Working With Composer ¶
This chapter includes a number of helpful commands and best practices for using TYPO3 with Composer.
Run Composer Locally ¶
You should not run
on your live webspace. You should always run
on your local or a dedicated deployment machine, so you can test
if everything worked
fine. After running your tests, you can deploy the
folder to your web server.
To avoid conflicts between your local and your server’s PHP version, you
can define your server’s PHP version in your
will always check
the correct dependencies.
Update Packages ¶
After updating any packages, you always should commit your
to your version control system and your co-workers
after checking out the updates.
Update all Packages ¶
without any other attributes, to update all
packages. Composer will always try to install the newest packages that
match the defined version constraints.
Be careful with that. This command may cause negative effects if you
do not have proper version constraints in your
You always should prefer to update your packages separately.
Update Single Packages ¶
When you want to update single packages, you can call
with the package name. You should always add
attribute to also update the required third
Update TYPO3 Core ¶
Without “subtree split”:
composer update typo3/cms --with-all-dependencies
With “subtree split”:
composer update typo3/cms-* --with-all-dependencies
Update Extensions Like “news” ¶
composer update georgringer/news --with-all-dependencies
Use Dev Requirements ¶
Add packages with
attribute to add packages only to your local
development environment. This is very useful for packages, you do not
need or do not want to have on your live server, e.g. PHPUnit or
composer require typo3/testing-framework:^2.0 --dev
During your deployment routine, you should run
. So the dev requirements are not installed.
composer install --no-dev
Remove Extensions ¶
You can use the composer command
to uninstall extensions or
other composer packages.
composer remove georgringer/news
Don’t forget to commit your updated
to your version
Please be sure to disable extensions in TYPO3’s Extension Manager, before removing them with
Or ensure to regenerate your
file automatically, after removing the packages. You could use the
Check for Available Updates ¶
to see a list of available updates.
Useful Packages and Bundles ¶
Simplify “Subtree Split” Installations ¶
Instead of explicitly requiring each core extension, you can require typo3/minimal , which brings the minimal required set of system extensions.
TYPO3 CMS Base Distribution ¶
is not meant to be used with
, but to really quickly start new composer based TYPO3 projects.
Nevertheless, it’s very good to have heard about it. If you’re interested in more information, you should check the packages README .
Secure Web ¶
helhum/typo3-secure-web follows the very interesting concept to split the traditional web root directory into two parts: the “public” one for all the resources, that must be directly accessible via HTTP (images, styles, etc.) - and the “private” folder, where all the PHP will be located.
This helps to make your TYPO3 installations even more secure!