PHP Classes

What is Laravel Dependency Management?

Recommend this page to a friend!
  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog What is Laravel Depen...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  

Author:

Viewers: 1,941

Last month viewers: 32

Categories: PHP Tutorials, PHP community

As many of us know, Laravel is a popular framework used for developing PHP applications.

Laravel is itself a package of packages, hence to develop our projects smoothly among the team members, dependency management is a must and composer does its work under the hood, silently but efficiently.

Read this article to learn how dependency management works in Laravel, so you can also take good advantage of it.




Loaded Article

In this Article Below You Can Read About:

What Are Dependencies?

Composer as Dependency Manager

Installation of Composer

A Brief Introduction to the composer.json File Format

How to Install Packages using Composer in Laravel ?

Why You Should use the composer update Command Instead of composer install ?

When You Should Use the composer install and When You Should use the composer update ?

The Importance of the composer.lock File When Using git

Conclusion

What Are Dependencies?

Dependencies are packages or third-party modules or plugins that are required for your project to run.

For instance, PHPUnit is an easy to integrate, standalone testing framework. So if your application needs unit testing and you use PHPUnit, that package becomes a dependency of your project.

Dependency management solves these problems of packages that rely on others by automating installation of your projects in and standardized way.

Managing your dependencies manually in any programming language is a huge pain. This is often why in most programming languages in use these days, you may notice that they have some implementation of a dependency management system or general package manager.

In JavaScript we use NPM, i.e. the Node Package Manager. For backend, Composer is a very popular dependency manager.

Composer as Dependency Manager

composer dependency manager official logo

According to getcomposer.org's site official definition of Composer,

'Composer is not a package manager in the same sense as Yum or Apt are. Yes, it deals with 'packages' or libraries, but it manages them on a per-project basis, installing them in a directory (e.g. vendor) inside your project.

By default it does not install anything globally. Thus, it is a dependency manager. It does however support a "global" project for convenience via the global command.

This idea is not new and Composer is strongly inspired by node's npm and ruby's bundler.'

Installation of Composer

For those not familiar with Composer, this package is available to all major operating systems. On Windows you should use the Composer Setup file which can be found on the Getting Started page. For Ubuntu and Mac OSX, follow the below steps:

Step 1: Go to your project directory, run command:

curl -sS https://getcomposer.org/installer | php

You will get composer.phar file in you project directory.

Step 2: Install Composer globally

I prefer Composer to be accessible globally, so that I can run it from anywhere in my system, thus, to install Composer globally run this command with superuser privilege:

sudo mv composer.phar /usr/local/bin/composer

Step 3: Check Composer installation

Type in terminal: composer

If you see something like below then consider a successful installation of Composer dependency manager.

composer dependency manager successful installation.

A Brief Introduction to the composer.json File Format

As you know Laravel is a package of packages, means, Laravel is built of many packages altogether in a beautiful way that newbie developers forget about its working mechanism completely and perceive Laravel as a standalone application which is used for development of web applications and services, but this is not completely true because Laravel is dependent on various third party packages.

Back on the track now, you might have come across a file in your project directory, named as composer.json. Let's check it out once again:

{
"name": "laravel/laravel",
"description": "The Laravel Framework.",
"keywords": ["framework", "laravel"],
"license": "MIT",
"type": "project",
"require": {
"php": ">=7.0.0",
"fideloper/proxy": "~3.3",
"laravel/framework": "5.5.*",
"laravel/tinker": "~1.0",
"php-junior/laravel-video-chat": "^1.0"
},
"require-dev": {
"filp/whoops": "~2.0",
"fzaninotto/faker": "~1.4",
"mockery/mockery": "~1.0",
"phpunit/phpunit": "~6.0"
},
"autoload": {
"classmap": [
"database/seeds",
"database/factories"
],
"psr-4": {
"App\\": "app/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": [
]
}
},
"scripts": {
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate"
],
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover"
]
},
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true
}
}

This is a typical composer.json file. composer uses this file and another file called composer.lock. I will explain about this also later on in this post only, do not worry.

What I am going to show here is the key sections of composer.json file.

require

The require section tells composer to include the mentioned packages which are indispensable for the project to run on production i.e. whole application is dependent on these packages.

