What is Packagist?
Packagist is a Composer package repository. It lets you find packages and lets Composer know where to get the code from. You can use Composer to manage your project or libraries' dependencies - read more about it on the Composer website.
You can find the packagist.org source on GitHub.
How to submit packages?
Naming your package
First of all, you must pick a package name. This is a very important step since it can not change and it should be unique enough to avoid conflicts in the future.
The package name consists of a vendor name and a project name joined by a /. The vendor name exists to prevent naming conflicts. For example, by including a vendor name both igorw and seldaek can have a library named json by naming their packages igorw/json and seldaek/json.
In some cases the vendor name and the package name may be identical. An example of this would be `monolog/monolog`. For projects with a unique name this is recommended. It also allows adding more related projects under the same vendor later on. If you are maintaining a library, this would make it really easy to split it up into smaller decoupled parts.
Here is a list of typical package names for reference:
// Monolog is a library, so the vendor name and package name are the same. monolog/monolog // That could be the name of a drupal module (maintained/provided by monolog, // if the drupal team did it, the vendor would be drupal). monolog/monolog-drupal-module // Acme is a company or person here, they can name their package with a common name (Email). // As long as it's in their own vendor namespace it does not conflict with anyone else. acme/email
Note that package names are case-insensitive, but it's encouraged to use a dash (-) as separator instead of CamelCased names.
Creating a composer.json file
The composer.json file should reside at the top of your package's git/svn/.. repository, and is the way you describe your package to both packagist and composer.
A typical composer.json file looks like this:
{
"name": "monolog/monolog",
"type": "library",
"description": "Logging for PHP 5.3",
"keywords": ["log","logging"],
"homepage": "http://github.com/Seldaek/monolog",
"license": "MIT",
"authors": [
{
"name": "Jordi Boggiano",
"email": "j.boggiano@seld.be",
"homepage": "http://seld.be",
"role": "Developer"
}
],
"require": {
"php": ">=5.3.0"
},
"autoload": {
"psr-0": {
"Monolog": "src"
}
}
}
Most of this information is obvious, keywords are tags, require are list of dependencies that your package has. This can of course be packages, not only a php version. You can use ext-foo to require php extensions (e.g. ext-apc). Note that most extensions don't expose version information, so unless you know for sure it does, it's safer to use "ext-apc": "*" to allow any version of it. Finally the type field is in this case indicating that this is a library. If you do plugins for frameworks etc, and if they integrate composer, they may have a custom package type for their plugins that you can use to install the package with their own installer. In the absence of custom type, you can omit it or use "library".
Known package types include: symfony-bundle
Once you have this file committed in your repository root, you can submit the package to Packagist by entering the public repository URL.
Managing package versions
New versions of your package are automatically fetched from tags you create in your VCS repository.
There are two ways to manage version numbering. The easiest is to just omit the version field from the composer.json file. If it is missing, the version name will be parsed from the tag and branch names. The other way which offers you a bit more flexibility is to define it yourself, but that means you should update the version field in the composer.json file before creating a tag, otherwise the tag will be considered broken and not imported. If you think you're likely to forget, you probably should use the first method.
Tag/version names should match 'X.Y.Z', or 'vX.Y.Z', with an optional suffix for RC, beta, alpha or patch versions. Here are a few examples of valid tag names:
1.0.0 v1.0.0 1.10.5-RC1 v4.4.4beta2 v2.0.0-alpha v2.0.4-p1Branches will automatically appear as "dev" versions that are easily installable by anyone that wants to try your library's latest and greatest, but that does not mean you should not tag releases. The use of Semantic Versioning is strongly encouraged.
If you specify the version manually, it will be ignored by Packagist for branches, and tags will have to contain the same version number as the tag name to be valid, so there is really no benefit to doing this.
Update Schedule
New packages will be crawled immediately after submission if you have JS enabled.
Existing packages without auto-updating (GitHub hook) will be crawled once a day for updates. When the GitHub hook is enabled packages are crawled whenever you push, or at least once a week in case the crawl failed. You can also trigger a manual update on your package page if you are logged-in as a maintainer.
It is highly recommended to set up the GitHub service hook for all your packages. This reduces the load on our side, and ensures your package is updated almost instantly. To do so you can go to your GitHub repository, click the "Admin" button, then "Service Hooks". Pick "Packagist" in the list, and add the API key you will find on your profile, plus your Packagist username if it is not the same as on GitHub. Check the "Active" box and submit the form.
The search index is updated every five minutes. It will index (or reindex) any package that has been crawled since the last time the search indexer ran.
Community
If you have questions about composer or want to help out, come and join us in the #composer-dev channel on irc.freenode.net.
Also join the composer-dev mailing list.