Composer is a dependency manager for PHP projects, including Drupal. It allows you to declare the libraries your project depends on and manages ( install/update) them for you.
DrevOps comes with a pre-configured
composer.json file based on
the Drupal Composer project,
extended to support additional features and tools.
See Working with packages for more information on how to add and manage dependencies in your project.
Drupal Composer project¶
Drupal Composer project provides a starter kit for managing your site dependencies with Composer.
DrevOps extends the Drupal Composer project's
composer.json to support
additional features and tools.
DrevOps team will keep the
composer.json file up-to-date with the latest
version of the
composer.json in the Drupal Composer project, so you can always
make sure you are using the best community practices.
composer.json file is the core configuration file for Composer, detailing
your project's dependencies, scripts, and settings.
This section provides an overview of each part of the
explaining its role and how it contributes to your project's setup and
name is a
unique identifier for the project in Composer's ecosystem consisting of a vendor
name and the project's name.
A brief summary of the project's purpose.
type is used to specify the type of the package. This is important because it
tells Composer and any systems integrating with Composer how to treat the
package. The type key can influence how the package is installed and used.
license indicates the
licence of the project. Since DrevOps is a template for your consumer sites that
are usually proprietary, we use
proprietary as the default value. More license
identifiers are listed at
the SPDX Open Source License Registry.
section defines custom package repositories, essential for accessing packages
outside the default Packagist repository.
See Working with packages for more information on how to provide custom and override existing packages in your project.
drupal: Serves as the official source for Drupal modules, themes, and distributions. It's crucial for a Drupal project using Composer, as it allows access to Drupal-specific packages not available on Packagist.
asset-packagist: Enables the installation of Bower and NPM packages via Composer. This is especially important for Drupal projects needing front-end libraries and tools, bridging the gap between Composer's PHP-centric ecosystem and the broader world of front-end package management.
specifies the essential packages and libraries your project needs.
php: Specifies the minimum PHP version required to run this project. This should be specified as a range rather than an exact version number. E.g.
composer/installers: Allows to install packages to the correct location based on the specified package type such as
cweagans/composer-patches: Allows applying patches to Composer packages, useful for incorporating fixes not yet in official releases. See Working with packages for more information on how to work with patches.
drupal/coffee, etc. - Drupal modules that provide various site administration and development helping functionalities that is usually installed across all of your Drupal sites. DrevOps comes with pre-configured settings for some of the modules to make them work out of the box.
drupal/core-recommended: A package that provides a carefully selected set of dependencies, including specific versions, which are tested and recommended for a particular Drupal core version. It simplifies dependency management by ensuring compatibility and stability, as these dependencies are maintained and curated by the Drupal community.
drupal/core-composer-scaffold: Allows downloading and placing scaffold files (like
update.php, etc.) from the
drupal/coreproject into their desired location inside the web root.
drush/drush: A command-line shell and scripting interface for Drupal, providing a wide range of utilities to manage and interact with your Drupal sites.
oomphinc/composer-installers-extender: Allows any package to be installed to a directory other than the default
vendordirectory within a project on a package-by-package basis. This plugin extends the
composer/installersplugin to allow any arbitrary package type to be handled by their custom installer.
vlucas/phpdotenv: Allows to load environment variables from
.envfiles into PHP so that they become available to the application and can be accessed via
webflo/drupal-finder: Locates Drupal installations in a directory structure.
section lists packages used for development purposes, like code quality checks
and testing. These tools are essential for development but not required in
production environments. This distinction helps to keep the production
deployment streamlined and efficient, while still supporting a comprehensive and
effective development environment.
behat/behat: A PHP framework for Behavior-Driven Development (BDD), allowing you to write human-readable stories that describe the behavior of your application. It facilitates communication between developers, stakeholders, and clients.
dealerdirect/phpcodesniffer-composer-installer: This tool automatically configures PHP_CodeSniffer to use the coding standards (like PSR-2 or Drupal coding standards) installed in a project.
drevops/behat-format-progress-fail: Enhances the output format of Behat tests, focusing specifically on progress and failure scenarios. This makes it easier to spot and address test failures.
drevops/behat-screenshot: An extension for Behat that automatically captures screenshots when tests fail. This is helpful for debugging and understanding why a test failed.
drevops/behat-steps: Provides a collection of pre-defined step definitions for Behat. This package speeds up the process of writing new Behat tests by providing common step implementations.
drupal/core-dev: Includes development-specific dependencies and tools primarily for testing and code analysis, including PHPUnit, PHP_CodeSniffer with rules ( via Coder module).
drupal/drupal-extension: A Behat extension that provides integration with Drupal, offering step definitions specific to Drupal functionality. It facilitates the creation and management of Drupal sites for testing purposes.
friendsoftwig/twigcs: This tool ensures that Twig templates adhere to a set coding standard, helping maintain consistency and readability in template files.
