Composer --help

ALLAN CHAPPELL:
Now it's red. And red means it's recording. So, hey there, everybody. Welcome to composer--help. My name's Allan Chappell. I work for Four Kitchens. I generally go by alias General Redneck or Hey You With The Overalls. Most people recognize me at the camps I go to because I happen to wear this getup. And there's a nice little story to that. If you want to know a little bit more about the origins and whatnot of why I get up here and speak in overalls, we can talk about it after the talk. But to start off with, I wanted to introduce you all to the new Four Kitchens. New Four Kitchens' logo looks a little retro on this screen, but we just rebranded and Four Kitchens is a agency where we do good in good company. We try to make the web a better place and to teach and learn and advocate for all. And we're driven by our content expertise and our technical excellence. And we have our partnerships that are rooted in our shared values. We live by our core values. And one of them is to do good. So doing good in good company is where we come from.

Myself, my name is Allan Chappell. I'm a PHP developer. I've been developing for 18 years now. That was a hard number for me to look at here recently. I was like, Dang! And then I've been in Drupal community for about 15 years. I'm a heavy hitter PHP developer, and I specialize in DevOps code and code delivery and continuous integration. I like to build tools that make developers more efficient. So that's where I like to go. And a lot of that starts with Composer these days, believe it or not, specifically, since I'm a PHP developer. Hey, if I'm a JavaScript developer, it probably be NPM, but I'm not. So how many of you use Composer for your day-to-day? I figured that, you know, the answer to that has went way way up since Drupal seven days, you know. How many of you use more than just composer install and composer update? OK. Got any examples? Just real quick, throw them out there. What other commands other than composer...

STUDENT:
Composer validate.

ALLAN CHAPPELL:
Oh, validate. That's a good one.

STUDENT:
Composer why.

ALLAN CHAPPELL:
Composer why? We'll be talking about that today, that's for sure. Those are good ones. And how many of y'all have ever looked at the composer command line documentation?

STUDENT:
Clam, here.

ALLAN CHAPPELL:
Yeah, we got a few. Yeah, well, I'll try to give it to you in a little bit easier-to-consume form than just what you're gonna be reading, and we'll talk about it. This is gonna be a conversation. I'm not gonna try to just spit words out at you, but my goal of this presentation is to rectify that and to do it, you know, kind of in real-time. I'm gonna use some of my Composer-base knowledge to give you some tips along the way. The scope of Composer is a little bit more than just obviously this command line tool that we're going to be, you know, what we're talking about today like its use case goes on into the package's space and like the ideology of your dependencies and dependency management is a big idea and how do we work with that? That's what we're gonna be talking about today. I'm not gonna go top-down per see whenever I talk about this, I'll show you what I mean here in a minute. And I might skip around a little bit and I'm gonna throw in a couple of other, you know, tips and tricks that aren't specifically about the command line tool itself, but you'll be using it to be able to navigate your journey through working with dependencies and dependency management.

So, let's start off by typing in the namesake of this presentation, shall we? Let's type in composer help. Now, this is one of the biggest things that people have about this. This command does not do what you think it will do. It says here, composer help. Let's throw in some things. The list command lists all commands. Well, I guess, yeah, if I really wanted to, why don't you just do the list command for me? OK. Well, it's a composer list. Alright. This is the actual command that we want. This one right here. This is you know, I'm starting to see here that this is a little small, give me a second. Let's throw this a little bit bigger on this screen. There we go. This command lists out all the commands that we'll be talking about today. One of the things in Composer. We can actually use this command composer list to spit out a whole documentation of Composer in a markdown format if you want to, if you wanna read it later. But I'm not gonna sit you through that. It's kind of hard to read, but believe it or not, it's something along the lines of, have you all ever seen, I can't believe I closed that stupid tab.

There is a, if you've ever looked at composer documentation, C-L-I and this is why I said we'll kind of fill our way through this because I go and do something like this. Alright, have you ever looked through this site before?

STUDENT:
No.

ALLAN CHAPPELL:
Yeah, if you haven't, you probably should. If we spit out the MD format, the markdown format of documentation from command line, it pretty much gives you this site. So that's their automation of way they make their own documentation, is they make their tool do the documentation for them while they're building it, you know, in code. So it's kind of cool. We'll be talking about that a little bit. So these are all the commands. And what I mean by we're not gonna go top down, we're not gonna start with about, you know, we don't need to know what about those per se. But there are some really interesting ones in here that I don't know if you've ever went through here and just tried these just to see what they do. Right in this presentation I did. I was kind of enlightened by some of that and I had to go off script from what I put in the summary for this talk to kind of let's go through some of this. So first things first. We did composer help. We did composer list. Let's talk about the first thing you probably need to know that you never knew that you needed to know.

