I'm just starting to use Bower, and it's really useful, but one thing I don't understand how to do is something similar to Composer: updating/deleting your dependencies based on the json file.
So, in composer, if I have something like:
"require": {
...
"sonata-project/core-bundle": "^2.3",
"sonata-project/block-bundle": "^2.3.8",
"sonata-project/admin-bundle": "dev-master",
"sonata-project/doctrine-orm-admin-bundle": "^2.3"
},
And if I delete one dependency's line(or more) and run
composer update
This will not only update any of the outdated dependencies, but also delete the folders corresponding to the deleted dependencies.
How can I achieve the same in Bower? Is there a similar command or combinations of commands, eventually?
I've tried
bower update
But that just updades the dependencies.
I've also tried
bower uninstall "dependency"
But this works only for one, and doesn't automatically detect what I have and what I don't, like in Composer's case.
The thing you're looking for is
bower prune
You can also do
bower uninstall package1 package2 --save --save-dev
Related
I have a PHP project, that uses composer for it's PHP dependencies and bower for it's front end dependencies. So basically I have a directory structure that looks something like this (a simplified version obviously):
/app
/bower_components
/public
/vendor
/foo
/bar
/src
bower.json
composer.json
bower.json
composer.json
gulpfile.js
As you can see, the php dependency has some front end dependencies of it's own, that are also managed with bower. However, when I run bower install from the root of my app, the bower file from inside my foo/bar dependency is ignored.
I do not want to build my front-end dependencies inside foo/bar in advance and just include those in my app using gulp, because foo/bar may have overlapping dependencies with my app (like jQuery or Bootstrap or something) and I obviously do not want to include those twice. And I also would prefer bower throwing an error when there are version conflicts for overlapping dependencies, rather then having to find out the hard way.
Ideally all my front end dependencies would end up in my root bower_components directory, both those from my app's bower.json, as well as those from vendor/foo/bar/bower.json. This way I can have gulp compile all those into a single (or probably a few) .js and .css file.
So the question is, is that possible? Can I have bower look at other bower.json files inside sub directories? Or is there a recommended way to automatically merge multiple bower.json files before bower is ran?
I have spent the last hour scouring the web for a good solution to this problem, but I can't seem to come up with anything. (If you know of a good blog post or resource on this topic, please do share!) All google gives me are some basic bower tutorials, that are not very helpful here. Am I really the first one to run into this problem, or is there something fundamentally wrong in the way I am trying to tackle the issue at hand?
One way to tackle this (and a way Symfony CMF uses now) is to create bower packages for your PHP dependencies. This means you create a front-end bower package from your bundle, the package only contains the bower.json file with the dependencies.
Now, in your application's bower.json file, you can specify these "virtual" bower packages as requirements and run bower install. For instance:
{
"dependencies": {
"php-foobar": "^1.3"
}
}
The composer plugins composer-extra-assets and composer-assets-plugin allow adding bower dependencies to composer.json.
composer-assets-plugin is implemented in pure php and turns bower packages into composer packages.
composer-extra-assets calls the "real" bower behind the scenes. It is installed (including the required nodejs) automatically though if you don't have it on your system.
Disclaimer: I'm the author of composer-extra-assets.
I'm new to composer and Yii2. Already installed yii2 on Windows and now I need to install new bower dependency called bower-asset/angular-material. Added "bower-asset/angular-material": "0.4.2" to composer.json require block and run composer update bower-asset/angular-material. It takes too long time (about 1 hour). Somehow composer read all patches of angular
Reading bower.json of bower-asset/angular (v1.3.0-patch2531)
Reading bower.json of bower-asset/angular (v1.3.0-patch2530)
Reading bower.json of bower-asset/angular (v1.3.0-patch2529)
...
Why it takes too long time? What I need to do?
fxp/composer-asset-plugin >= v1.3:
To skip reading -patch packages, you need just added to composer.json of your project follow config of fxp/composer-asset-plugin:
"config": {
"fxp-asset": {
"pattern-skip-version": "(-build|-patch)"
}
}
Note: also this meaning the -build packages also will be skipped.
fxp/composer-asset-plugin < v1.3:
If you are using fxp/composer-asset-plugin older than version 1.3, you can use follow config:
"extra": {
"asset-pattern-skip-version": "(-build|-patch)"
},
That should work.