mglaman/phpstan-drupal: Integrates PHPStan static analysis with Drupal-specific code, helping identify potential issues and bugs in Drupal modules and themes.
palantirnet/drupal-rector: Automates the process of updating deprecated code, making Drupal upgrade processes more efficient.
phpcompatibility/php-compatibility: Provides a collection of sniffs for PHP_CodeSniffer to check PHP code for compatibility with different PHP versions, crucial for ensuring long-term maintainability.
phpmd/phpmd: PHP Mess Detector is a user-friendly tool that helps you detect several potential problems in your PHP code, including possible bugs, suboptimal code, and overcomplicated expressions.
phpspec/prophecy-phpunit: Integrates the Prophecy mocking library with PHPUnit to provide advanced mocking capabilities in tests.
phpstan/extension-installer: This package automatically installs and enables PHPStan extensions, streamlining the setup process for PHPStan in your project.
pyrech/composer-changelogs: Provides a summary of package changes (like updates, removals, and additions) after running
composer update, improving the visibility of package changes and updates in your project.
prevents installation conflicts with standalone Drupal core, crucial for
avoiding version clashes and ensuring consistency in core files.
setting controls the minimum stability level of the packages that Composer is
allowed to install. By setting it to
"stable", you are instructing Composer to
prefer stable versions of packages over their unstable (like
settings, when set to
true, instructs Composer to prefer stable versions of
packages even when the
minimum-stability setting allows less stable versions.
This is especially useful in a mixed stability scenario where some dependencies
might not have a stable release yet. It ensures that Composer will use stable
versions wherever possible, thus providing a balance between stability and the
need for newer features or fixes that might only be available in a less stable
specifies key configurations for Composer's behavior in the project.
discard-changes: When set to
true, any local changes made to the dependencies (packages under version control like Git) are discarded without prompting when you run composer install or composer update. Composer will overwrite the local changes with the data from the source repository.
sort-packages: When set to
true, this configuration ensures that packages are sorted in
composer.lock. It makes these files more readable and helps reduce merge conflicts in version control.
allow-plugins: This setting specifies which Composer plugins are allowed to run. It's a security measure to prevent the execution of untrusted code from third-party plugins. Each plugin needs to be explicitly allowed to ensure it can execute.
platform: Specifies the PHP version of the platform environment where the current project runs. This should be specified as an exact version number (e.g.
8.1.0). Should be kept in sync with the
phpversion in the Docker containers.
autoload section is
essential for defining how Composer automatically loads PHP classes within the
project, without needing to manually include or require each class file.
section is essential for defining how Composer automatically loads PHP
development-specific classes within the project, without needing to manually
include or require each class file.
defines custom scripts to be executed at specific points in Composer's workflow,
enhancing the automation and maintenance of your Drupal project.
pre-install-cmd: Executes scripts before the
composer installcommand is run. In your configuration,
DrupalProject\composer\ScriptHandler::checkComposerVersionis specified, which ensures that the Composer version being used is compatible with your project setup. This is vital for maintaining consistency and avoiding issues due to version mismatches.
pre-update-cmd: Runs scripts before the
composer updatecommand is executed. It uses the same script as
pre-install-cmdto check the Composer version, ensuring that updates to your project’s dependencies are compatible with your current Composer setup.
post-install-cmd: Invoked after the
composer installcommand completes. The script
DrupalProject\composer\ScriptHandler::createRequiredFilesis executed, which typically handles tasks like setting up default files and configurations necessary for the Drupal installation.
post-update-cmd: Executes scripts after the
composer updatecommand. It calls the same
createRequiredFilesmethod as in
post-install-cmd, ensuring that necessary files and configurations are updated or re-established following an update of dependencies.
extra section serves as
a source of custom configuration for various packages. These packages read
settings from this section to tailor their behavior according to the specific
needs and structure of your Drupal project.
drupal-scaffold: This setting controls which files should be scaffolded:
locations: Specifies the location of the web root (the directory containing the
file-mapping: Determines which files are managed by the scaffold process. DrevOps comes with sensible defaults, but you can customize this section to suit your needs.
installer-paths: Defines custom installation paths for various types of packages like Drupal modules, themes, and libraries.
installer-types: Specifies additional installer types, such as
npm-asset, that are handled by the
composer-exit-on-patch-failure: This setting, when enabled, causes Composer to exit if a patch from the
cweagans/composer-patchesplugin fails to apply.
patchLevel: Defines the patch level for specific packages, in this case,
-poption followed by a number (e.g.,
-p2) in patch commands specifies the number of leading directories to strip from the file paths found in the patch file. This determines how the paths in the patch file are interpreted relative to the current directory where the patch is being applied.
patches: Specifies the patches to be applied to specific packages. See Working with packages for more information on how to work with patches.