Composer is the tool PHP developers use to manage their dependencies. Most of the time a composer.json is set up at the start of a project and then forgotten about. I often run the composer update command to upgrade dependencies and composer require package/name to install something new. Aside from those simple commands, I haven't invested much time learning about more functionality.

When running npm update for Node dependencies, I noticed it bumped the version of the package in the main package.json. I thought it was a nice feature; to keep the main index up to date with the actual version installed. Composer didn't do that.

When I ran composer update I checked what main version updates there were and applied them manually to my composer.json. Turns out I should have RTFM… Nuno Maduro mentioned on Twitter that there is composer bump command that does exactly what I wanted. No more doing this manually! Give it a go…

composer bump

There is also the little-known composer outdated command. This shows you the packages you have installed, comparing their current installed version with their latest. It also highlights whether the version is a major, patch or minor update, helping you decide on how you update them. Some of the packages shown might be dependencies of the packages you install. To restrict this to packages to those you installed, you can add the --direct flag.

composer outdated # All packages
composer outdated --direct # Only packages you installed.

I am sure there are more interesting features to be found lurking in plain sight. Let me know any tips…