Laravel is a framework, but it's also a PHP package, installable by the composer package manager when you run the command composer create-project laravel/laravel. Let's explore the syntax options and other composer-related topics.
A quick start answering this common question.
When running the composer install command, composer installs every package in the composer.json file list.
The composer require package/name is similar but does 2-in-1. This command installs a package to a project and adds it to a composer.json file required list.
In composer.json, you specify what packages should be installed and with what versions. For example:
{ "require": { laravel/breeze": "^1.19", },}This tells composer to install the larave/breeze package with a version higher than 1.19.
When you run the composer install command, it checks the composer.lock for the exact locked package version, which has been already installed previously, during the previous composer install.
For example:
{ // ... "name": "laravel/breeze", "version": "v1.19.1", "source": { "type": "git", "url": "https://github.com/laravel/breeze.git", "reference": "4bbb1ea3476901c4f5fc706f8d80e4eac31c3afb" }, "dist": { "type": "zip", "url": "https://api.github.com/repos/laravel/breeze/zipball/4bbb1ea3476901c4f5fc706f8d80e4eac31c3afb", "reference": "4bbb1ea3476901c4f5fc706f8d80e4eac31c3afb", "shasum": "" }, // ...}Here, you can see that Laravel Breeze v1.19.1 was installed the last time.
When you run the composer update command, composer checks if there is a newer package, and if there is, it downloads the new package version and updates the composer.lock content with the latest version.
You can see the composer.lock difference for the laravel/breeze package after running composer update, which updated the package version from 1.19.1 to 1.19.2 below:
You can also update only specific packages by providing a package name to the composer update command.
composer update laravel/breezeIn the composer.json, we have require and require-dev.
When you run the composer install command, it installs packages from both sections.
Some packages, like Laravel Debugbar or Laravel Breeze, aren't needed on production servers. They are used only to generate/test something locally. That's why, in production, the --no-dev flag is passed to the composer install command.
To install the package only for dev, pass the --dev flag to a composer require command.
composer require laravel/breeze --devcomposer.json:
{ // ... "require-dev": { "barryvdh/laravel-debugbar": "^3.7", "doctrine/dbal": "^3.4", "fakerphp/faker": "^1.9.1", "filament/upgrade": "^3.0-stable", "laravel/breeze": "^1.11", "laravel/pint": "^1.0", "mockery/mockery": "^1.4.4", "nunomaduro/collision": "^7.2" }, // ...}If you need to use some functions in your project globally, in more than one place, you can create a helpers file where all your functions would go.
Then, composer needs to autoload that file so that those functions would be available in Laravel controllers/models/elsewhere.
composer.json:
{ // ... "autoload": { "psr-4": { "App\\": "app/", "Database\\Factories\\": "database/factories/", "Database\\Seeders\\": "database/seeders/" }, "files": [ "helpers.php" ] }, // ...}Packages can also be installed globally on your computer and used outside of a specific project. One such package is Laravel installer, which allows us to run laravel new XXXXX from wherever in our system.
composer global require laravel/installer laravel new example-appNow, let's see some helpful composer commands.
composer outdated: will display a list of all the outdated packages and their current and latest versions.
composer install --dry-run: will simulate package installation.
composer bump: increases the lower limit of your composer.json requirements to the currently installed versions.This helps to ensure your dependencies do not accidentally get downgraded due to some other conflict and can slightly improve dependency resolution performance as it limits the number of package versions composer has to look at.
{ "require": { "phpunit/phpunit": "^9.4" "phpunit/phpunit": "^9.5.20" }}composer check-platform-reqs: checks that your PHP and extensions versions match the platform requirements of the installed packages.This command verifies that the production server has all the extensions needed to run a project after installing it.
composer show: lists all of the available packages.
When the package name is provided to the composer show command, it gives details of the specific package.
composer depends: shows which other packages depend on the provided package.
composer self-update: updates the composer version.