Lesson 46 โข Advanced
Composer Packages ๐ฆ
Create reusable PHP libraries, configure PSR-4 autoloading, understand semantic versioning, and publish packages to Packagist.
What You'll Learn in This Lesson
- โข Structure a Composer package with PSR-4 autoloading
- โข Write a proper composer.json with dependencies
- โข Understand semantic versioning (SemVer) and constraints
- โข Publish to Packagist and set up auto-updates
- โข Know when to commit composer.lock (apps vs libraries)
composer require), and they arrive ready to snap into your project. Publishing a package is like adding your own custom brick to the catalog for others to use.Building a Package
A Composer package is a directory with a composer.json file, PSR-4 autoloaded source code in src/, and tests in tests/. The namespace maps to the directory structure: Acme\Validator\Rules\Email lives at src/Rules/Email.php.
Try It: Package Structure
Generate composer.json and explore the directory layout
// Building & Publishing Composer Packages
console.log("=== What is Composer? ===");
console.log();
console.log(" Composer is PHP's package manager (like npm for Node.js).");
console.log(" Packagist.org is the default package registry.");
console.log();
console.log(" Key commands:");
console.log(" composer init โ Create a new package");
console.log(" composer require X โ Install a dependency");
console.log(" composer install โ Install from composer.lock");
console.log("
...Versioning & Publishing
Semantic versioning tells users what to expect: patch (1.0.1) for bug fixes, minor (1.1.0) for new features, major (2.0.0) for breaking changes. The caret constraint (^1.2) is most common โ it allows updates within the same major version.
Try It: SemVer & Publishing
Understand version constraints and the Packagist publishing workflow
// Semantic Versioning & Publishing
console.log("=== Semantic Versioning (SemVer) ===");
console.log();
console.log(" MAJOR.MINOR.PATCH");
console.log(" 1.0.0 โ Initial release");
console.log(" 1.0.1 โ Bug fix (backward compatible)");
console.log(" 1.1.0 โ New feature (backward compatible)");
console.log(" 2.0.0 โ Breaking change (NOT backward compatible)");
console.log();
// Demonstrate version constraints
let constraints = [
{ constraint: "^1.2.3", meaning: ">=1.2.3 and
...โ ๏ธ Common Mistakes
vendor/ directory to git. It's generated by composer install and can be hundreds of MB.composer outdated to see which dependencies have newer versions, and composer audit to check for security vulnerabilities.๐ Quick Reference โ Composer
| Command | Purpose |
|---|---|
| composer init | Create a new composer.json interactively |
| composer require | Add and install a dependency |
| composer update | Update dependencies to latest allowed |
| composer audit | Check for known security vulnerabilities |
| PSR-4 | Autoloading standard: namespace โ directory |
๐ Lesson Complete!
You can now build and publish packages! Next, learn to deploy PHP apps with Nginx, PHP-FPM, and Docker.
Sign up for free to track which lessons you've completed and get learning reminders.