Make sure you are running the latest version of Bower. I am currently running v1.2.6 and null works to fetch the latest dependency.
$ bower -v
If you have installed bower globally via npm, then you can update it this way:
$ npm update bower -g
Note: you may need to run that as sudo depending on your file permissions.
Hope this helps.
I am using pre-beta release of Laravel 5 for my project.
I found out that the app skeleton of Laravel 5 was changed in the github repo and since it is a development version, that is expected to change quite frequently.
My question is, can I update only the specific dependencies using composer and not the framework itself? So that I don't have to worry about the changing app structure until I am ready to make changes?
Here is how the composer.json dependencies look:
"require": {
"laravel/framework": "~5.0"
},
"require-dev": {
"phpunit/phpunit": "~4.0",
"way/generators": "~3.0",
"fzaninotto/faker": "~1.5#dev"
},
Thank you.
While the composer update package package ... answer is a good one, another thing you might be able to do is change your Laravel require spec to a specific commit. The Composer documentation mentions how to do this, and I've done it myself on a project (though not with laravel, on my own packages which are also in a breaking/dev state).
"require": {
"laravel/framework": "dev-master#49e3c77b518547bb661b1de4fda64a3ae0c5c505",
...
}
I'd hope that, because laravel/framework 'replaces' the various illuminate/* packages, that any reliance on these (as long as the spec is 5.0-esque) that this would work without downloading the illuminate packages twice.
Doing it this way you can lock your laravel/framework (or any package) at a given commit, but still allow the standard composer update to work.
To find out what commit you're already on, if your laravel/framework dependency spec is a dev one then the vendor/laravel/framework/ directory itself should be a git repo, so just do git status in there to get the HEAD ref. Alternatively, look in composer.lock for the laravel/framework entry's source.reference value.
Composer allows you to do specific package upgrades. I used this literally the other night to upgrade a single package to fix a bug, but I didn't want to change anything else.
composer update <package1> <package2> <...>
So in your case
composer update phpunit/phpunit way/generators fzaninotto/faker
It might be more complicated when you have lots of packages - but it is a solution that works.
Yes, you can simply call
composer update vendor/package
without updating your whole project.
It will work for the packages pulled by yourself and for the dependencies
You can't really. If you use Laravel 5 this is a thing you need to deal with, development versions come with this backdraw.
Is there a way to tell composer that each time I do a composer update I want him to ignore a specific package?
Have you considered specifying the required version for the package you are trying to ignore? For instance:
"require": {
"some/package": "~1.2"
}
This may get updated, because you are saying any version >=1.2,<2.0, But if you strictly say you want only version 1.0, you should not see any updates to that package:
"require": {
"some/package": "1.2"
}
Actually I don't know if there is any way to tell composer to exclude one specific package from updating but you can tell which packages to update as
composer update <package> <package2>; // or
php composer.phar update <package> <package2>;
For example,
composer update foo/package1 bar/package2; // or
php composer.phar update foo/package1 bar/package2;
Also, I think, if you don't list them in composer.json (remove after installation) by yourself, then they will not be updated unless also specified in the list.
From Composer:
If you only want to install or update one dependency, you can whitelist them:
$ php composer.phar update monolog/monolog [...]
Check this link and also check Composer.
Update : (found on internet but not tested)
To do that, just remove the package from composer.lock
Update: Only availble for composer versions 1.0.0-alpha6 and lower. Using it in version 1.0.0-alpha7 and higher will remove all packages in "require-dev".
I believe currently you can trick composer with some mess if you can afford it in your project. Something like: Put all packages you don't want to update in "require-dev" and run updates with composer update --no-dev
Just be careful of that if you run composer install as i recall they will be removed from your project.
All this trickery is really nasty, so we should wait for official way of doing things like that, personally i update packages explicitly specifying them
To ignore a specific package, you can use provide (if it's part of your own package) or replace. This tells Composer that you wish to provide/replace a specific package, so it won't download it.
Here is the composer.json file example which should work:
{
"require": {
"radic/tmp-underscore-php": "~1.2.0"
},
"replace": {
"patchwork/utf8": "*"
}
}
In this example, the patchwork/utf8 package would be ignored on composer install or update.
