-1

According to docs, composer install (composer update too, since it includes install script), among other things, downloads the requirements and puts these packages inside the vendor directory: https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies :

It then implicitly runs the install command. This will download the dependencies' files into the vendor directory in your project.

What the docs don't say is: we often write the following in composer.JSON...

"require": {
    "php": "^8.0",

... so if we try to apply what the docs say, it means that Composer would download the PHP interpretor (a package available in Packagist for example) and put it inside the vendor directory, when we run either composer install or composer update. What is the interest of putting a PHP interpretor inside a site's folder (here, vendor)?

But we know it doesn't do that. It won't download any PHP interpretor. It won't obviously put it inside the vendor directory. Instead, it will just check the server's PHP interpretor's version and returns a fatal error or something else if this version doesn't match the requirement's version.

So does it mean that in the Composer's install and update scripts, there is an exception made for PHP when treating the require's lines in the composer.JSON file?

JarsOfJam-Scheduler
  • 2,809
  • 3
  • 31
  • 70
  • 1
    Yes you're right, in composer there's a special exception for require `php` , it only checks if your system's PHP version meets the requirement. – aceraven777 Jun 27 '21 at 09:13
  • @aceraven777 Thank you! Did you find it in github? Which file which line please? - don't hesitate to write an answer, I would be pleased to accept it. – JarsOfJam-Scheduler Jun 27 '21 at 09:14
  • 2
    You can find it on the composer website, its hard to find though. `require and require-dev also support references to specific PHP versions and PHP extensions your project needs to run successfully.` https://getcomposer.org/doc/04-schema.md#package-links – aceraven777 Jun 27 '21 at 09:18
  • Well. It *seems* to mean there is a treatment exception made for the line `PHP` in `require` but it is not *litterally* written :-) (I've upvoted your comments) – JarsOfJam-Scheduler Jun 27 '21 at 09:20
  • 1
    okay, thanks. Ill write an answer for this – aceraven777 Jun 27 '21 at 09:22
  • 1
    Please share more details - what do you mean by "download the PHP interpretor"? Packagist does not install PHP itself – Nico Haase Jun 27 '21 at 10:39
  • @NicoHaase if we apply what the docs say, Composer would put a PHP interpretor package inside `vendor`, but indeed like you say, in practice we can see that Composer doesn't do that and that no PHP interpretor package exist in Packagist. So what does it mean to write `php` as a `requirement` in `composer.JSON`, this is the question. :-) – JarsOfJam-Scheduler Jun 27 '21 at 10:41
  • No, it does not, and the documentation doesn't try to tell you that. The excerpt aceraven777 has posted is given in the official documentation. And what that line does has been answered some times on SO, for example in https://stackoverflow.com/questions/26277151/force-composer-to-require-php-version-between-version-x-and-version-y - if you have any further question about this, please edit your question to contain it – Nico Haase Jun 27 '21 at 10:45
  • If you read https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies, it clearly says: "It then implicitly runs the install command. This will download the dependencies' files into the vendor directory in your project.", meaning that PHP would be treated like a package to be put in `vendor`. I've answered my question. – JarsOfJam-Scheduler Jun 27 '21 at 10:47
  • Have you seen https://getcomposer.org/doc/04-schema.md#package-links? "require and require-dev also support references to specific PHP versions and PHP extensions your project needs to run successfully" – Nico Haase Jun 27 '21 at 10:49
  • @NicoHaase yse and it doesn't answer my question. It doesn't tell if or if not, and why or why not, it will or won't put an eventual PHP interpretor package that would be downloaded for example from Packagist in `vendor`, as the docs say `require` do it (https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies). Please read my answer to my question. – JarsOfJam-Scheduler Jun 27 '21 at 10:52
  • What makes you think that it even **could** be Composer's job to add a PHP interpreter to the vendor folder? As Composer installs PHP packages, but never states that it could be able to install PHP itself (as, pretty obvious, Composer - written in PHP - wouldn't run without PHP being installed), this looks pretty obvious to me – Nico Haase Jun 27 '21 at 11:06
  • I didn't think so. I was highlighting what you have just said, to show that the docs statement "composer require" will install in vendor folder the requirements put in "composer. Json" 's "require" is wrong because it excludes the notion of virtual/plateform packages (which is presented latter in the docs, see my answer). – JarsOfJam-Scheduler Jun 27 '21 at 11:11
  • Note that I explain it from my sentence "But we know it doesn't do that." in the OP. – JarsOfJam-Scheduler Jun 27 '21 at 11:11
  • If you think that the documentation should get improved, feel free to open a bug ticket, or even a pull request with the suggest change, at https://github.com/composer/getcomposer.org – Nico Haase Jun 27 '21 at 11:17

3 Answers3

1

In composer there's a special exception for require php, it only checks if your system's PHP version meets the requirement.