And that is this one right here, completion. Install this. Now if you type this out, composer completion. It spits out this. You have any guess what that is? Of course, you don't. That's all code. But if you do a composer completion help, it tells you exactly what it is. This completion command dumps the shell completion required for the shell auto-completion. How many times have you typed in, you know, composer up D-T-A-T-E or something like that? And you're like, well, crap, I gotta go retype it again or something. Instead, you can do composer up and then it says upgrade, update and I still can't get, tab complete after you install that. So, that's the first thing you need to know. The first thing you need to do is go and install that. It tells you exactly how to do it right here in my bashrc, I used this one down here which is eval. I threw that in my bashrc file and ta-da, now I have completion and that's really nice because then I can do something like, let me go to one of my little cheat sheets here and go composer update drupal core.

You know, how easy is that? So that's the first thing you need to know. That's a power play on Composer. The next thing we need to talk about is how many people's ever used composer init or initiate. How many of you write modules or projects or anything on the day-to-day? And you probably only ever had to use this command once if you ever needed to. And it's really easy. Let's say you're starting a brand new project from scratch and you want to make it where someone else can use, you know, packages or something. Come get it. The first thing you have to do is composer init, ask you some questions. What do you wanna name with space your package as? OK. In our case, I'm gonna just go with Alan and Drupal. OK? What do you wanna make the description? Who do you want to be the author? What is your stability? What type of package is this? Anyone ever contemplated composer package types before? OK. We'll talk about that later too. So by default, everything's a library, FYI, spoiler. And then what is your license?

This is pretty important, but their defaults kind of lacking as in nothing. But I've had that one come back and bite me a few times. And your dependencies, you can search for them here if you want to. I usually go say no here and no here 'cause I wanna define them in a big old list, typically and wordy. And do you have any scripts that are automatic really? Do you need to do any mapping in PSR-4? Anybody else know what PSR-0 and PSR-4 stands for? OK, PSR is a PHP, but I just can't remember, it means it's a regulation, it's a standards regulation. And in case of PSR-0 and PSR-4, they are name spacing regulations. So, how do we map a class name to a directory mapping? And that's what those two stand for. There's other PSR like PSR-7 which have to do with totally different ideas than just class names mapping and stuff. But these are the two that have to do with that. And you'll see that question a lot, especially whenever you're working with PHP. It's like, which one are you using? Which standardization are you using?

Are you using PSR-0, PSR-4? How are you naming your classes versus your namespace versus your directory setting? And by default, we almost always use PSR-4, which is, we put something in the source folder, and then as the namespace grows, we add on a new folder. So your namespace/plugin goes to source plugin, so on and so forth. That's a quick overview. I digress. That's probably for another talk. We'll say yes. OK. So what did that do? If I was to look in here that would actually create this as my composer.json file. So that's my start. That's where I start. That's the start of your Composer project. It might be, except for sometimes we wanna do something from a template. OK? You all probably done this with Drupal before. Let's talk about composer create project for just a second. Composer create project you've seen in the documentation is something like, let's see, something about like this, composer create project drupal/recommended-project drupal. OK? This says let me create a whole project based off of this package.

So if we were to go to packages and search for it, we would actually find one called Drupal recommended project out there. Let's not download that into the vendor folder. Let's actually copy it and put it in your folder and let's put it into Drupal folder, OK? That's what that stands for. So if I was to go look up this package, that's actually a really good one. How do you find out where that package lives? Drupal/recommended project. What is your normal workflow for finding out where to find that on the internet?

STUDENT:
Packages.

ALLAN CHAPPELL:
Packages? Do you go Google?

STUDENT:
Google's last recommended project.

