Back in September 2018 we started working on a 2.0 branch for Composer. It took us a while to get there as we refactored, trying to bake in all the things we learned maintaining the project since 2011. The funding from Private Packagist subscriptions has provided us with enough time to make some big improvements.
A few weeks ago, following Composer's 9 year anniversary, we decided it was time to get more people to look at it and push the 2.0 release to the finish line. I announced that snapshot builds would now be built from 2.0-dev.
We have had quite a bit of feedback, worked on more features and got things much more stable, and now it would be great to get even more people to test it!
How can you test Composer 2?
composer self-update --snapshot will install the latest 2.0-dev snapshot. Run
composer self-update --1 to get back to the latest 1.x stable.
If you have not looked at the changelog yet, you can have a look at the full changelog and upgrade notes. If you already read it when we first published it, below is a copy of the latest changes since the Twitter announcement.
If you are a plugin author it is especially important that you test early, and make sure your plugin is compatible hopefully before we hit the stable release to avoid people being stuck unable to update their projects using Composer 2.
Where do we go from here?
I hope to get a first alpha out in the next couple of weeks. There are still a few features and core issues we need to look at first, but the list is getting shorter. After that we will focus on stability only and I think it's already looking quite good on that front so a stable release should hopefully follow in June sometime.
Composer 2 changes since April 8th
- Added a platform-check step when vendor/autoload.php gets initialized which checks the current PHP version/extensions match what is expected and fails hard otherwise. Can be disabled with the platform-check config option
- Added a
Composer\InstalledVersionsclass which is autoloaded in every project and lets you check which packages/versions are present at runtime
- Added a
composer-runtime-apivirtual package which you can require (as e.g.
^2.0) to ensure things like the InstalledVersions class above are present. It will effectively force people to use Composer 2.x to install your project
- Added support for parallel downloads of package metadata and zip files, this requires that the curl extension is present and we thus strongly recommend enabling curl
canonicaloptions to all repositories, see repository priorities for details
post-file-downloadevent to be fired after package dist files are downloaded, which lets you do additional checks on the files
- Added --unused flag to
removecommand to make sure any packages which are not needed anymore get removed
- Added --no-install flag to
removecommands to disable the install step and only do the update step (composer.lock file update)
- Added --json and --merge flags to
configcommand to allow editing complex
extra.*values by using json as input
- Added --no-check-version to
validatecommand to remove the warning in case the version is defined
- The new platform-check feature means that Composer checks the runtime PHP version and available extensions to ensure they match the project dependencies. If a mismatch is found, it exits with error details to make sure problems are not overlooked. To avoid issues when deploying to production it is recommended to run
composer check-platform-reqswith the production PHP process as part of your build or deployment process.
- If a packages exists in a higher priority repository, it will now be entirely ignored in lower priority repositories. See repository priorities for details.
- PEAR support (repository, downloader, etc.) has been removed