Why you should use Composer with Magento

user news

Composer has been one of the major advances in PHP over recent years. It allows the management of dependencies of PHP Repositories. Much the same as the Magento tool Modman but with better dependency management.

Composer allows you to list the dependencies you need in a project as well as each repository stating its own dependencies. You can then run a command which will download every required repository. This might not sound like that big a deal but when it comes to updating your code this has huge benefits.

Setting up Composer with Magento

See https://github.com/Cotya/magento-composer-installer for details on setting up composer with Magento.

This is an example composer.json file I would use when starting a project, although I've removed a lot of repositories which are in private repos that I cannot share here.

    "repositories": [
            "type": "composer",
            "url": "http://packages.firegento.com"
            "type": "composer",
            "url": "http://packages.adapticdesign.com"
          "type": "vcs",
          "url": "git@github.com:philwinkle/Philwinkle_AppliedPatches.git"
    "require": {
        "aoepeople/aoe_scheduler": "dev-master",
        "philwinkle/appliedpatches": "dev-master",
        "magemash/symfonyconsole": "dev-master",
        "magemash/magemash-commands": "dev-master",
        "magento-hackathon/magento-composer-installer": "3.0.*"
    "require-dev": {
        "madalinoprea/magneto-debug": "dev-master",
        "connect20/yireo_checkouttester": "0.0.4"
        "magento-root-dir": "../"

Composer Update or Composer Install

A quick note here – There is a very important difference between using the update and the install commands. Make sure you understand this before using Composer on a live server.

Composer Update – This will update all the repositories, doing pulls where necessary. It will then create a composer.lock file which is a list of the exact version of every repository you have in your vendors folder. You should not use this on the live server as this is for running updates. You should do this in development then test and use “composer install” on live.

Composer Install – This will check that all the repositories in the vendors folder match the exact version listed in the lock file. Any that don't match, composer will pull that version. This is for replicating the dependencies which you have tested and know that are safe. You would use this on a live server instead of “composer update”.

Updating third party modules after patch

After all the patches released this year (2015), Magento developers are familiar with the time it takes to update versions of every broken module. With Composer set up this is much easier to deal with as you just have to update the composer.json file and run “composer update”. The problem with Magento1 is that a lot of the paid modules are not available from repos which means you cannot get them with composer ( unless you create your own repo). Most free modules are available on packages.firegento.com

Using your own core modules with Composer

This is where I find composer most useful. Most Magento developers / agencies will have their own Magento extensions which they use over and over again. The old way would be to just manually install the extension in each project and make a customisation when required. The problem is when you need to update the same thing in every installation of the module you have made. Without composer you manually update every project or you create a patch. The easy composer way is to update it once on the repository then run "composer update" in eech project. You can also define dependencies in your modules. I use a custom core modules then have it as a dependency for all my other custom modules

Use Satis

Satis creates a list of all your repositories with versions in a format which is readable by a composer file. http://packages.firegento.com is a Satis site which lists most of the free Magento extensions but you can also create your own Satis site where you can have private and public repositories. Just make sure you have the SSH keys set up for the private repos. You then include the link in your composer file which means you only need the one link rather than a individual link to every repo.

Use the autoloader to allow use of namespaced modules

Details here for setting up the autoloader can be found here. This will allow the use of other namespaced php repositories.

Try the magemash symfony console

One extension I created which makes use of the Composer autoloader is magemash/symfonyconsole which also uses magemash/magemash-commands. It searches for symfony console commands which are defined in a Yaml file and allows it to be used with the file app/console.php. This is just a very basic extension which needs a lot of work but it shows the use of using the namespaced modules.

Build modules which are not Magento dependant

Something which I feel is important for the Magento community is to be contributing modules which can also be used by other frameworks. The use of composer makes is much easier to create a standalone module which can be used in Symfony, Laravel, Yii but also Magento. Yes it would mean more work as you may need a bridging module in Magento as well as the standalone module. But a module is so much more valuable when it's cross platform.


Thankfully Magento2 dependencies are installed and managed with Composer. This is a huge step forward and should make updating all modules in a project very easy. It's not quite clear how Connect for Magento2 is going to work and how it is going to use Composer. Hopefully paid extensions will also be managed with Composer but we'll have to wait and see.


In summary just try Composer and you will not regret it.

Author Bio

Scott Pringle - PHP Magento and Symfony developer with 5 years experience.

Comment Form