What is composer

Composer is a tool for dependency management in PHP. It allows you to control all the libraries your project depends on.
Composer is not a package manager in the same way as Yun or Apt, it deals with “packages” or libraries, but it manages them on a per project basis.
By default, it does not install anything globally on your system (but can be done) but in the root of your project, typical in a vendor folder.
The idea for Composer is not new and it's inspired by node’s npm and ruby’s bundler

Why use composer

A good way to use composer is when you have a lot of dependencies and a good way to keep track of what version the dependencies is on is by looking at your composer.json file.
Composer is also a good fit if you work in teams and need to make sure you have the same versions of dependencies.
By running composer install composer will look at the composer.lock file instead that has been automatic generated when the first person run composer update.
It's typical that deployment services like Forge and Envoyer running composer install to make sure it has the same version of dependencies as your local project has.

What is a composer.json file

A composer.json file is where you put all your dependencies in, and it can look something like this

    "name": "laravel/laravel",
    "description": "The Laravel Framework.",
    "keywords": ["framework", "laravel"],
    "license": "MIT",
    "type": "project",
    "require": {
        "php": ">=5.5.9",
        "laravel/framework": "5.1.*",
        "laravel/socialite": "^2.0"
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "mockery/mockery": "0.9.*",
        "phpunit/phpunit": "~4.0",
        "phpspec/phpspec": "~2.1"

require is where you put your “global” dependencies so your application can function. require-dev is only for local development.

What is a composer.lock file

A composer.lock file is generated when you run composer update, so its important that you commit that file, because lots of deployment services will try to install dependencies from that file.
composer.lock makes sure your local and production is equals.

Should I use composer?

I think it's the best thing that has to happen to the PHP world, I can strongly recommend it.
So if you haven't tried it yet, I can strongly recommend playing around with it.

If you have any issues feel free to tweet me