How to update composer.lock without changing any packages
Joel Clermont shares a nice composer knowledge nugget.
Read more [masteringlaravel.io]
Posts tagged with composer
CPX - Composer Package Executor
– cpx.dev - submitted by Liam Hammett
Run Composer packages, effortlessly. No need to install tools into your app or as global dependencies.
Read more [cpx.dev]
Join thousands of developers
Every two weeks, I share practical tips, tutorials, and behind-the-scenes insights from maintaining 300+ open source packages.
No spam. Unsubscribe anytime. You can also follow me on X.
Laravel Advanced: Lesser-Known, Yet Useful Composer Commands
– backpackforlaravel.com - submitted by Karan Datwani
Five Lesser-Known But Useful Composer Commands.
Read more [backpackforlaravel.com]
Disabling Composer's default timeout inside of scripts
– ryangjchandler.co.uk - submitted by Ryan Chandler
Composer's 30 second execution timeout can get in the way of long-running processes executed from a script. This is how you disable it.
Read more [ryangjchandler.co.uk]
Packagist.org maintainer account takeover
Scary stuff, but handled very well by the Packagist team.
Read more [blog.packagist.com]
Disabling Composer's script process timeout
– ryangjchandler.co.uk - submitted by Ryan Chandler
A quick way of disabling Composer's default script process timeout of 300 seconds (5 minutes). Easy to overlook in the docs.
Read more [ryangjchandler.co.uk]
A Composer tool to show unused Composer dependencies
When working in a big repository, you sometimes lose track of your required Composer packages. There may be so many packages you can't be sure if they are actually used or not. This tool can help to determine if you really are using a package.
Read more [github.com]
Composer 2.4 introduces two new commands: `bump` and `audit`
The best dependency manager just got a little bit better.
Read more [php.watch]
New composer audit Command and security audits in Composer 2.4
Composer 2.4 features scanning the installed and new packages for known security vulnerabilities. When a new package is installed, or an existing package is updated, Composer looks up the package version numbers on known security vulnerability announcements, and reports if there are any known vulnerabilities in the list of packages.
Read more [php.watch]
Overriding vendor classes
Ever found yourself wanting to make a small tweak to a PHP file in a Composer dependency? Here's how to do it without forking the entire package.
Read more [downing.tech]
Hosting all your PHP packages together in a monorepo
A monorepo helps manage the complexity of a big codebase. Here's how you can create and manage such a monorepo.
Read more [blog.logrocket.com]
Setting up and securing a private Composer repository
Alex explains how we use Satis to give users of paid Spatie products access to private repos.
Read more [alexvanderbist.com]
Composer Security Hardening
– php.watch - submitted by Ayesh
Security precautions Composer already has, and what you can do to improve them further.
Read more [php.watch]
Using composer patches
When you use software that is open source, you'll sometimes run into issues or small bugs that have already been fixed by the community in a PR or an issue, but have yet to be merged and/or released. If you're impatient and need that fix now, composer patches can be a solution for this problem.
Read more [www.rias.be]
Composer 2.0 has been released
Here are the most important changes and upgrade instructions.
Read more [blog.packagist.com]
GitAttributes for PHP Composer Projects
Here's a good rundown of things you can configure using the .gitattributes file.
Read more [php.watch]
Selling digital products using Laravel part 5: Using Satis to install private packages
Some of our products, like Mailcoach and Media Library Pro, are PHP packages for which people can buy a time-limited license. Of course, we want customers to be able to install our paid packages using Composer. Our paid packages are not registered on Packagist, because Packagist is meant to be used for free packages, and there's no way to handle licenses. Let's take a look at how we can solve this using Satis.
How to Patch a Package in Vendor, Yet Allow its Updates
Tomas Votruba explains how you can create composer patches.
Read more [tomasvotruba.com]
The Laravel package ecosystem
Packages play a big role in the Laravel scene. How big and which packages? Medium user Džuris took the data from the Packagist.org API and filtered out the Laravel packages.
Read more [medium.com]
How to Build and Autoload Your Own PHP Package Locally
Matt Stauffer shows a good workflow for this.
Read more [mattstauffer.com]