Install dependencies with composer

In the previous part, we see how to use composer init command to generate a new composer.json for our existing project. The generated composer.json contains a list of 3rd libraries required by our project. In this article, we will see how to install those dependencies.

The composer install command

To install the dependencies required to our project, invoke the command composer install in project root where composer.json reside.

~/sites/my-app$ composer install
Loading composer repositories with package information
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
  - Installing monolog/monolog (1.0.2): Downloading (100%)
Writing lock file
Generating autoload files

Let’s see how directory structure change after running the command:

Directory structure before composer install
├── .gitignore
├── composer.json
└── index.php
Directory structure after composer install
├── index.php
├── composer.json
├── composer.lock
└── vendor
    ├── autoload.php
    ├── composer
    │   ├── ...
    └── monolog
        └── monolog
            ├── composer.json
            ├── doc
            │   ├── ...
            │   └──
            ├── src
            │   └── Monolog
            │       ├── Logger.php
            │       ├── Formatter
            │       │   ├── ...
            │       ├── Handler
            │       │   ├── ...
            │       └── Processor
            │           └── ...
            └── tests
                ├── ...

As we can see, composer created a new vendor directory alongside the composer.json. This directory contains the source code of the downloaded packages. For each package required by our project, Composer downloads the source code of the package into the full package name subdirectory of the vendor directory.

Suppose the full package name is aa/bb. In other words, The vendor is aa and the package name is bb, The source code of the package is downloaded into vendor/aa/bb.

Each package contains a composer.json and some source files. However, it may contain other files as well. For example, In the installed monolog/monolog package, we can see some documentation under the docs directory and some unit tests under tests.


As we can see, a new file autoload.php is generated under vendor directory. As the name suggests, this file gathers all the autoload information for all the installed libraries. In other words, It allows you to use classes from all installed libraries without explicitly including the PHP files where they are defined. When you include this file in your source files, you can start using all the classes defined in your installed libraries.

Let’s see it in action. First, include ./vendor/autoload.php. Then, you can use all the classes defined in our installed monolog/monolog library without any extra work from your side.

Using autoload.php
// create a the logger
$log = new Monolog\Logger('app');
$handler = new Monolog\Handler\StreamHandler('app.log');

echo "Hello World !!!";

The vendor/autoload.php is regenerated each time the dependencies of your project change. For example, when you run composer install, composer require, composer update or composer remove. Sometimes, you may want to manually generate this file - In this case use composer dump-autoload.

composer dump-autoload
$ composer dump-autoload
Generating autoload files
Generated autoload files


Since the composer.lock was not exist when we run composer install, composer generate a this new file (composer.lock) alongside composer.json. This file contains all the dependencies that you listed in composer.json with the exact versions that were installed by composer in the composer.json directory.

composer.lock play a vital role in making a consistent development environment. If the composer.lock exist when you run composer install, composer installs all dependencies with the exact versions listed in composer.lock. Therefore, If you add composer.lock to your git repository - You ensure that everyone in your team works with the same dependencies and the same versions you work with.

Let’s see it in action.

Using composer.lock
~/sites/my-app$ git add composer.lock
~/sites/my-app$ rm -rf vendor
~/sites/my-app$ composer install
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Package operations: 1 install, 0 updates, 0 removals
  - Installing monolog/monolog (1.0.2): Loading from cache
Generating autoload files

As we can see, this time the composer use the package information stored in the lock file.

Software Developer

Kobi helps entrepreneurs to translate their wishes to a working product.