Get Composer to suggest dev packages to require-dev

Published On31 Aug 2023

Get Composer to suggest dev packages to require-dev

Composer 2.4 added a feature that the composer require command prompts to install the package with --dev flag if the package being installed is meant to be used as a developer tool.

When the --dev flag is passed, the package is installed under require-dev section in the composer.json file, and other Composer commands (such as composer update, install, dump-autoload, etc can optionally skip require-dev dependencies.


Composer require dev tools prompt
When attempting to install PHPUnit, Composer automatically prompts to install it with the --dev flag


Composer inspects the keywords section of the composer.json file being installed, and if it contains dev, testing, or static analysis as keywords, Composer prompts the user to install it with --dev flag if it is not passed.

The prompt contains the reason why the package was determined to be a dev dependency:

The package you required is recommended to be placed in require-dev (because it is tagged as "testing") but you did not use --dev.

This feature is skipped if Composer is run in a non-interactive environment (such as CI builds or when --no-interaction flag is passed).

How to make Composer prompt --dev flag on your packages

If you publish a developer tool (such as testing tools, data fixture tools, debugging tools, etc.), you can make use of this feature so Composer interactively prompts the user to install them under require-dev section in case the user forgets to use the --dev flag.

To do this, add one of the following keywords to the keywords section of the package's composer.json file.


Keywords Composer uses to recommend a package as a dev dependency:

  • dev
  • testing
  • static analysis

Update the composer.json file, and add one of the keywords above to the keywords section:

  "name": "you/your-dev-tool",
+ "keywords": ["dev"],
  "type": "library",

The keyword only needs to be present in the default branch, and not necessarily in all branches and tags.

Recent Articles on PHP.Watch

All ArticlesFeed 
Security considerations when parsing user-provided INI strings and files

Security considerations when parsing user-provided INI strings and files

Security considerations when parsing user-provided INI strings and files using parse_ini_string and parse_ini_file functions.
How to extend lifetime of legacy PHP applications

How to extend lifetime of legacy PHP applications

As PHP continue to evolve with new breaking changes, and while that is great for most PHP applications, there are legacy applications that can't justify the human and financial cost of keeping up. Here is a guide on how to extend the lifetime of legacy PHP applications with security updates and maintenance.
PHP 8.2 Highlights: What's New and Changed

PHP 8.2 Highlights: What's New and Changed

Read about the highlights of PHP 8.2: Major new features, changes, and deprecated functionality.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.