ALLAN CHAPPELL:
How about we do this? Composer browse, oops, Control C. That's exactly why I meant it to do. Composer browse drupal/recommended project. It says, oh so for Composer to work I must ease a couple of things. Give me a second. Composer browse takes you straight to the project. If you say composer browse, that's just homepage, it'll take you to what's listed as the homepage for that project. So in the case, this is really helpful for, like Drupal modules because if you say drupal/ let's say better expose filters. OK? If you say composer browse, let's do that composer browse, you know, drupal/better_exposedfilters. I think it's how it's going. Something like that. Not found. Or is it BEF? Do you all remember? Yeah, I think it's BEF. If you know what it is, then you can go for it. Let me see. I'm gonna go and cheat and let's look in extreme installers' example real quick. I'm gonna look at all of my dependencies really quick, so I'm gonna go with composer.json. I'm gonna look in here. Oh, I've got a lot of them.

Hey, cores is a good one. Everyone needs to look up documentation for cores. So let's say composer browse drupal/cores. Hey, look it take me straight to there. You know how I did, that's just homepage. It actually took me to this one here, to this same link. So just an FYI, you need to add a little bit of efficiency to your life 'cause you wanna go to the Drupal project really quick. This is a way to do it, if you know it. I always end up finding myself going up here and type in drupal.org/project and typing in machine name anyway. So, this is just a little bit quicker that way. Tips and tricks. So, the little obscure things you never knew about Composer. Let's talk about composer create project real quick. So I'm gonna go up here, just one, give me a second. Let me remove my Drupal folder real quick, and I'm gonna do the create project. OK, plenty of Drupal. Y'all probably done this to start off a new Drupal site. That's pretty, pretty simple. There's a couple of things that you can do in there.

So if we do a composer create project help, you can see that there's a couple of things that are in here. Particularly, you can ignore platform requirements or something of that nature. We'll actually talk about that here in a little bit. But this is pretty straightforward. This is something you'll always use. So to see what that did, let's go into Drupal and let's look. You'll see that there's actually already a main folder, a web folder, composer.json with the lock. So if I was to look at the composer.json, it's something like this. First thing I would say you need to do anytime you do this, make sure gonna change that name so that way you don't get confused. So like if I was working at Four Kitchens, I would change this to something like fourkitchens/my test project. And what this does is that whenever you start debugging things, this makes it very clear that it's not Drupal's fault that is broken. OK. That's a thing. So let's talk about install real quick. What's a good module out there?

How about a little bit of shameless self-promotion here? Let's say, I wanna add to my project composer require, actually, I need to do a composer install first, composer install. Let me do a require first, require drupal/ internet's a little slow here, views natural sort. This is one of mine, FYI. So I could not find a stability. Well, OK. So, this would be a good reason to go, first thing you need to do is probably change that. You need to tell it what version you want. So in my case, I'm gonna want to say 2.*@ or 2@dev or something of that nature. But now it says it's giving me a couple of other issues. Now this is the reason why you don't do your technical demos on a fly because now I have to walk through and debug all this stuff for you. This is a challenge here 'cause I was testing out my stuff earlier and can any of y'all tell me right off the top of your head, what's wrong here? Or does this just look like gobbledygook to everybody? The version of PHP. Yeah, I was testing some things with PHP version earlier and you could actually probably do a platform req equals php here ignore platform req php here and probably get it.

Now it says that it can't do that. Let's take its recommendation. So it's actually telling me here that that version does not exist, but here's a good alias for it. OK, so I've installed that version on the wrong version of PHP. Don't do this at home please. This happens sometimes, let's say you're working with Lando and the Lando version is on 8.1, but your local machine's on 7.4, for some reason. And you're too lazy to run Lando composer and do the thing again. You can do this instead. This also helps out whenever you're doing a live like PHP version swap on a server. Now, anyone ever done that before?

STUDENT:
Yes. OK. Yeah. I figured I'm not the only one that does things like that, every once in a while. You might need the code on that server before you actually do the PHP swap. That can happen. So using PHP req or you can, this one this command the way I used it, ignore platform req php just ignores that one. Just the PHP version. You can also do it with extensions, certain extensions. But if you wanna do just everything you can take off that PHP specifically and just add an S to the end of that flag. And now it's everything. It doesn't matter what your system looks like, it's gonna install that thing, you know. Sometimes that brute force, you know, methodology is something you need. This works with require, install, and update. All of those commands. So I've required that one. First, I'm gonna do the right thing. Let me switch my PHP real quick. I am gonna switch it to 8.1 so that I'm actually there. Alright. Now, I should be here. Let's see how we do it... What do you use for switch PHP there?

ALLAN CHAPPELL:
I have an alias for update alternatives on Linux 'cause I'm using Ubuntu. And so the alias I created a switch PHP but it actually runs a whole command sudo update alternatives configure to PHP. Yes sir. OK?

