I am trying to get latest version of calcinai/xero-php (just doing composer require as per their readme installs v ^1.7)
When I run
composer require "calcinai/xero-php":"^2.0.4"
The incorrect version of this package is downloaded (composer logs below + vendor code being installed is not what is in master repos, currently at v2.0.4).
How do I get v2.0.4/latest code that is on master (using composer)?
If you want to require a specific version, and not any other, skip the caret. Installing exactly v2.0.4 of that package works using
composer require "calcinai/xero-php":"2.0.4"
Is there a way to composer require some/thing without actually pulling the package? In my workflow, it would hasten things if I knew a command to just check version requirements and update composer.json without actually doing anything with regard to the vendor directory.
You can use --no-update switch to avoid updating and installing new dependencies - it will only add new dependency to composer.json.
composer require --no-update symfony/symfony
But since require does not check if required package can be installed (it always pick the newest version compatible with your PHP as a constraint, without checking if it will be possible to install), this can leave composer.json in non-installable state.
It will also not update composer.lock so composer install may ignore your new dependency. So this is probably a bad idea unless you want to do something with it before you commit new composer.json.
You may try to use --dry-run switch to test what will happen after composer update - you will be able to check if composer.json is installable, but composer.lock still will be out of date.
composer update --dry-run
In my composer I've the following version definition of a module:
"my-module": "1.*"
Everything was working fine until I've changed the module tag version to 1.0.10.
The strange thing is that composer is always loading 1.0.9.
I could change the pattern to "1.0.*", but I can't find any info why "1.*" is not working.
btw. I'm using Composer version 1.4.1
To find out why a particular version is not updated, you can run composer why-not package/name version, and Composer will list all dependencies that prevent the installation of that particular version.
I have a feeling that in your case you will detect another package that you did not consider yet.
I pushed my package medyes/ebay-api on github.
When I tried to download it on another project with composer I have an error:
Command composer:
composer require medyes/ebay-api:dev-master
The error:
[InvalidArgumentException]
Could not find package medyes/ebay-api at any version for your
minimum-stability (dev). Check the package spelling or your minimum
-stability
this is the composer.json of medyes/ebay-api package
composer.json
Avoid using branches - especially when the project you are about to include offers tagged versions.
composer require medyes/ebay-api:~0.1
This will update this package until version 1.0 comes out (which would not be installed, because that major release number change it is considered incompatible according to semantic versioning) every time a newer, installable version exists and you run composer update.
I have a project with a few dependencies and I'd like to install another one, but I'd like to keep the others the way they are. So I've edited the composer.json, but if I run composer install, I get the following output:
Installing dependencies from lock file
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
Your requirements could not be resolved to an installable set of packages.
Problem 1
- laravel/framework dev-master requires ext-mcrypt * -> the requested PHP extension mcrypt is missing from your system.
- laravel/framework dev-master requires ext-mcrypt * -> the requested PHP extension mcrypt is missing from your system.
- Installation request for laravel/framework dev-master -> satisfiable by laravel/framework dev-master.
First of all, I do have mcrypt installed, so I don't know why it's complaining about that there.
So, how can I install this new dependency?
My composer.json:
{
"require": {
"opauth/opauth": "*",
"opauth/facebook": "*",
"opauth/google": "*",
"opauth/twitter": "*",
"imagine/Imagine": "dev-develop",
"laravel/framework": "4.*",
"loic-sharma/profiler": "dev-master"
},
"autoload": {
"classmap": [
"app/libraries",
"app/commands",
"app/controllers",
"app/models",
"app/database/migrations",
"app/tests/TestCase.php"
]
},
"minimum-stability": "dev"
}
To install a new package and only that, you have two options:
Using the require command, just run:
composer require new/package
Composer will guess the best version constraint to use, install the package, and add it to composer.lock.
You can also specify an explicit version constraint by running:
composer require new/package ~2.5
–OR–
Using the update command, add the new package manually to composer.json, then run:
composer update new/package
If Composer complains, stating "Your requirements could not be resolved to an installable set of packages.", you can resolve this by passing the flag --with-dependencies. This will whitelist all dependencies of the package you are trying to install/update (but none of your other dependencies).
Regarding the question asker's issues with Laravel and mcrypt: check that it's properly enabled in your CLI php.ini. If php -m doesn't list mcrypt then it's missing.
Important: Don't forget to specify new/package when using composer update! Omitting that argument will cause all dependencies, as well as composer.lock, to be updated.
Actually, the correct solution is:
composer require vendor/package
Taken from the CLI documentation for Composer:
The require command adds new packages to the composer.json file from the current directory.
php composer.phar require
After adding/changing the requirements, the modified requirements will be installed or updated.
If you do not want to choose requirements interactively, you can just pass them to the command.
php composer.phar require vendor/package:2.* vendor/package2:dev-master
While it is true that composer update installs new packages found in composer.json, it will also update the composer.lock file and any installed packages according to any fuzzy logic (> or * chars after the colons) found in composer.json! This can be avoided by using composer update vendor/package, but I wouldn't recommend making a habit of it, as you're one forgotten argument away from a potentially broken project…
Keep things sane and stick with composer require vendor/package for adding new dependencies! 😉
We can install a new package without updating other dependencies like this:
composer require package/name --no-update
this will add your package to composer.json (no update to composer.lock)
composer update package/name
this will now install/update your new package, adding it to composer.lock without updating other deps
My use case is simpler, and fits simply your title but not your further detail.
That is, I want to install a new package which is not yet in my composer.json without updating all the other packages.
The solution here is composer require x/y
In my case, I had a repo with:
requirements A,B,C,D in .json
but only A,B,C in the .lock
In the meantime, A,B,C had newer versions with respect when the lock was generated.
For some reason, I deleted the "vendors" and wanted to do a composer install and failed with the message:
Warning: The lock file is not up to date with the latest changes in composer.json.
You may be getting outdated dependencies. Run update to update them.
Your requirements could not be resolved to an installable set of packages.
I tried to run the solution from Seldaek issuing a composer update vendorD/libraryD but composer insisted to update more things, so .lock had too changes seen my my git tool.
The solution I used was:
Delete all the vendors dir.
Temporarily remove the requirement VendorD/LibraryD from the .json.
run composer install.
Then delete the file .json and checkout it again from the repo (equivalent to re-adding the file, but avoiding potential whitespace changes).
Then run Seldaek's solution composer update vendorD/libraryD
It did install the library, but in addition, git diff showed me that in the .lock only the new things were added without editing the other ones.
(Thnx Seldaek for the pointer ;) )