How to use composer the PHP dependency manager

Composer logo

What is composer?

A dependency manager for PHP.

It keeps track of which packages you use in your application, it can install and update them. Also it can remove them. All packages you use though composer don’t need to go in your version control system. They are stored in two json files: composer.json and composer.lock

Composer.json defines which packages your application uses. Composer.lock keeps track of which versions you have installed and which dependencies they have. For this reason it is important to keep both of these files in your version control system. If you don’t keep track of your composer.lock file, the packages on your development system might become different than on your server and this might introduce difficult to find bugs.



Download and run composer-setup.exe []

Linux / MacOS

Download and run the composer installer []

Or on a Mac you may use homebrew: brew install composer

Or on Linux you probably can use your package manager to install it.

How do I use it?

Create a new project.

When you want to start a project from nothing, but want to use a dependency manager you call composer init

composer init

Welcome to the Composer config generator

This command will guide you through creating your composer.json config.

Package name (<vendor>/<name>) [noe/composer-tutorial]: wiredpea/composer-tutorial
Description []: A tutorial about how to use composer
Author [Noë Snaterse <>, n to skip]:
Minimum Stability []:
Package Type (e.g. library, project, metapackage, composer-plugin) []: project
License []: MIT
Define your dependencies.
Would you like to define your dependencies (require) interactively [yes]? no
Would you like to define your dev dependencies (require-dev) interactively [yes]? no
    "name": "wiredpea/composer-tutorial",
    "description": "A tutorial about how to use composer",
    "type": "project",
    "license": "MIT",
    "authors": [
            "name": "Noë Snaterse",
            "email": ""
    "require": {}
Do you confirm generation [yes]? Yes

This will generate a composer.json in the current directory. If you said “no” to both the questions about the dependencies (like I did above) it generates a stub for composer and doesn’t do anything.

How to install packages

So to the next question how do I install packages?

composer require vendor/package

This will download the package into your vendor directory, and add it to your composer.json file. Let’s try that.

We are going to install guzzlehttp/guzzle. Guzzle is a PHP HTTP client library that allows you to retrieve other webpages from within your PHP script. 

composer require guzzlehttp/guzzle

This will download the package and add it to the dependencies in your composer.json file.

Now use can use the guzzle library in you PHP files.

How to remove a package

Oops, I downloaded a package that I don’t want anymore, or I downloaded a wrong package. Anyway, I want to get rid of it. What do I do now?

composer remove vendor/package

This will remove the requirement and uninstall the package from your vendor directory.

Let’s try this out, shall we. We are going to remove the guzzle library, so we type: 

composer remove guzzle http/guzzle

This will remove the package and all of its dependencies from the vendor directory and remove the dependency from the require section of your composer.json file.

Be ware though, that this removes the package, so when you are still using the package your application will stop working, because it cannot find it anymore.

But how do I know which packages there are?

There is a central website which lists all packages there are for PHP. It’s called

When you go there there is a search bar on the top of the page, in which you can type the packages you want and just search for them. Example time!

So you want to get some package that does HTTP requests from within PHP. You go to and type ‘HTTP client’ in the search bar. Packagist now returns with a list of packages that can do a HTTP request for you.

This is a really long package list, and when you are new to PHP and don’t know the landscape quite well, you still might now know which one to choose from. If this is the case look at the numbers behind the packages. So for example, guzzlehttp/guzzle has 151.5 million downloads so this is probably pretty popular. In this case it is pretty obvious which package you want. Another way to find a package is to be more (or less) specific. You can also look for a specific framework which works with a package. For example you might type ‘Symfony http client’ of ‘laravel http client’ in the search box and see that packages are listed there. You can do this the other way around too. ‘Laravel HTTP client’ has fewer packages and the most popular (at the time of this writing) is 213.000 downloads with only 411 stars. This isn’t that much though. In this case you might want to use something broader than “Laravel HTTP client” but instead use “HTTP client” and then find Guzzle again.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.