[FIXED] How does the "composer" package manager work?

Issue

I am trying to install "Krumo"

It says there are two ways to install, I tried the first one (download the PHP file and include it into my project) and it worked fine.

Now I am trying the second way (using composer).

Bunch of questions emerge at the second I see it.

• Where to run this command?
• Is it equivalent to downloading the "class.krumo.php" file and other skin files to the current folder?
• Do I still need to include the file in my PHP?
• Or, maybe through running this command, krumo becomes a built-in function of PHP on my machine (so I can use it "out-of-box" on any PHP file)?

I managed to find that this install command doesn't actually work (probably outdated), and found out that I had to run composer require kktsvetkov/krumo. I did so and got this:

It seems to me it is finally installed. Under the folder there are only two files added "composer.lock" and "composer.json", the class.krumo.php file is nowhere to be found, and of course calling krumo() in a test PHP file throws the error call to undefined function krumo.

I need a big picture of how composer packages work.

Solution

First, you need to understand what composer is. It's a "dependency manager". So it manages your application dependencies, basically the libraries your application needs to work.

It does so recursively. So if your application requires NiceDependency to work, and NiceDependency in turn requires AnotherNicePackage, it installs both. It deals also with conflict resolution (when one of your dependencies requires something that's not compatible with something that another of your dependencies require).

The file where your dependencies are declared is composer.json.

So when you run composer require [some-vendor/some-package], a few things happen behind the curtain. Simplifying things a lot:

• If your composer.json file doesn't exist, it will create it.
• It will try to find your dependency in the central repository (packagist.org)
• If found, it will download the package and store it in the vendor directory.
• It will update your composer.json it to add your dependency to the require key.

In the process, it will resolve all the nested dependencies and do the same for those.

When it's done, it will also create a composer.lock file.

This "lock" file stores a frozen snapshot of all the references to all the packages that were actually installed. This is necessary because when you declare your dependencies you can define a range of versions (e.g "anything greater or equal than version 2.2; but lower than version 2.3"). Your composer.lock would store the specific version that's actuall installed (e.g. "version 2.2.4").

Later, if someone got your project files and executed composer install, the lock file would be read so they installed exactly the same files as you did.

(require adds a dependency to your project's composer.json file; install reads your composer.json and composer.lock files and sets up a project from there; there is also a update command that would read only composer.json, download the latest available packages respecting to the version restrictions in each dependency, and update `composer.lock accordingly)

Additionally, composer helps with autoloading, to make the process of actually using the installed libraries easier and faster for developers.

Autoloading is very convenient. Not only you no longer have to add a require someclass.php; statement for each class you want to use, but you also gain the advantage of not having to read these files until they are actually needed.

So not only it simplifies using these new classes, it helps making your application perform better.

For this, inside the vendor directory a file named autoload.php is created. Typically, you need to require this file as the first thing you do on your application entry point.

For example, assuming you have a structure like this:

- project root/
--- composer.json
--- composer.lock
--- vendor/
--- public/
----- index.php

Your index.php file should read:

// public/index.php
<?php
require('../vendor/autoload.php');

This would allow you to use any installed library normally. In the case of the tool you want to install:

// public/index.php
<?php
require('../vendor/autoload.php');

$a = [
    'foo' => 'bar',
    'baz' => [1, 2, 3],
    'xxx' = false
];

krumo($a);

_{As a side note, that library seems to be quite old. I'd try to get something a bit newer. I'd recommend Symfony's VarDump component.}

_{And no, it is not a particularly friendly "newbie" tool. It helps dealing with a lot of things, but it's mostly aimed to slightly more advanced users, since it helps solving issues that aren't so significant in starter/very simple projects.}

Answered By - yivi