This can cause issues with the application performing differently 1:47
    in different places. 1:50
    And that can make tracking and fixing bugs next to impossible but 1:52
    don't worry composer gives us another great tool. 1:56
    Along with the composer.json file, we also have a composer.lock file. 2:01
    This tells composer what specific version to use. 2:07
    Let's go back into work spaces and take a look. 2:10
    Composer doesn't know how to read a .lock file. 2:15
    So I'm going to use Vim in the console to take a look at the file. 2:17
    Right at the top, we see a readme that states, 2:31
    this file blocks the dependencies of your project to a known state. 2:34
    Below that we have details about each install dependency 2:39
    including a specific version number. 2:42
    This file is a complete list of all dependencies installed. 2:45
    Even the ones composer installed for 2:49
    us because they were required from another package. 2:52
    To demonstrate how this works, I'm going to change the version of the ckeditor and 2:56
    close this file. 3:01
    Now, let's delete the vendor folder. 3:10
    I'm going to use the command line, so I know when the files have been deleted. 3:13
    [SOUND] This may take a few minutes. 3:16
    So be patient. 3:22
    You may also need to right click and 3:23
    refresh the navigation once this completes. 3:25
    Now I'm ready to run a composer install. 3:39
    Notice the warning. 3:46
    Our lock file is not up to date with the latest changes 3:48
    in the composer .json that's because of our CK editor. 3:50
    It'ss going to download the CK editor 4.4.11. 3:54
    Composer install will look for composer.lock file first and 3:59
    install the version specified there. 4:04
    If a lock file does not exist, 4:06
    composer will use the composer.json file to install dependencies. 4:08
    If I run a composer show. 4:22
    I get a list of all installed packages and their versions 4:27
    If I want to update my packages to the latest version I can run composer update. 4:33
    This will update all packages as well as the composer dot LOC file. 4:43
    Notice that my CKEditor has been updated to the latest version. 4:56
    Composer is an extremely powerful tool that has changed the way people use PHP. 5:02
    Almost every project you work on will involve composer. 5:08
    So, it's a great tool to spend time learning, but the great news 5:11
    is as you're building new projects, you can be learning composer at the same time. 5:15
    Check the notes associated with this video for other courses that utilize composer. 5:20
    And remember, have fun and keep learning. 5:25

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up