"require": {
"php": ">=7.0.0",
"fideloper/proxy": "~3.3",
"laravel/framework": "5.5.*",
"laravel/tinker": "~1.0",
"php-junior/laravel-video-chat": "^1.0"
},

For instance, here project has vital dependency on PHP7+, laravel framework 5.5, tinker etc.

require-dev

The require-dev section lists packages that aren't essencial for your project to work and shouldn't be included in the production version of your project.

"require-dev": {
"filp/whoops": "~2.0",
"fzaninotto/faker": "~1.4",
"mockery/mockery": "~1.0",
"phpunit/phpunit": "~6.0"
},

Typically, these are packages such as phpunit/phpunit that you would only use during development.

If you want to dig more into it, you can find all the dependencies or in general, packages and their sub-packages mentioned in composer.json file in vendor directory of your Laravel project. That is why we need composer dependency manager in Laravel.

vendor directory in Laravel

How to Install Packages using Composer in Laravel ?

Suppose, you need to install a package called dump-server, that collects all your dump call outputs, so that it does not interfere with HTTP / API responses.

Laravel dump server package on GitHub

You can install the package via composer:

composer require --dev beyondcode/laravel-dump-server

Or just add an entry in require-dev section of composer.lock, like below

"require-dev": {
. . .
"beyondcode/laravel-dump-server": "^1.2", //see the stable version in above image it is v1.2.2
},

Then run below command in terminal

composer update

Why You Should use the composer update Command Instead of composer install ?

Why composer update?

The composer update command will update your dependencies as they are specified in composer.json. For example, if you require this package as a dependency:

"mockery/mockery": "0.9.*",

and you have actually installed the 0.9.1 version of the package, running composer update will cause an upgrade of this package (for example to 0.9.2, if it's already been released)

In sum the composer update command will:

  1. Read composer.json
  2. Remove installed packages that are no more required in composer.json
  3. Check the availability of the latest versions of your required packages
  4. Install the latest versions of your packages
  5. Update composer.lock to store the installed packages version
  6. composer install

Why composer install ?

The command composer install will not update anything. It will just install all the dependencies as specified in the composer.lock file

In detail composer install will do:

  1. Check if composer.lock file exists (if not, run composer-update and create it)
  2. Read composer.lock file
  3. Install the packages specified in the composer.lock file

When You Should Use the composer install and When You Should use the composer update ?

composer update is mostly used in the 'development phase', to upgrade our project packages according to what we have specified in the composer.json file.

composer install is primarily used in the 'deployment phase' to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.lock file created by composer update.

The Importance of the composer.lock File When Using git

While your composer.json file describes the dependency packages that Composer should install, the composer.lock file is an exact record of the dependency packages versions that have been installed.

See the below example:

{
 "_readme": [
  "This file locks the dependencies of your project to a known state",
  "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
  "This file is @generated automatically"
 ],
 "hash": "06e85b1eef2fa596fec9c70d523e6837",
 "content-hash": "4352b38d9919370c89977a1fb30cdfd9",
 "packages": [
  {
   "name": "aws/aws-sdk-php",
   "version": "3.94.1",
   "source": {
   "type": "git",
   "url": "https://github.com/aws/aws-sdk-php.git",
   "reference": "759a55324d...ee783de541ce65bddd46"
  },
  //. . .
}

Did you notice that long string with key as reference? That is the actual commit version that was put in once composer followed the definitions in your composer.json file.

Additionally it keeps track of all the versions of your dependencies' dependencies. Even your dependencies' dependencies and so on.

Well, I hope you have got my point. Your entire application dependency hierarchy can have their versions 'locked' in your composer.lock file.

Foremost, you should commit this file so that the packages you are using are exactly of same versions as your team pull your code locally.

Conclusion

Laravel is itself a package of packages, hence to develop our projects smoothly among the team members, dependency management becomes a must and composer does its work under the hood, silently but efficiently.

Decode Web » What does a code say about ?

This article was originally published by myself Dinesh Suthar at my site DecodeWeb.




You need to be a registered user or login to post a comment

1,616,107 PHP developers registered to the PHP Classes site.
Be One of Us!

Login Immediately with your account on:



Comments:

No comments were submitted yet.



  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog What is Laravel Depen...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)