STUDENT:
Oh, does ignoring the platform requirements, does that have any effect on composer lock or is that just the composer dependencies themselves without reference to the platform?

ALLAN CHAPPELL:
OK, the question is does ignoring the platform reqs have any change on composer lock. It does not. It'll use the version, that is, if you're just doing install it doesn't change the lock at all. If you're doing a require, it uses the latest version that is available. So it's smart enough to know that if everybody else is looking for 8.1, I'm gonna use 8.1 as well 'cause that's the lowest version in the lock file so far. You can also force it and there's a configuration for that and I'm sure that y'all have used that before and we can probably go through that here in a little bit too. But in my case, when I did the require, it would have used 8.1 as the lowest. OK, so we've went into a little bit on the require, install, and reinstall. How many of y'all work on contrib modules or patch doom or whatnot? OK, I figured most of the people in this room would. How do you go about doing that development workflow? Like, what's that look like to you?

STUDENT:
I can speak to that. I use that composer install prefer source flag to get the source...

ALLAN CHAPPELL:
Code?

STUDENT:
Code, yeah.

ALLAN CHAPPELL:
So he's on my same page. Anyone else understand what he just said? OK, let me break it down for you for a second. Composer is grabbing code from GitHub, GitLab wherever in the world. Most of the time it goes and it grabs the distribution of it. Does anyone know what that word means? It's the zip file that contains all the code. And that's because it's easy to store and you don't have to worry about Git folders and history and all that stuff mucking up to the water. But when we're making a patch, we have to have or we'd like to have Git because then we had the version history, we have the last known state of the project. So how do you normally do that? Well, some people, they go, they delete the folder, and then go do the git clone command and get it down into the contrib folder, and then they start doing their work. That's a little bit of a process that takes a lot. Let's streamline that a little bit. Composer already knows how to get all of that for you from Git. So let's use it. So you use composer install.

I learned a little bit about a command and composer when I was working on this, I learned something new. I've been doing it the hard way this whole time. I go in there, delete the folder, composer install prefer source. OK, it works. But instead of going in there and deleting the folder now, we can actually do composer reinstall drupal views natural sort prefer source. Prefer source means I'm gonna go git check it out. What it does there, deletes the folder and does get checked out for you. So now I can go here is cd. Let's see, it's in web modules, contrib views, natural source. Do you see it's on that last one? And then from here you can copy and paste your commands from the git suq like normal. OK? So if I was to get remote -v and look at my remotes, these are the remotes that are here. You might have to change these to be the SSH version so that you can push up if you don't have like tokens configured and stuff. But that's easy enough. I can do a git remote or let's say set url and it'll be origin and then change it to whatever I copy and paste from D Dodo.

And then I'm golden, then I can do like a then I do my own thing. So git checkout -b patch branch, you know, do my things. Make my changes, do my git diff, and then push it up. Or if you're in the business of merge requests, push that up. You know, we still got two workflows. We got, you know it happens, it happens. But either way you still use Git, you know. But this makes it really easy. Composer reinstall prefer source. That's the way to go. Notice also really really quick I wanna disclaimer this I'm working with composer 2 exclusively here. I know that some people may still be on composer 1. It happens but most of these tricks will work with composer 1 as well. There's a little bit difference in behavior in the way that works though. Specifically, if you're checking out like a dev version of something, it checks out the source automatically for you instead of getting the zip file first. That's the big difference. And so you wouldn't even have to do to reinstall, you just go in there and start hacking away.

Right, you know? But that's back a little bit. You all feel smarter yet or are you confused? OK, cool.

STUDENT:
Just not in my head.

ALLAN CHAPPELL:
We gotta have those too. Alright, the next thing I wanna talk about is composer update. There's a couple of tricks here I wanna talk about in composer update. We do composer update help. Really? URL crush on the model. Thank you. Thank you. I should just do a dash. OK. cd-, FYI, really, really handy switch. between two directories really fast. Like if you remember, if you went from one to another and you wanna go back, cd- will take you back to your directory that you were before, that's a efficiency in the command line thing. So in this case I. wanna do the same thing I did before. Let's go up a couple of other help. Let's look. So update's got a few tags on it or a few flags on it that are really handy that y'all may or may not know about. We talked about prefer source, prefer install is like you took prefer source and prefer dist and you abstract out until you'll be able to have more than just those two options. You can do either one or do both. With prefer install, if you look there's actually dist source and auto.

