I did a lot of research on the web, but did not find a documentation of the composer error log. In the discussions I found, nobody had an explanation that was consistent with the error log. For example:
[Support] Need explanation for "Conclusion: don't install ..."
Why composer says "Conclusion: don't install" when (seemingly) no obstacles are present?
I know, what composer does and can resolve issues on my own, but I often have to consult packagist.org for this. Despite being quite (and unnecessarily) verbose, the composer log only gives me some hints. It does not really point out the concrete problems.
Does anyone know of a complete documentation or how to explain the reasoning behind the logs, maybe taking the above ones as an example?
Documentation of Composer can be found at getcomposer.org/doc, especially Troubleshooting section. Usually the dependency problems comes from misconfiguration of your composer.json and understanding Composer logs comes with experience or learning on trial and error. Documenting every possible errors out of hundreds can become quickly outdated. If you believe some specific error isn't clear enough, you can always raise a new suggestion at the Composer's GitHub page.
As suggested in linked GitHub issue, "Conclusion: don't install" message it could be related to requirements defined in minimum-stability. Another linked question could be related to Composer's bug as reported at GH-7215.
Errors
Here is a small guide explaining the common Composer's errors:
Can only install one of: org/package[x.y.z, X.Y.Z].
If you see this messages, that could be the main cause of the dependency issue. It basically means that based on the Composer's dependency calculation both of these versions are required, but only one major version can be installed (you cannot have both x.y.z and X.Y.Z, unless you split your configuration for different folders). To see why these packages are required, use the composer why/depends command and adjust the dependencies accordingly.
See: How to resolve a "Can only install one of:" conflict? & How to solve two packages requirements conflicts when running composer install?
Installation request for org/package2 (locked at vX.Y.Z)
This message means that there was an installation request for org/package, however, it is locked at X.Y.Z. If the requested version is not compatible with the locked version (like a different major version), you cannot install both. This message often comes along with already mentioned "Can only install one" one. So, whenever you see "locked at", that means Composer reads your installed package version from the composer.lock file. To troubleshoot, you can use composer why/depends command to find why the package was requested and adjust the compatibility, otherwise, you may try to remove composer.lock file and start from scratch (ideally from the empty folder).
See: Installation failed for laravel/lumen-installer: guzzlehttp/guzzle locked at 6.3.0
org/package1 vx.y.z conflicts with org/package2[vX.Y.Z].
It is a similar issue as above where two packages are conflicting and you need to solve the dependency manually. Reading the whole context of the message may give you some more clues. Checking the dependency tree may also help (composer show -t).
conflict with your requirements or minimum-stability
This message means as it reads, so you should check the required version and/or your minimum-stability settings.
This can be caused by a package being marked as non-stable and your requirements being "stable only. See: But these conflict with your requirements or minimum-stability
Or because of conflicts with other installed packages. See: How to identify what is preventing Composer from installing latest version of a package?.
For any other errors, check out the official Composer's Troubleshooting page.
Troubleshooting
Here are more suggestions how to troubleshoot the Composer dependency issues in general:
Add -v/-vv/-vvv parameter to your command for more verbose output.
Run composer diagnose to check for common errors to help debugging problems.
If you seeing "locked at x.y.z" messages, it relates to packages locked in your composer.lock.
Test your composer.json on the empty folder.
Keep your composer.json to minimum.
Run composer show -t to see your current dependency tree.
Run composer show -a org/package x.y.z to check the details about the package.
Feel free to ask a new question at Stack Overflow.
To fully debug Composer's dependency problem, you can:
Analyse or modify the source code (e.g. DependencyResolver/Problem.php).
Run Composer under XDebug, either by the breakpoint or generating a full or partial trace file.
Useful threads explaining common errors:
How to resolve a "Can only install one of:" conflict?
composer.json fails to resolve installable set of package
Discover latest versions of Composer packages when dependencies are locked
When trying to install php-jwt facing trouble with auth0
Reference - Composer error "Your PHP version does not satisfy requirements" after upgrading PHP
How to identify what is preventing Composer from installing latest version of a package?
Error:
somevendor/somepackage[v1.0.0, ..., v1.9.1] require composer-plugin-api ~[X.X]
This means that that somevendor/somepacakge requires that a specific version range of Composer to be installed.
Run composer -v and compare it to the version constraint in the error message (shown as ~X.X in the example above, but that could be something like ^1.0, or ^2.2, etc).
If your version does not match the constraint, see if you can either:
upgrade or downgrade your composer version to match the composer constraint in the error message
upgrade somevendor/somepackage so that it can work with your Composer version.
Related
when I initialize a new project with composer I have this error in the terminal:
No lock file found. Updating dependencies instead of installing from
lock file. Use composer update over composer install if you do not
have a lock file.
Can someone explain to me?
composer update and composer install are similar in that they both download your dependencies, but are different in an important way.
The update command will retrieve the latest versions of all of your dependencies that meet your version constraints in your composer.json file. Next, it has to discover the exact versions to install of your dependencies, your dependencies’ dependencies, their dependencies, and so on all the way to the bottom. If it can’t find a set of versions that satisfy all constraints, the command exits with an error explaining what it can’t resolve and why. If all dependencies can be resolved, they will be downloaded into the vendor directory. Finally, a composer.lock file will be generated that has the exact versions and commits that were installed.
