Get Composer to suggest dev packages to require-dev

Published On31 Aug 2023

Get Composer to suggest dev packages to require-dev

Composer 2.4 added a feature that the composer require command prompts to install the package with --dev flag if the package being installed is meant to be used as a developer tool.

When the --dev flag is passed, the package is installed under require-dev section in the composer.json file, and other Composer commands (such as composer update, install, dump-autoload, etc can optionally skip require-dev dependencies.

Composer require dev tools prompt
When attempting to install PHPUnit, Composer automatically prompts to install it with the --dev flag

Composer inspects the keywords section of the composer.json file being installed, and if it contains dev, testing, or static analysis as keywords, Composer prompts the user to install it with --dev flag if it is not passed.

The prompt contains the reason why the package was determined to be a dev dependency:

The package you required is recommended to be placed in require-dev (because it is tagged as "testing") but you did not use --dev.

This feature is skipped if Composer is run in a non-interactive environment (such as CI builds or when --no-interaction flag is passed).

How to make Composer prompt --dev flag on your packages

If you publish a developer tool (such as testing tools, data fixture tools, debugging tools, etc.), you can make use of this feature so Composer interactively prompts the user to install them under require-dev section in case the user forgets to use the --dev flag.

To do this, add one of the following keywords to the keywords section of the package's composer.json file.

Keywords Composer uses to recommend a package as a dev dependency:

  • dev
  • testing
  • static analysis

Update the composer.json file, and add one of the keywords above to the keywords section:

  "name": "you/your-dev-tool",
+ "keywords": ["dev"],
  "type": "library",

The keyword only needs to be present in the default branch, and not necessarily in all branches and tags.

Recent Articles on PHP.Watch

All ArticlesFeed 
How to fix `mysql_native_password` not loaded errors on MySQL 8.4

How to fix mysql_native_password not loaded errors on MySQL 8.4

How to fix the SQLSTATE[HY000] [1524] Plugin 'mysql_native_password' is not loaded errors caused in MySQL 8.4 no longer enabling the mysql_native_password plugin by default.
How to fix PHP Curl HTTPS Certificate Authority issues on Windows

How to fix PHP Curl HTTPS Certificate Authority issues on Windows

On Windows, HTTPS requests made with the Curl extension can fail because Curl has no root certificate list to validate the server certificates. This article discusses the secure and effective solutions, and highlights bad advice that can leave PHP applications insecure.
AEGIS Encryption with PHP Sodium Extension

AEGIS Encryption with PHP Sodium Extension

The Sodium extension in PHP 8.4 now supports AEGIS-128L and AEGIS256 Authenticated Encryption ciphers. They are significantly faster than AES-GCM and CHACHA20-POLY1305. This article benchmarks them and explains how to securely encrypt and decrypt data using AEGIS-128L and AEGIS256 on PHP.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.

Support PHP.Watch — If you find the articles, version information, Codex, and other PHP.Watch contributions useful, consider supporting through GitHub Sponsors. Your sponsorship helps dedicate more time to creating valuable content and improving the PHP community. Together, we can keep the momentum going — thank you for your support!

Thanks to the highest tier sponsor: @TomasVotruba for your generous support to keep PHP.Watch moving 💜