Can I synchronize or mirror dependencies from packagist.org with my own Composer Satis installation?

Asked 1/8, 2012 at 12:35 Answered 26/7, 2013 at 19:38

Solved php dependency-management composer-php packagist satis

We have our own Satis repository, we can store there our own dependencies. This works fine.

But if a developer uses a package that is not within in our own repository, then Composer will fetch it from GitHub through packagist.org (as a fallback).

But we do not want to be dependent on packagist.org. All dependencies should be downloaded from our own repository.

What we like to know, if its possible that Satis download a package from Packagist, if it is not locally available yet, and then store it and add it to Satis own repository automatically .

This way we do not have to manually add the dependencies to the Satis repository.

Sleepy answered 1/8, 2012 at 12:35 Comment(1)

Packagist only stores package metadata. The actual source code comes from a repository (usually gitHub). I guess you can browse composer source code to find out how they list packages and download the metadata. – Aerobatics 1/8, 2012 at 12:47

Satis now supports this.

Just follow the Satis setup instructions and add the following to your configuration file (which is named satis.json by default). Update prefix-url and require as appropriate.

{
    "repositories": [
        { "type": "composer", "url": "https://packagist.org" }
    ],
    "require-dependencies": true,
    "require": {
        {{your application dependencies from composer.json}}
    },
    "archive": {
        "directory": "dist",
        "prefix-url": "{{your server}}",
        "skip-dev": true
    }
}

Then, you can create your Satis repository like normal:

php bin/satis build <configuration file> <build dir>

Now, your Satis repository will satisfy all of your application's dependencies.

Note: the first run might take a while. Subsequent runs are much faster. Also, note that Satis uses /tmp for its cache. On a small memory system where /tmp is backed by tmpfs, you might need to increase the space /tmp has available if you have a large dependency tree.

You might also want to disable the Packagist repository in your project's composer.json file to enforce that all dependencies come from your Satis repository. To do this, add:

{
    "repositories": [
        {
            "packagist": false
        }
    ]
}

to your project's composer.json.

Parlance answered 26/7, 2013 at 19:38 Comment(3)

Thanks for your comment! Wouldn't this configuration still make your instance of Satis dependent on Packagist when it goes to archive all dependencies (e.g. php bin/satis build)? So if Packagist.org was down when you ran php bin/satis build it wouldn't know where each dependency lives. Granted, this means manually maintaining a list of all canonical repository URLs in repositories but that's the price you pay for being independent. Or am I missing something? – Sunbeam 19/8, 2013 at 21:37

You're correct, but it's not that big of a deal because if Packagist is down, you still have all the dependencies that you pulled down during the last Satis run. In practice, I think you will encounter (and fix) any external issues (like Packagist being unavailable) when you are actively changing your dependencies and use your fully satisfied dependency mirror during normal development and production. – Parlance 6/10, 2013 at 23:13

The problem here ist that you still manually need to add all dependencies. If you've got a git repo you can just add that, but the dependencies required by the project in that repo will not automatically be loaded, it's a big manual effort. – Peralta 17/2, 2016 at 15:42

You can use broker to achieve this for now. Most likely this capability will be added to satis itself down the line.

Mcnully answered 9/8, 2012 at 16:16 Comment(1)

"Note: this project is not actively maintained anymore. Since satis supports a similar functionality now, you should use satis instead." – Jobless 11/2, 2014 at 9:14

Recommended topics

Hot tags