If a lock file is present and you run composer install, composer doesn’t have to do the dependency resolution because they’ve already been resolved. It downloads the exact version of each package from the lock file.
The message you received is telling you that your dependencies haven’t been resolved yet (by the update command), but running install will act like an update if there is no composer.lock file.
I'm running Laravel 5.5.
While trying to install jacquestvanzuydam/laravel-firebird via Composer,
but it fails. The Composer shows me:
[InvalidArgumentException]
Could not find a version of package jacquestvanzuydam/laravel-firebird matching your minimum-stability (stable). Require it with an explicit version constraint allowing its desired stability.
This package does not have any stable release. You need to specify branch in constrait directly:
composer require jacquestvanzuydam/laravel-firebird:dev-master
This will install version from master branch. List of available branches you can find or right column on https://packagist.org/packages/jacquestvanzuydam/laravel-firebird.
You may also report this issue (no stable release of this package) to package maintainer. Using branch instead of regular constraint may give unexpected compatibility breaks, you should really avoid it where possible.
Adding "minimum-stability": "dev" to composer.json before installation worked for me.
I'm developing my first composer package as a test, and everything is ok, except that I didn't manage to flag my code as stable.
When requiring my code, if my composer.json file does not have a "minimim-stability": "dev", I've got this error message :
Your requirements could not be resolved to an installable set of packages.
I've already read this answer, and I created a 1.0.0 Tag, but it does not change anything.
Could someone explain what I've missed ?
Okay, its works now, maybe I was too impatient.
Locally when I run composer install it doesn't show anything about suggestions. In our CI environment it provides a long list of suggestions I'd like to avoid. I want to see the output of what's being loaded from cache and that kind of thing, just don't want to see this. I've been through the docs and haven't been able to figure out how to hide this.
The suggestions are (among many others)...
symfony/security-core suggests installing symfony/expression-language (For using the expression voter)
symfony/routing suggests installing symfony/expression-language (For using expression matching)
predis/predis suggests installing ext-phpiredis (Allows faster serialization and deserialization of the Redis protocol)
phpseclib/phpseclib suggests installing ext-gmp (Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.)
phpseclib/phpseclib suggests installing pear-pear/PHP_Compat (Install PHP_Compat to get phpseclib working on PHP < 4.3.3.)
patchwork/utf8 suggests installing ext-intl (Use Intl for best performance)
monolog/monolog suggests installing aws/aws-sdk-php (Allow sending log messages to AWS services like DynamoDB)
How can I hide this output?
As of composer 1.6.3, there is a --no-suggest option that hides all suggestions when running composer install or composer update.
When you run composer install on a project that has a composer.lock file, it just installs the versions locked in the composer.lock file and nothing. In other words, the required packages and versions are already resolved and it's just installing it.
When you run composer install on a project with no composer.lock file, Composer will resolve the required packages and their versions and will store it in the composer.lock file before installing them. In this case, the project was not set up and you get notified about other suggested packages.
In the second case, there is no way you can hide the suggested packages list from the output (at least, at the time of writing this answer). In the first case, nothing is new, so it isn't shown at all.
The solution will be to push your composer.lock file to the server, which is a good practice after all (you don't want your production server to have other versions of the dependencies than your dev environment, newer versions might broke your site).
Since composer 1.6.3, the --no-suggest doesn't show anything about suggestions. But in composer 2, this option is deprecated, it has no effect and will break in composer 3 (see this link for more details).
Hope that will help in 2021!
I am attempting to integrate this package: https://bitbucket.org/cerbero/oauth/wiki/Home
Also seen her on Packagist: https://packagist.org/packages/cerbero/oauth
The documentation from BitBucket says:
Installation
Be sure minimum-stability is set to dev in your composer.json, then run:
composer require cerbero/oauth:2.1.0
So I include the package after Laravel like this:
"require": {
"laravel/framework": "4.2.*",
"cerbero/oauth": "dev-master"
},
Then I run the composer command and get this error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for cerbero/oauth 2.1.0 -> satisfiable by cerbero/oauth[2.1.0].
- cerbero/oauth 2.1.0 requires google/apiclient 1.0.3-beta -> no matching package found.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting
see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
It states that it also requires google/apiclient. So I go to packagist and get the info and paste it into the require section of composer.json. Then another missing dependency pops up so I add that one. The cycle continues for a while. Isn't packagist supposed to handle the dependencies automatically? I am new to packagists but I haven't had issues going through other Laravel tutorials that requires packages. What is the proper way to include this Cerbero package into my application? Any advice would be appreciated.
Composer does take care of dependencies for you, in your current settings, it tries to resolve all dependencies required for your package cerbero/oauth, google/apiclient being one of them. However the dependencies tried to resolve into non-stable package, and in your composer.json file somewhere, it must have stated
"minimum-stability": "stable"
The solution is then pretty clear, according to the error message you see, just set the minimum-stability to dev instead of stable.