The require-dev section in composer.json is used to specify development-only dependencies that are not needed in production; 1) Composer installs these packages by default during composer install or update in development environments; 2) They are skipped when using composer install --no-dev, which is recommended for production; 3) These packages do not affect production autoloading; Common examples include phpunit/phpunit for testing, PHPStan or Psalm for static analysis, PHP-CS-Fixer for code style enforcement, and Mockery for test doubles; The key difference from require is that require lists production dependencies essential for the application to run, while require-dev lists tools only for development; Always use composer install --no-dev --optimize-autoloader in production to improve security and performance by excluding unnecessary development packages.
In composer.json, the require-dev section specifies development dependencies — packages that are only needed during development, testing, or debugging, but not required in production.
How require-dev works
When you list a package under require-dev, Composer will:
- Install it by default when you run
composer installorcomposer updatein a development environment. -
Skip it if you use
composer install --no-dev(which is typically done on production servers). - Not include it when analyzing dependencies for production autoloading or class resolution.
Common examples of require-dev packages
These are tools you use to build, test, or analyze your code:
-
PHPUnit (
phpunit/phpunit) – for running tests - PHPStan or Psalm – for static analysis
- PHP_CodeSniffer or PHP-CS-Fixer – for code style enforcement
- Symfony/var-dumper – for debugging (though sometimes used in dev only)
- Mockery – for creating test doubles
Example composer.json snippet:
{
"require": {
"monolog/monolog": "^2.0"
},
"require-dev": {
"phpunit/phpunit": "^9.5",
"friendsofphp/php-cs-fixer": "^3.0"
}
}Key differences: require vs require-dev
require | require-dev |
|---|---|
| Needed for the app to run | Only for development tasks |
| Installed everywhere | Skipped with --no-dev flag |
| Affects production autoload | Doesn't affect production autoload |
Practical tip
Always use --no-dev in production:
composer install --no-dev --optimize-autoloader
This ensures dev tools aren’t installed where they’re not needed, improving security and performance.
Basically, if a package helps you write or test code but isn’t needed when the app runs, put it in require-dev.
The above is the detailed content of What does require-dev mean in composer.json?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What are some best practices for using Composer in production environments?
Jul 08, 2025 am 01:00 AM
When using Composer in a production environment, you need to pay attention to safety, stability and performance. 1. Use composerinstall-no-dev to reduce unnecessary development dependencies and reduce online environment risks; 2. Always submit and rely on composer.lock files to ensure version consistency, and avoid using updates during deployment; 3. Optional configuration platform-check=false ignores platform differences warnings, which is suitable for building packaging scenarios; 4. Enable APCU to accelerate automatic loading to improve performance, especially suitable for high concurrency services, while paying attention to namespace uniqueness to avoid cache conflicts.
How do I check if Composer is installed correctly?
Jul 07, 2025 am 12:12 AM
To check whether Composer is installed correctly, first run the composer--version command to view the version information. If the version number is displayed, it means that it is installed. Secondly, use the composerdiagnose command to detect configuration problems and ensure that the environment variables and permissions are normal. Finally, try to verify the functional integrity through the composerrequiremonolog/monolog installation package. If the vendor directory is successfully created and the dependency is downloaded, it means that Composer is fully available. If the above steps fail, you may need to check whether PHP has been installed globally or adjusted system path settings.
How do I install a Composer plugin?
Jul 09, 2025 am 12:01 AM
To install the Composer plug-in, please first confirm that Composer is installed and the composer.json file exists, and then follow the following steps: 1. Make sure that Composer has been installed and created composer.json; 2. Search and copy the required plug-in name on Packagist; 3. Use the composerrequirequire command to install the plug-in, such as composerrequiredealerdirect/phpcodesniffer-composer-installer; 4. Verify whether the plug-in is effective and check compatibility and configuration. Follow these steps to correctly install the Composer plug-in.
How do I add a custom repository to my Composer configuration?
Jul 06, 2025 am 12:26 AM
To add a custom repository to the Composer configuration, edit the composer.json file in the project and specify the repository information under the "repositories" key. The specific steps are as follows: 1. Determine the repository type, such as VCS (Git, SVN, etc.), Composer, PEAR or Package; 2. Add the "repositories" block in composer.json and fill in the repository type and URL. For example, when using a VCS-type Git repository, the format is {"type":"vcs","url":"https
How do I update my package on Packagist?
Jul 08, 2025 am 01:02 AM
ToupdateyourpackageonPackagist,firstensureyourcomposer.jsonisupdatedwiththecorrectversion,dependencies,andmetadata,thencommitandpushchangestoyourrepository.1.Updatecomposer.jsonwithnecessarychangessuchasversion,dependencies,ormetadataandcommitit.2.Ta
How do I use the --ignore-platform-reqs flag?
Jul 11, 2025 am 01:19 AM
When you encounter the "Yourplatformdoesnotatsatisfythatrequirement" error, you can use the --ignore-platform-reqs parameter to ignore the platform requirements for installation. The full name of this parameter is --ignore-platform-requirements. It is used to skip the PHP version, extension and other checks specified in composer.json when executing composerinstall or update. For example, if the current PHP version is 8.0 but the configuration requires 8.1, an error will be reported by default. If you add this parameter, the check will be skipped. Applicable scenarios include: 1. Local environment and true in containerized deployment or CI environment
How do I add a dependency to my composer.json file?
Jul 10, 2025 am 10:55 AM
To add dependencies to composer.json, the most common method is to use the composerrequire command, followed by manually editing the composer.json file. 1. Use composerrequiredor/package to automatically add the latest stable version dependencies and install them; 2. You can specify the version such as composerrequiredor/package: 1.2.3 or use the constraint character such as ^2.0; 3. This command will synchronize the update of composer.json and composer.lock and automatically handle the dependencies; 4. Manually edit suitable for batch addition or template projects, you need to maintain the version yourself and run c
How do I use a private Composer repository?
Jul 14, 2025 am 12:30 AM
TouseaprivateComposerrepository,configurecomposer.jsonwiththecorrectrepositoryURL,handleauthenticationsecurelyviaSSHorHTTPS,andensurepackagesareaccessible.First,addtherepositoryincomposer.jsonusingeitheraVCStypeforGitrepositoriesoraComposertypeforpri
