Menu
require: These are must packages for the code to run. It defines the actual dependency as well as package version. require_dev: It defines the packages necessary for developing the project and not needed in production environment. Note: The require and require_dev are important parameters available in composer.
According to composer's manual: require-dev (root-only) Lists packages required for developing this package, or running tests, etc. The dev requirements of the root package are installed by default. Both install or update support the --no-dev option that prevents dev dependencies from being installed.
composer update is mostly used in the 'development' phase, to upgrade our project packages. composer install is primarily used in the 'deploying phase' to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.
lock file is present resolves and installs all dependencies that you listed in composer. json , but Composer uses the exact versions listed in composer. lock to ensure that the package versions are consistent for everyone working on your project. As a result you will have all dependencies requested by your composer.
Typically, software will run in different environments:
developmenttestingstagingproductionThe dependencies which are declared in the require section of composer.json are typically dependencies which are required for running an application or a package in
stagingproductionenvironments, whereas the dependencies declared in the require-dev section are typically dependencies which are required in
developingtestingenvironments.
For example, in addition to the packages used for actually running an application, packages might be needed for developing the software, such as:
friendsofphp/php-cs-fixer (to detect and fix coding style issues)squizlabs/php_codesniffer (to detect and fix coding style issues)phpunit/phpunit (to drive the development using tests)Now, in development and testing environments, you would typically run
$ composer install
to install both production and development dependencies.
However, in staging and production environments, you only want to install dependencies which are required for running the application, and as part of the deployment process, you would typically run
$ composer install --no-dev
to install only production dependencies.
In other words, the sections
requirerequire-devindicate to composer which packages should be installed when you run
$ composer install
or
$ composer install --no-dev
That is all.
Note Development dependencies of packages your application or package depend on will never be installed
For reference, see:
According to composer's manual:
require-dev (root-only)
Lists packages required for developing this package, or running tests, etc. The dev requirements of the root package are installed by default. Both
installorupdatesupport the--no-devoption that prevents dev dependencies from being installed.
So running composer install will also download the development dependencies.
The reason is actually quite simple. When contributing to a specific library you may want to run test suites or other develop tools (e.g. symfony). But if you install this library to a project, those development dependencies may not be required: not every project requires a test runner.
From the composer site (it's clear enough)
require#
Lists packages required by this package. The package will not be installed unless those requirements can be met.
require-dev (root-only)#
Lists packages required for developing this package, or running tests, etc. The dev requirements of the root package are installed by default. Both install or update support the --no-dev option that prevents dev dependencies from being installed.
Using require-dev in Composer you can declare the dependencies you need for development/testing the project but don't need in production. When you upload the project to your production server (using git) require-dev part would be ignored.
Also check this answer posted by the author and this post as well.
require section This section contains the packages/dependencies which are better candidates to be installed/required in the production environment.
require-dev section: This section contains the packages/dependencies which can be used by the developer to test her code (or to experiment on her local machine and she doesn't want these packages to be installed on the production environment).
General rule is that you want packages from require-dev section only in development (dev) environments, for example local environment.
Packages in require-dev section are packages which help you debug app, run tests etc.
At staging and production environment you probably want only packages from require section.
But anyway you can run composer install --no-dev and composer update --no-dev on any environment, command will install only packages from required section not from require-dev, but probably you want to run this only at staging and production environments not on local.
Theoretically you can put all packages in require section and nothing will happened, but you don't want developing packages at production environment because of the following reasons :
Some good candidates for require-dev are :
"filp/whoops": "^2.0",
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^2.0",
"phpunit/phpunit": "^7.0"
you can see what above packages are doing and you will see why you don't need them on production.
See more here : https://getcomposer.org/doc/04-schema.md
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With