To exclude specific version, see: Composer exclude specific versions.
I have a project with a few dependencies and I'd like to install another one, but I'd like to keep the others the way they are. So I've edited the composer.json, but if I run composer install, I get the following output:
Installing dependencies from lock file
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
Your requirements could not be resolved to an installable set of packages.
Problem 1
- laravel/framework dev-master requires ext-mcrypt * -> the requested PHP extension mcrypt is missing from your system.
- laravel/framework dev-master requires ext-mcrypt * -> the requested PHP extension mcrypt is missing from your system.
- Installation request for laravel/framework dev-master -> satisfiable by laravel/framework dev-master.
First of all, I do have mcrypt installed, so I don't know why it's complaining about that there.
So, how can I install this new dependency?
My composer.json:
{
"require": {
"opauth/opauth": "*",
"opauth/facebook": "*",
"opauth/google": "*",
"opauth/twitter": "*",
"imagine/Imagine": "dev-develop",
"laravel/framework": "4.*",
"loic-sharma/profiler": "dev-master"
},
"autoload": {
"classmap": [
"app/libraries",
"app/commands",
"app/controllers",
"app/models",
"app/database/migrations",
"app/tests/TestCase.php"
]
},
"minimum-stability": "dev"
}
To install a new package and only that, you have two options:
Using the require command, just run:
composer require new/package
Composer will guess the best version constraint to use, install the package, and add it to composer.lock.
You can also specify an explicit version constraint by running:
composer require new/package ~2.5
–OR–
Using the update command, add the new package manually to composer.json, then run:
composer update new/package
If Composer complains, stating "Your requirements could not be resolved to an installable set of packages.", you can resolve this by passing the flag --with-dependencies. This will whitelist all dependencies of the package you are trying to install/update (but none of your other dependencies).
Regarding the question asker's issues with Laravel and mcrypt: check that it's properly enabled in your CLI php.ini. If php -m doesn't list mcrypt then it's missing.
Important: Don't forget to specify new/package when using composer update! Omitting that argument will cause all dependencies, as well as composer.lock, to be updated.
Actually, the correct solution is:
composer require vendor/package
Taken from the CLI documentation for Composer:
The require command adds new packages to the composer.json file from the current directory.
php composer.phar require
After adding/changing the requirements, the modified requirements will be installed or updated.
If you do not want to choose requirements interactively, you can just pass them to the command.
php composer.phar require vendor/package:2.* vendor/package2:dev-master
While it is true that composer update installs new packages found in composer.json, it will also update the composer.lock file and any installed packages according to any fuzzy logic (> or * chars after the colons) found in composer.json! This can be avoided by using composer update vendor/package, but I wouldn't recommend making a habit of it, as you're one forgotten argument away from a potentially broken project…
Keep things sane and stick with composer require vendor/package for adding new dependencies! 😉
We can install a new package without updating other dependencies like this:
composer require package/name --no-update
this will add your package to composer.json (no update to composer.lock)
composer update package/name
this will now install/update your new package, adding it to composer.lock without updating other deps
My use case is simpler, and fits simply your title but not your further detail.
That is, I want to install a new package which is not yet in my composer.json without updating all the other packages.
The solution here is composer require x/y
In my case, I had a repo with:
requirements A,B,C,D in .json
but only A,B,C in the .lock
In the meantime, A,B,C had newer versions with respect when the lock was generated.
For some reason, I deleted the "vendors" and wanted to do a composer install and failed with the message:
Warning: The lock file is not up to date with the latest changes in composer.json.
You may be getting outdated dependencies. Run update to update them.
Your requirements could not be resolved to an installable set of packages.
I tried to run the solution from Seldaek issuing a composer update vendorD/libraryD but composer insisted to update more things, so .lock had too changes seen my my git tool.
The solution I used was:
Delete all the vendors dir.
Temporarily remove the requirement VendorD/LibraryD from the .json.
run composer install.
Then delete the file .json and checkout it again from the repo (equivalent to re-adding the file, but avoiding potential whitespace changes).
Then run Seldaek's solution composer update vendorD/libraryD
It did install the library, but in addition, git diff showed me that in the .lock only the new things were added without editing the other ones.
(Thnx Seldaek for the pointer ;) )