Menu
I'm using composer (in Symfony2 projects) and often get errors updating libraries.
Many libraries (most to my experience) use dev-master as version for their dependencies (or worse they use * ).
Whenever something is committed to the master branch you get to update the library, and the chances of an API change are higher as time goes by. What today in master is version 1.2.1 tomorrow could be 1.2.7, with no harm, and become later 1.7 or 2.x with sure incompatibilities.
My questions are
or am I mad?
567
The dev-master branch is one in your main VCS repo. It is rather common that someone will want the latest master dev version. Thus, Composer allows you to alias your dev-master branch to a 1.0.x-dev version.
Composer allows developers to specify project dependencies in a composer. json file and then Composer automatically handles the rest. Composer makes it easier to keep vendor libraries out of your repo, meaning that only application code goes in the git repository.
To start using Composer in your project, all you need is a composer. json file. This file describes the dependencies of your project and may contain other metadata as well. It typically should go in the top-most directory of your project/VCS repository.
The package will not be installed unless those requirements can be met. require-dev (root-only) Lists packages required for developing this package (1), or running tests, etc. The dev requirements of the root package only will be installed if install is run with --dev or if update is run without --no-dev .
You are not mad.
The solution really is education, and I will try to help a bit by pushing for best practices in composer docs. Not everyone has much experience with package management and many people don't realize how problematic this approach can be (until it's too late), so it's everyone's job to help by reminding them.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
