Allen 2022-10-16 02:31:11 10573 0 0 0 0

在 Windows 中,你需要下载并运行 Composer-Setup.exe。







打开命令行窗口(windows用户)或控制台(Linux、Mac 用户)并执行如下命令:


composer config -g repo.packagist composer


composer config -g repo.packagist composer




composer create-project topthink/think tp



composer update topthink/framework


D:phpstudy_proWWW>composer create-project topthink/think tp
Creating a "topthink/think" project at "./tp"
Installing topthink/think (v6.0.13)
  - Downloading topthink/think (v6.0.13)
  - Installing topthink/think (v6.0.13): Extracting archive
Created project in D:phpstudy_proWWW	p
Loading composer repositories with package information
Updating dependencies
Lock file operations: 16 installs, 0 updates, 0 removals
  - Locking league/flysystem (1.1.9)
  - Locking league/flysystem-cached-adapter (1.1.0)
  - Locking league/mime-type-detection (1.11.0)
  - Locking psr/cache (1.0.1)
  - Locking psr/container (1.1.1)
  - Locking psr/http-message (1.0.1)
  - Locking psr/log (1.1.4)
  - Locking psr/simple-cache (1.0.1)
  - Locking symfony/polyfill-mbstring (v1.26.0)
  - Locking symfony/polyfill-php72 (v1.26.0)
  - Locking symfony/polyfill-php80 (v1.26.0)
  - Locking symfony/var-dumper (v4.4.46)
  - Locking topthink/framework (v6.0.13)
  - Locking topthink/think-helper (v3.1.6)
  - Locking topthink/think-orm (v2.0.54)
  - Locking topthink/think-trace (v1.4)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 16 installs, 0 updates, 0 removals
  - Downloading psr/cache (1.0.1)
  - Downloading league/mime-type-detection (1.11.0)
  - Downloading league/flysystem (1.1.9)
  - Downloading league/flysystem-cached-adapter (1.1.0)
  - Downloading psr/container (1.1.1)
  - Downloading psr/http-message (1.0.1)
  - Downloading symfony/polyfill-php80 (v1.26.0)
  - Downloading symfony/polyfill-php72 (v1.26.0)
  - Downloading symfony/polyfill-mbstring (v1.26.0)
  - Downloading symfony/var-dumper (v4.4.46)
  - Downloading topthink/think-helper (v3.1.6)
  - Downloading psr/simple-cache (1.0.1)
  - Downloading psr/log (1.1.4)
  - Downloading topthink/think-orm (v2.0.54)
  - Downloading topthink/framework (v6.0.13)
  - Downloading topthink/think-trace (v1.4)
  - Installing psr/cache (1.0.1): Extracting archive
  - Installing league/mime-type-detection (1.11.0): Extracting archive
  - Installing league/flysystem (1.1.9): Extracting archive
  - Installing league/flysystem-cached-adapter (1.1.0): Extracting archive
  - Installing psr/container (1.1.1): Extracting archive
  - Installing psr/http-message (1.0.1): Extracting archive
  - Installing symfony/polyfill-php80 (v1.26.0): Extracting archive
  - Installing symfony/polyfill-php72 (v1.26.0): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.26.0): Extracting archive
  - Installing symfony/var-dumper (v4.4.46): Extracting archive
  - Installing topthink/think-helper (v3.1.6): Extracting archive
  - Installing psr/simple-cache (1.0.1): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing topthink/think-orm (v2.0.54): Extracting archive
  - Installing topthink/framework (v6.0.13): Extracting archive
  - Installing topthink/think-trace (v1.4): Extracting archive
14 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
> @php think service:discover
> @php think vendor:publish
6 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Found 1 security vulnerability advisory affecting 1 package.
Run composer audit for a full list of advisories.



D:phpstudy_proWWW>composer audit
Composer could not find a composer.json file in D:phpstudy_proWWW
To initialize a project, please create a composer.json file. See


Basic usage#
For our basic usage introduction, we will be installing monolog/monolog, a logging library. If you have not yet installed Composer, refer to the Intro chapter.

Note: for the sake of simplicity, this introduction will assume you have performed a local install of Composer.

composer.json: Project setup#
To start using Composer in your project, all you need is a composer.json file. This file describes the dependencies of your project and may contain other metadata as well. It typically should go in the top-most directory of your project/VCS repository. You can technically run Composer anywhere but if you want to publish a package to, it will have to be able to find the file at the top of your VCS repository.

The require key#
The first thing you specify in composer.json is the require key. You are telling Composer which packages your project depends on.

    "require": {
        "monolog/monolog": "2.0.*"
As you can see, require takes an object that maps package names (e.g. monolog/monolog) to version constraints (e.g. 1.0.*).

Composer uses this information to search for the right set of files in package "repositories" that you register using the repositories key, or in, the default package repository. In the above example, since no other repository has been registered in the composer.json file, it is assumed that the monolog/monolog package is registered on (Read more about Packagist, and about repositories).

Package names#
The package name consists of a vendor name and the project's name. Often these will be identical - the vendor name only exists to prevent naming clashes. For example, it would allow two different people to create a library named json. One might be named igorw/json while the other might be seldaek/json.

Read more about publishing packages and package naming. (Note that you can also specify "platform packages" as dependencies, allowing you to require certain versions of server software. See platform packages below.)

Package version constraints#
In our example, we are requesting the Monolog package with the version constraint 2.0.*. This means any version in the 2.0 development branch, or any version that is greater than or equal to 2.0 and less than 2.1 (>=2.0 <2.1).

Please read versions for more in-depth information on versions, how versions relate to each other, and on version constraints.

How does Composer download the right files? When you specify a dependency in composer.json, Composer first takes the name of the package that you have requested and searches for it in any repositories that you have registered using the repositories key. If you have not registered any extra repositories, or it does not find a package with that name in the repositories you have specified, it falls back to (more below).

When Composer finds the right package, either in or in a repo you have specified, it then uses the versioning features of the package's VCS (i.e., branches and tags) to attempt to find the best match for the version constraint you have specified. Be sure to read about versions and package resolution in the versions article.

Note: If you are trying to require a package but Composer throws an error regarding package stability, the version you have specified may not meet your default minimum stability requirements. By default, only stable releases are taken into consideration when searching for valid package versions in your VCS.

You might run into this if you are trying to require dev, alpha, beta, or RC versions of a package. Read more about stability flags and the minimum-stability key on the schema page.

再运行 compose update,

D:phpstudy_proWWW	p>composer update
Loading composer repositories with package information
Updating dependencies
Nothing to modify in lock file
Installing dependencies from lock file (including require-dev)
Nothing to install, update or remove
Generating autoload files
> @php think service:discover
> @php think vendor:publish
File D:phpstudy_proWWW	pconfig	race.php exist!
6 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Found 1 security vulnerability advisory affecting 1 package.
Run composer audit for a full list of advisories.

D:phpstudy_proWWW	p>composer audit
Found 1 security vulnerability advisory affecting 1 package:
| Package           | topthink/framework                                                               |
| CVE               | CVE-2022-38352                                                                   |
| Title             | ThinkPHP deserialization vulnerability                                           |
| URL               |                                |
| Affected versions | <=6.0.13                                                                         |
| Reported at       | 2022-09-16T00:00:39+00:00                                                        |

D:phpstudy_proWWW	p>


Tag: Composer PHP
我也要发一个   ·   返回首页   ·   返回[PHP]   ·   前一个   ·   下一个
请先 [ 注册 ] or [ 登录 ]
返回首页     ·   返回[PHP]   ·   返回顶部