composer.json Configuration Standards

Beginner

Enforce composer.json best practices — required fields, version constraint conventions, autoloading configuration, platform requirements, and sort order for clean PHP dependency management.

File Patterns

**/composer.json**/composer.lock

This rule applies to files matching the patterns above.

Rule Content

rule-content.md

# composer.json Configuration Standards

## Rule
All composer.json files MUST include required metadata, use caret version constraints, configure platform requirements, and enable sorted packages.

## Format
```json
{
  "name": "vendor/package-name",
  "description": "Brief package description",
  "type": "project",
  "license": "MIT",
  "require": {
    "php": "^8.2",
    "package/name": "^1.0"
  },
  "require-dev": {
    "phpunit/phpunit": "^11.0"
  },
  "autoload": {
    "psr-4": { "App\\": "src/" }
  },
  "autoload-dev": {
    "psr-4": { "Tests\\": "tests/" }
  },
  "config": {
    "sort-packages": true,
    "optimize-autoloader": true,
    "preferred-install": "dist",
    "platform": { "php": "8.2.0" }
  }
}
```

## Requirements
1. **PHP version** — always declare minimum PHP version in require
2. **Version constraints** — use caret (^) for standard packages
3. **Platform config** — set platform.php to match production
4. **Sort packages** — enable `sort-packages: true` for clean diffs
5. **Autoloading** — PSR-4 for all application code
6. **Description** — meaningful description for all packages

## Examples

### Good — Version Constraints
```json
{
  "require": {
    "php": "^8.2",
    "laravel/framework": "^11.0",
    "guzzlehttp/guzzle": "^7.8",
    "league/flysystem": "^3.0"
  }
}
```

### Bad
```json
{
  "require": {
    "php": "*",
    "laravel/framework": "dev-master",
    "guzzlehttp/guzzle": ">=5.0",
    "league/flysystem": "*"
  }
}
```

## Enforcement
Run `composer validate --strict` in CI to catch configuration issues. Use a linter to verify version constraints are not using wildcard or dev-master.

FAQ

Discussion

Loading comments...

# composer.json Configuration Standards ## Rule All composer.json files MUST include required metadata, use caret version constraints, configure platform requirements, and enable sorted packages. ## Format ```json { "name": "vendor/package-name", "description": "Brief package description", "type": "project", "license": "MIT", "require": { "php": "^8.2", "package/name": "^1.0" }, "require-dev": { "phpunit/phpunit": "^11.0" }, "autoload": { "psr-4": { "App\\": "src/" } }, "autoload-dev": { "psr-4": { "Tests\\": "tests/" } }, "config": { "sort-packages": true, "optimize-autoloader": true, "preferred-install": "dist", "platform": { "php": "8.2.0" } } } ``` ## Requirements 1. **PHP version** — always declare minimum PHP version in require 2. **Version constraints** — use caret (^) for standard packages 3. **Platform config** — set platform.php to match production 4. **Sort packages** — enable `sort-packages: true` for clean diffs 5. **Autoloading** — PSR-4 for all application code 6. **Description** — meaningful description for all packages ## Examples ### Good — Version Constraints ```json { "require": { "php": "^8.2", "laravel/framework": "^11.0", "guzzlehttp/guzzle": "^7.8", "league/flysystem": "^3.0" } } ``` ### Bad ```json { "require": { "php": "*", "laravel/framework": "dev-master", "guzzlehttp/guzzle": ">=5.0", "league/flysystem": "*" } } ``` ## Enforcement Run `composer validate --strict` in CI to catch configuration issues. Use a linter to verify version constraints are not using wildcard or dev-master.