It's in the composer website under Package links: https://getcomposer.org/doc/04-schema.md#package-links.

Its not literally written though, its quite hard to find in the composer documentation.

aceraven777
  • 4,358
  • 3
  • 31
  • 55
  • Please share more details - what kind of "consistent proof" are you looking for? – Nico Haase Jun 27 '21 at 10:40
  • @NicoHaase Either a soruce file + line, or statements in the docs. I've found docs statements. (see my answer) – JarsOfJam-Scheduler Jun 27 '21 at 10:50
  • Why not search through the source files? Composer is open source, and the specific sections in the documentation have been linked in the comments to your initial question – Nico Haase Jun 27 '21 at 10:50
  • Because @aceraven777's comment/asnwer doesn't exactly answer my question."require and require-dev also support references to specific PHP versions and PHP extensions your project needs to run successfully." is not related to `vendor` directory. – JarsOfJam-Scheduler Jun 27 '21 at 10:54
1

If your require contains something like with

    "php": "^8.0",
    "ext-json": "*",

this does not mean: Install PHP or the JSON extension through Composer, but require that PHP and that extension in the given versions are already installed. That's what the documentation at https://getcomposer.org/doc/04-schema.md#package-links tells you:

require and require-dev also support references to specific PHP versions and PHP extensions your project needs to run successfully.

A regular expression that matches all such platform requirements can be found at https://github.com/composer/composer/blob/9ba042ded8b26230d33ebceb692bf29111d51ba4/src/Composer/Repository/PlatformRepository.php#L34 - currently, it contains:

const PLATFORM_PACKAGE_REGEX = '{^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*|composer-(?:plugin|runtime)-api)$}iD';

...which matches:

  • PHP runtimes in several versions
  • HHVM, a virtual machine that runs a forked version of PHP
  • all kinds of extensions and core libraries, like ext-json or lib-bz2
  • Composer itself, as some packages require special features of Composer v2 which were not available in v1
Nico Haase
  • 11,420
  • 35
  • 43
  • 69
0

All lines in require section of composer.JSON are not packages available on a repository like Packagist: indeed, we can put some "virtual packages" inside this require section (https://getcomposer.org/doc/01-basic-usage.md#platform-packages).

php is one of these virtual packages. So Composer treat the following line...

"require": {
    "php": "^8.0",

... as a virtual package (other name: "plateform package"), and not a package that could be put in vendor.

Then, if we extend a little the following definition of require...

Map of packages required by this package. The package will not be installed unless those requirements can be met.

(https://getcomposer.org/doc/04-schema.md#require)

..., then we can say that "if server's PHP interpretor's version doesn't meet the requirements versions, then Composer will raise a fatal error or something like that.

**Conclusion: being seen as a "virtual/plateform package" by Composer, php won't be installed (put) in vendor directory. It will just make Composer to check if server PHP version matches or not the requirements (if not, an error will be raised). This behavior is different than for other packages that would be, them, downloaded from for example Packagist and installed (put) inside vendor directory. **

JarsOfJam-Scheduler
  • 2,809
  • 3
  • 31
  • 70
  • "All lines in require section of composer.JSON are not packages available on a repository like Packagist" - what do you mean by that? Usually, the `require` section contains numerous packages that can be found on Packagist – Nico Haase Jun 27 '21 at 10:46
  • Pease read the docs https://getcomposer.org/doc/01-basic-usage.md#platform-packages. This is entirely what my question is about. If you put: `php: X.Y.Z` in `composer.JSON` in `require`, it won't be treated as a package that would for example be available in Packagist. It will be treated as a "plateform package" (read my answer). – JarsOfJam-Scheduler Jun 27 '21 at 10:49