What is Packagist?

Packagist is a Composer package repository. It lets you find packages and lets Composer know where to get the code from. You can use Composer to manage your project or libraries' dependencies - read more about it on the Composer website.

How to submit packages?

Naming your package

First of all, you must pick a package name. This is a very important step since it can not change and it should be unique enough to avoid conflicts in the future.

The package name consists of a vendor name and a project name joined by a /. The vendor name exists to prevent naming conflicts. For example, by including a vendor name both igorw and seldaek can have a library named json by naming their packages igorw/json and seldaek/json.

In some cases the vendor name and the package name may be identical. An example of this would be `monolog/monolog`. For projects with a unique name this is recommended. It also allows adding more related projects under the same vendor later on. If you are maintaining a library, this would make it really easy to split it up into smaller decoupled parts.

Here is a list of typical package names for reference:

// Monolog is a library, so the vendor name and package name are the same.
monolog/monolog

// That could be the name of a drupal module (maintained/provided by monolog,
// if the drupal team did it, the vendor would be drupal).
monolog/monolog-drupal-module

// Acme is a company or person here, they can name their package with a common name (Email).
// As long as it's in their own vendor namespace it does not conflict with anyone else.
acme/email

Note that package names are case-insensitive, but it's encouraged to use a dash (-) as separator instead of CamelCased names.

Creating a composer.json file

The composer.json file should reside at the top of your package's git/svn/.. repository, and is the way you describe your package to both packagist and composer.

A typical composer.json file looks like this:

{
    "name": "monolog/monolog",
    "type": "library",
    "description": "Logging for PHP 5.3",
    "keywords": ["log","logging"],
    "homepage": "http://github.com/Seldaek/monolog",
    "license": "MIT",
    "authors": [
        {
            "name": "Jordi Boggiano",
            "email": "j.boggiano@seld.be",
            "homepage": "http://seld.be",
            "role": "Developer"
        }
    ],
    "require": {
        "php": ">=5.3.0"
    },
    "autoload": {
        "psr-0": {
            "Monolog": "src"
        }
    }
}
Most of this information is obvious, keywords are tags, require are list of dependencies that your package has. This can of course be packages, not only a php version. You can use ext-foo to require php extensions (e.g. ext-curl). Note that most extensions don't expose version information, so unless you know for sure it does, it's safer to use "ext-curl": "*" to allow any version of it. Finally the type field is in this case indicating that this is a library. If you do plugins for frameworks etc, and if they integrate composer, they may have a custom package type for their plugins that you can use to install the package with their own installer. In the absence of custom type, you can omit it or use "library".

Once you have this file committed in your repository root, you can submit the package to Packagist by entering the public repository URL.

Managing package versions

New versions of your package are automatically fetched from tags you create in your VCS repository.

The easiest way to manage versioning is to just omit the version field from the composer.json file. The version numbers will then be parsed from the tag and branch names.

Tag/version names should match 'X.Y.Z', or 'vX.Y.Z', with an optional suffix for RC, beta, alpha or patch versions. Here are a few examples of valid tag names:

1.0.0
v1.0.0
1.10.5-RC1
v4.4.4beta2
v2.0.0-alpha
v2.0.4-p1
Branches will automatically appear as "dev" versions that are easily installable by anyone that wants to try your library's latest and greatest, but that does not mean you should not tag releases. The use of Semantic Versioning is strongly encouraged.

Update Schedule

New packages will be crawled immediately after submission if you have JS enabled.

Existing packages without auto-updating (GitHub/BitBucket hook) will be crawled once a day for updates. When a hook is enabled packages are crawled whenever you push, or at least once a week in case the crawl failed. You can also trigger a manual update on your package page if you are logged-in as a maintainer.

It is highly recommended to set up the GitHub/BitBucket service hook for all your packages. This reduces the load on our side, and ensures your package is updated almost instantly. Check the how-to in your profile page.

If you use BitBucket, GitLab or other non-supported method you can add a "POST" hook or Push Event and then enter 'https://packagist.org/api/update-package?username=XXX&apiToken=YYY' as the URL. To manually send update notices from other services you can build up a POST request to the previous URL and send the following JSON request body: {"repository": { "url": "...the VCS url Packagist should update..."}}. Do not forget to send a Content-Type header set to application/json too.

The search index is updated every five minutes. It will index (or reindex) any package that has been crawled since the last time the search indexer ran.

Community

If you have questions about composer or want to help out, come and join us in the #composer channel on irc.freenode.net. You can find more community resources in the Composer documentation.

Contributing

To report issues or contribute code you can find the source repository on GitHub.