And if you read this a little bit, auto chooses source for dev versions dist for the rest. This takes you back to the composer 1 functionality. If you're interested, I'm going back to that direction.

LECTURER:
That's just a really, it's kind of a handy thing. Dry runs really nice. I don't know how many actually do drive run. Normally, I just sit there and do the update and let it air out because it's still gonna revert it anyway. But dry runs, nice for you for your rest of sure i case it does exception out. In some cases it doesn't actually download a whole bunch and you have a half upgraded code base that would be, that could end bad but when does that happen? And then the no dev would probably be one of the flags that I'd like to flag to you and that is disables installation of required dev packages. When do you use that? Can anyone answer? Yes.

STUDENT:
Maybe when you're deploying to live.

LECTURER:
When we're deploying to live is the answer for that one. You will want to use node dev as a flag when you're deploying to live. What you don't want on there, PHP unit is one of them known for being able to execute any code whenever someone calls it from a remote code bug or whatnot, it can execute, it can cause some troubles especially if you don't follow best practices of keeping your vendor folder outside of the web route. So that's a best practice I recommend to. You notice a Drupal recommended actually does that too. It puts everything Pantheon, uses this dot. Aqua uses this pattern. They take everything, all your libraries and stuff. They stick it outside of the web and everything that's public. Goes inside the web folder or the doc root folder or some people call it the build folder. It's yeah. So make sure, that's just a couple of things. Then the other one I'd like to point out here whenever you do that is the optimized auto loader. That one goes hand in hand with no dev when you're pushing to live.

I can show you what optimize auto loader does for you. It's pretty simple. Let me see what's the best way to do this. Get add this. OK. So I'm gonna add all of this. I know it's telling me about submodule. We'll worry about that later. OK. So I added everything to, so if I do a git status real quick. I'm not using a dot git ignore folder. Let's pretend this is something that's going up to production because you know, like on Pantheon or Acquia when you're building out that artifact. We call it artifact build which has everything downloaded. You have to commit it to that git repository. So let's pretend that's this. Now, if this was I did it just standard without any of those no devs or anything. So now if I do a composer install no dev and optimize auto loader, now I do a get diff. Notice that there's a whole bunch more in there. Now, that's not usually your thought of optimizing by putting a whole what's more in there. But this is actually a one to one mapping of every class to every file instead of it having to programmatically go and find every single class using a lookup method.

So that makes it more optimized because you're taking less cycles to go and find things to looking through a dictionary, a hash, an array is oh so much faster than doing an aka for loop on a file system. So that's what that does. I highly recommend you do that. Push into production. Some of the problems this causes or some of the things this is solves depending on which way you look at it, is if you have multiple things that have the same class, same exact class name. That's really bad about this FYI. They have there's like two different repositories have the exact same namespace. The first one wins. When you do not optimize your auto loader, it can switch back and forth. And that happens when you have like Pantheon. Let's take Pantheon or Aquia for example. They have multiple heads for your web, for coming in and hitting your code, right. So that means you have multiple instances of your file system. Well, how do we know which ones first? We don't. Because it could have been stored on this sector in the hard drive on one of them and this sector on the hard drive and the other one.

So you pick up one and then the other. And you know, that causes for some bugs that are really, really hard to track down whereas this one, it would be repeatable because you could see exactly which class it goes to. Sorry about the really deep dive into that. But that's, you know, that's a little bit more information for you to know. Like this is why we do our installs on production the way we do. Yes.

STUDENT:
Dump out load regenerate this.

LECTURER:
Dump out load regenerates your auto load files. Yes. That happens. You will want that to happen when, let's say an exception happens in the middle your install. Sometimes you get a really weird bug and you just can't figure out because it can't find a class. And sometimes that's a good reason to just, it's kind of like what's the first thing you do whenever a Drupal town in trouble? You cleared a cache. So yes sir.

STUDENT:
This is something that you would commit to your project repository.

LECTURER:
This is something you, if is this something you would commit to your project repository, not the source build. OK, if that makes sense. There's a source build, there's an artifact build. Source build is the one that your developers are working on day to day. That's the one that you're doing your code reviews on. That's the one that and you do not commit anything best practice. You do not commit anything in the vendor folder, OK? Anything that you can download as a dependency, you do not commit as a commit into that build. What you do commit is the composer lock file. So if I was to look at my structure here, I have this composer lock file. It has the exact mapping of every single version, of every single dependency within the project at the last person updated to. This is vital for repetitively which means so that each of your developers are on the exact same version of the exact same libraries every time they build. If you get rid of your lock file, it's always the latest. And that could cause trouble whenever a programmer A is doing a feature and programmer B is doing a feature and they're like, well, this thing's broken and they're like, well, but it's working on my machine, but it's not on my machine, why?

