Using Composer: PHP’s Dependency Manager

Hello there, Welcome to this tutorial on getting started with Composer. Here you will learn:

  • What Composer Is
  • How To Install Composer
  • How To Use Composer
  • Starting A New PHP Project Using Composer
  • Installing Packages, Libraries, Or Frameworks Using Composer

Just before we dive in,

What do YOU need to know to get started?

All you need is:

  • A Computer
  • A text editor (Sublime or any other).
  • A browser.
  • Basic PHP knowledge. You can gather some here.

Once you have all those, you are ready to go. Let’s dive in!

What Is Composer?

Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.

What that means is Composer lets you easily use packages in your PHP applications by helping you manage them (installation and updates). Composer separates dependencies of each project from the other by bundling all dependencies of a project in a vendor directory in the root directory of the project.

Composer works similarly to node’s npm.

Composer goes the extra mile to help you by not only installing needed packages but by also checking for the available versions of the package and picking the best fit.

Composer also lets you update all your project dependencies in one command.

Now you know what Composer is and can’t wait to start using it. Let's learn how to install it.

Installing Composer

To install composer, your PHP version has to be at least 5.3.2. You can check your PHP version easily by running this command on your terminal (or command prompt).

php --version

Your output should be something like this:

PHP 7.4.7 (cli) (built: Jun  9 2020 13:36:15) ( ZTS Visual C++ 2017 x64 )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

This means I have version 7.4.7 installed. If you are using XAMPP as your development server on windows, you may learn how to update your PHP version here.

Now if you have a version greater than 5.3.2, you’re good to go.

The next steps are for windows users.

Installing Composer on Windows is the easiest because you can just download the Composer.exe file and install it (like every other windows application).

You may confirm your installation by just typing composer on your command prompt. You should see this:

Some changes might exist due to future updates

The page shows all commands that may be run with Composer.

Using Composer

As we've read that composer helps manage our projects’ dependencies, from installation to updating them when we need to. To aid our understanding, we’ll be creating a new project and installing Faker, a PHP library that gives fake data for use in our applications.

Starting A New Project

To use a package in a project, you must have started the project 😆. Composer gives a command that helps us start a new project by defining basic details of the project, our project dependencies and their versions, and some other details.

Run the following command on your terminal in a new directory, to start a new project.

composer init

This command displays a prompt that asks for your project name and some other details.

  • First, it asks for the project name, which must follow the username/project_name pattern.
  • Next, you’re prompted for a project description, which may be left empty.
  • Then the author name, using the author username <email> convention.
  • Also, you’re prompted for minimum stability, which also may be left empty. This basically is used to filter packages to be installed. Packages that do not meet the minimum stability specified will not be installed.
  • And again, another prompt. This time you’re to specify the licenses for the project. It may be left empty too.
  • Then, you get to a point where it asks for dependencies. Here you may choose to list your dependencies or may choose to let it pass to be installed later.
  • Also, you'd be prompted for dev dependencies too. These are packages that you intend to use only in development. You may choose to list them now too or install them later.
  • In the end, you see in JSON format, all the details you’ve entered so far. And an option to confirm generation. If you accept this, a composer.json file is created in your project’s root directory.


The composer.json is a JSON file that contains all details of the project as specified by the user. It usually looks like this:

The require key lists packages required in this project, and their versions.

In some cases, where you have dependencies to be used in development alone, you'd have a require-dev key too, which lists all the packages specified to be used in development only.

Installing Your First Package

To install a package, there are two ways.

A. Use composer install package_name

From your command line, you may install packages to be used in your application by simply running:

composer install project_name

This command installs the package, and its dependencies (if it has any) and puts them in a vendor folder in your project root directory.

So we can install our faker library like so:

composer require fzaninotto/faker

fzaninotto/faker is now abandoned. Use fakerphp/faker instead.

This package has no dependencies and is easily installed. Now notice, not only is a vendor folder created, but a composer.lock file is also created.


This folder contains all the files of all the installed packages of our project. Notice that you have a fzaninotto folder in our vendor folder. This contains all the files and code of our installed library.

It also contains an autoload.php file which may be included as such:

require_once 'vendor/autoload.php';

Including the autoload.php makes all the classes the installed packages or libraries have available for use without extra work. This will be included in our index.php later and will enable us echo random names without issues.

The vendor folder is usually gitignored, because it can get really large depending on the size of the application being built.


Most times, it's usually more than one person working on an application or will work on an application. And packages are always being updated, new versions are always being pushed out. How does Composer help all developers working on the project be on the same page, using the same versions of all the project’s dependencies?

The composer.lock file is the solution. Whenever a package is installed, the package and its exact version are written to the composer.lock, locking the project to that particular version of the package.

B. Edit composer.json and Use composer install

Another method of installation would be to add our required packages to the require key in our composer.json file. Then running:

composer install

This command looks into the composer.json file and installs all the required packages, both for production and development.

Using The Faker Library

Since we’ve achieved our main aim of the tutorial and we've successfully learned how to install Composer, and use it to install packages. we may as well use our installed package.

Create an index.php in the root directory of your project. And paste the following code in it.

<?phprequire_once 'vendor/autoload.php';
$faker = Faker\Factory::create();
echo $faker->name;

This code just prints a fake name to the screen every time it's run. Which is enough proof that we've installed and can now use our library. 🚀


At this point, you must have learned a lot about Composer and its uses and must be quite charged up and ready to explore the vast number of pancakes the PHP ecosystem has made to make life easy. You can check out packages here. You can read more on the Faker library and its usages here.

The End

If you have any questions or relevant great advice, please leave them in the comments section.

To read more of my articles or follow my works, you may connect with me on LinkedIn and Twitter. It’s quick, it’s easy, and it’s free!

Software Engineer | PHP | Javascript