You can't find out really easily because unless you sit there and go line by line and check the versions of the libraries. This enables consistency. That's also why MPM started. You know, back in the day, you had shrink-wrap. I don't know if you all remember that. And then they started. Actually having to package lock file because of this exact issue. Yes, sir.

STUDENT:
Couldn't you lock it in composer.json without the parents?

LECTURER:
Yes. So he's he says, can't you lock the version and the composer.json without the carrot? And so just to kind of illustrate what's going on there. Let's look at the composer.json here. Composer, I can type. Let's see. OK. So this is one that was built with the Drupal project. You see, where am I at real quick. I was afraid that we might not be able to get through everything on this. And that looks like it's going to be the case here. OK, let's get down to the required section. So here on the required section we have the carrots. That's a special symbol there that says get this version as the lowest or anything above it within the same major version. Not to be confused with this one. I know I'm going off script of what your question right quick. The tilde which is magical, it's like a unicorn which says the tilde without the carrot. Let me, everybody's watching my typos, like, escalate like crazy. The tilde here says, get anything that's between this. It's special depending on whether you're on a sub version or not and how many versions you put here in your version numbers you put in here.

But it basically in this case, I would not get anything in this case that is above 10.0. So if I had a 10.0.99 come out, I would get that, but I would not get 10.1. Does that make sense? This is really handy for like if you're still stuck on like 9.4 and you do not wanna go up to 9.5 because you're so afraid that it's gonna blow up your site. That's when you use that. OK. You'll stay on 9.4 and then you can control 9.5. If you used a carrot, then you're going from. 9.4 up to 9.5.7 and then your client is like what the hey. That happens. So in this case, I highly recommend actually using the carrot, using the tilde in this case, in this particular case for doing your Drupal core versions. But to your point, why can't we just do this? Because in this case, then I have to manually go in here and control every single version like manual manually. So if I wanted to upgrade all these core versions, it's a little bit of a chore 'cause first, I need to go look and see what the newest version is.

Then I have to go in here and say, oh, that one's one, that one's one and that one's one. Oh, OK, I'm done. OK, I'm not going. No. So that's why you can but it's not best practice to. So in this case, I'm deciding that this is the lowest version, but I wanna be able to update it. So I'm going to use 10.0.0 with a tilde in it. And then what I can do here is do a composer update. You've probably seen this one. And here this is one of the tricks. Drupal core and Drupal Core star. OK, I'm going to throw in a little flag here too. That's W. There's a long version of that one. But I value my typing.

STUDENT:
composer (UNKNOWN)

LECTURER:
Thank you.

STUDENT:
(UNKNOWN)

LECTURER:
Yeah. I really need to put in some aliases on here. So with that said, now, I'm not old version right now so that this doesn't help. This doesn't show why I'm trying to show you right this minute. But one of the things I wanted to point out here is I put this in quotes. Star means what it means pretty much anywhere, it's wildcard. But it also means wildcard on the Linux command Line. So if you use Star on the Linux command line row, it's referring to folders. So you might accidentally if you have the right folder name, go update some packages you didn't wanna update. But in this case, I wanna update every package that starts with Star. That could also mean I wanna update everything that's in the vendor Drupal. This would update all my modules if I was to do this. So Drupal/star would update all my Drupal modules. That's a good one to use, especially whenever you're like CK editor for example. If you're CK editor and a whole bunch of plugins, you might do CK editor slash/Star or something of that nature.

If you know that there's a vendor where you don't wanna have to type out the packages one by one by one, this could be a strategy. That's w. I'm sure you all know about and probably it's little brother, little W. Can you all tell me what the difference between Big W and Little W? I'm not talking about George Bush, so... OK Big W means everything, including the things that's you and your package defined. So let's see, Vim composer.json. If I was to have something like views, natural sort and views natural sort was a dependency of one of these others I was updating and I use a big W, it would also update. If you use little W, then it does, it's a hey, you've got to have this version in your project. I don't feel comfortable touching that right now. Let's just update all the things that you didn't explicitly list out here and we'll leave that one alone. That's what the little W means. So Big W is usually use little W whenever you're doing modules and things and big W when you're doing core updates.

That's the cheat sheet version of things. OK. The other thing I wanted to put out here is update has a special power. It doesn't have to go to the latest version and you don't have to require something to be a special version to not be at the latest version. Let's say, for instance, I wanted to go back to Drupal core 10.0.0. How would you normally do that?

STUDENT:
Composer required.

LECTURER:
Yeah, composer required 10.0.0 and that be a fixed version. We're back to that. But what if I wanna test it out just see if it works real quick. I mean, without having to go do all that, let's do a composer update Drupal core 10.0.0. OK. It's locked. Did I, let me see it. I have other things that are up that are also in there. I wonder if this is actually. I've never tried this. Let's see if this works quick. I've done this with modules before, but I haven't tried it with core. Oh, nothing to install. OK, that didn't work. Let's do views natural sort real quick. Let's do a different command real quick and have you all ever heard of show, Composer Show?

STUDENT:
Yeah.

LECTURER:
It's pretty handy. Let's say composer show Drupal/views, natural sort. OK, this is showing me the version I have installed FYI. This gives me all the information about it, including its dependencies. OK, if you wanna see what the dependencies of a particular package is, this is the way to go. It gives you some good information like home page. Remember I told you about Browse, it'll take you there and if you just do or here. So that's the version I have. But what if I want to find out about all the versions? I can do this. That's all. And what it should do is show me all the versions that's available. OK. S`o now what I can do is like, I wanna test out an earlier version. Let's do Alpha six or Alpha five, for example. Let's do that. So now I can do my update, Composer Update Drupal views Natural sort:5. Come on. OK. So let me do this in a form that's acceptable. I'm doing this on the fly again, and this is one of the places where I messed up. So if this was a normal version number, I can choose a version that still meets the constraints but is not the latest one.

Does that make sense? So, for instance, if I was to have... what's another good module, just real quick, let's do a composer require Drupal. Yeah, that's a good one. Thank you. And look at all the other stuff it downloads with it. OK, so let's. So we downloaded that. So let's say I wanted,, let's see what's available for composer show Drupal Path auto all. We have all these versions right here. Okay let's I want to test out what 1.9.0 it's like. So I do composer update Drupal path auto 1.9.0. Oh, check this out. We have that constraint there. So what if I did a require to this real quick? So I'm gonna set the requirements to just 1.0 because this is an old site. This was an old site. But notice that it didn't update anything because that still meets the requirements, the 1.11. Now I can actually go back to the older version. Oh, come on. What's wrong with you?

STUDENT:
Dependency.

LECTURER:
We'll get there. You know what...

STUDENT:
A group of ten is saying (UNKNOWN) (CROSSTALK) But there's a lot of that going on right now.

LECTURER:
And this is why a composer frustrates the hell out. Most of the people in here, this right here. And if I was on Drupal nine, we wouldn't have.

STUDENT:
Core first to see.

LECTURER:
Yeah. Yeah.

STUDENT:
Getting tripped up now. Is definitely hard to understand like what exactly all that stuff means.

LECTURER:
Yes.

STUDENT:
Take a little while read.

LECTURER:
Yeah. This is what we're learning right now, is how do you read the problem text especially whenever it's like 25 lines long. Actually, so let's use this real quick. Why is this not working for me? You know. It's like, OK, well, I've tried this a couple of times. So, hey, how many of you know about composer Why and composer why not? OK, let's do that. Composer why Drupal Path Auto or let's say why not in this case. Path auto and let's type into version 1.0.9.

STUDENT:
(UNKNOWN)

LECTURER:
Yep. That's it. That's one.

STUDENT:
Typing cards.

LECTURER:
So what I typed wrong this time?

STUDENT:
1.9.1 should be.

LECTURER:
Yeah, OK. Again, this is the now I've made so many mistakes. I'm like, setting up here shaking in my boots. It's like, alright, here we go. So this is the reason. This one gives you a little bit more info. It says Drupal core. So my project does not require Drupal core, but, let me see. So it's requiring Drupal core 8 or 9. OK. That's what it says. But we're requiring 10.0.8 in our case or that one's installed. And so this is a way for you to kind of, you can systematically start looking through this and this will give you a little bit more information about things. Another really interesting one, and I've got about four minutes left. Let me see, where is that? This one's really interesting. Let's look at the tree. I don't know how many of y'all have ever looked at a dependency tree before? Well, this is, I can look at the dependency tree of this particular one as it pertains to my project. So in this one, I'm requiring 1.11.0. And that one required and this one I'm trying to require 1.9.0.

This is the why not and this is what it's not working for. Why actually is a little bit more. If you use tree with why instead of why not, it's a little bit more intuitive. You can also...

STUDENT:
Do token.

LECTURER:
Yeah.

STUDENT:
That has a...

LECTURER:
Let's actually, let me just, you can instead of using why not, we can use show, OK. And let's use token with tree. Here's the dependency tree for token. This is all the things you have to install to have Drupal token installed in your project. It does have some redundancy here because Drupal core is huge one. Requires this, which requires this, which requires that's your PHP version. But then you have this which requires that PHP version and so on and so forth. But this is a really easy way to kind of say easier way to find out like where in the dependency tree has something gone wrong and that why and why not dumbs it down for you a little bit more whenever you're looking at the tree. But if you wanna look at the full tree, you show and you can see like, OK, Drupal actually requires a lot of stuff. Yeah, I'm not tackling that today. This is gonna be an eight hour project. That's kind of like but then you can take the information you were getting in that problem statement and start to kind of distill it into something here.

This is what composer is going through to find out what packages you need to be able to put on here. And this is just one instance, one like permutation of all the possible permutations of how projects could, how packages could go together. And we all wonder why composer slow. I mean, you try to consume this. That's a thing. Alright. I'm not going to get to installs, into installers today. I hope y'all aren't sad about that one. There's a lot to dive into there. Let me leave you with a couple of other ones that you might wanna use. Composer audit. Let's go to this guy just to give you a quick thing. Look at this one. This is this composer file. So on my clients. This is a Drupal seven site FII. But all the patch patches, you know, so it keeps on going. All the custom packages. How many of y'all use custom packages? Yeah. No, a really cool with installers. Just a really cool one, really quick. You can actually take and install things by vendor. For instance, we have ck editor and ck editor plugins.

I created packages with the vendor name ck editor plug in. That means I can install all the ck editor plugins into the same directory. OK. And that's because we have a whole bunch of custom ones, we're going down and downloading, right? So not just the ones that came with. So in this case, we went and hit the download and we downloaded it into, we called it a Drupal Library. Again, I was told you I talk about types a little bit. I'm not gonna get to that today, but there's only certain number of defined types in the composer installers package. You can go look that up on composer installers GitHub page. It's really long but it doesn't contain everything, particularly two big ones we use all the time. MPM asset and Bower asset from the respective packages. That's where oomph comes in and you can use that as a custom installer. But I digress into that. In this case, Drupal libraries already used. I can go up there and define something though for Drupal library. Let me get up there to the top.

OK. And this one right here says, these are the rules for installers really quick. And there's one here that says if we have the vendor of ck editor plugin, that means everything before the slash is ck editor plug in. I can put it in that folder. That's a trick you might wanna use one day. So that's installing. Composer audit really quick. These are all the security updates. They're outstanding for this particular package. You can go in here, use composer why. You know, why am I not using or why not for those particular versions. So composer why not harvesting chosen and then version 1.8.7. It thinks about for a second and it says that's because you, you idiot, are just requiring 1.1.0, upgrade now. That's all that means. OK. It might get and it tells you how right here. Another one composer outdated. This is really good one for making reports. Red is not bad. Yellow is worse. I know, I know. Red means that you're most, you theoretically can hit that version easily. OK. So you should.

And yellow is that's a major upgrade, don't do it willy nilly. So that's what those mean. And they actually showed you. It'll tell you that in the instructions up at the top. And then one last one really quick, let me see. Oh, here's two really quick. Composer exec, execute. How many times have you not known where the hell the damn bin folder was because someone decided to configure it somewhere else? Well, now you always know. Composer execute rush. Hey, he goes runs trust. It doesn't matter where it is, it just executed it. That's one way to do it. And then the composer run function. Again, if I can type run scripts. And these are all the scripts that are defined within this particular composer.json. Have you all, you all probably defined scripts before. This is how you run them from command line. Sorry about the plethora of knowledge and the brain exploding bits that we went through here. I hope you all enjoyed it. I hope you come away with at least something you can Google. If not, this will be recorded.

Come back and look at it and make fun of how many times I misspelled composer. But thank you all for coming.