Drupal 8: Using the "config" section of composer

  • Jonathan Minder

Unlocking the full power of composer using some secret / hidden config options in your composer.json.

Composer is the way, we handle our dependancies in Drupal 8. We at Liip use composer for all our Drupal 8 projects, even for a lot of Drupal 7 projects, we switched to composer.

We use the composer template available at GitHub:

Composer has a lot of cool features. There are several plugins, we use in all our Drupal projects like

Useful composer config options für Drupal developers

Today, I would like to share some cool features of the "config"-section of composer.json.

Let's have a look at the following config-section of my Drupal 8 project:

    "config": {
        "preferred-install": "source",
        "discard-changes": true,
        "secure-http": false,
        "sort-packages": true,
        "platform": {
            "php": "7.0.22"

Composer config: "preferred-install": "source"

Have you ever had the need of patching a contrib module? You found a bug and now you should publish a patch file to Drupal.org. But how can you create a patch, if the contrib module was downloaded as a zip file via composer and extracted to you contrib folder that is not under source control?

"preferred-install: source" is your friend! Add this option to your composer.json

  • delete your dependancy folders and
  • run composer install again

All dependancies will be cloned via git instead of downloaded and extracted. If you need to patch a module or Drupal core, you can create patches easily via git because the depedancy is under version control.

"discard-changes": true

If you are working with Composer Patches and preferred-install: source, you want to enable this option. If you have applied patches, there will be a difference in the source compared to the current git checkout. If you deploy with composer, these messages can block the composer install call. This option will avoid messages like "The package has modified files." during deployment if you combine it with composer install --no-interaction.

"sort-packages": true

This option will sort all your packages inside the composer.json in alphabetical order. Very helpful.

Composer config: "platform" (force / fake a specific php version to be used).

Often we face the fact, that our live / deployment server are running on PHP 7.0, but locally you might run PHP 7.1 oder even PHP 7.2. This can be risky, because if you run a "composer update" locally, Composer will assume, that you have PHP 7.1 available and will download or update your vendor dependancies to PHP 7.1. If you deploy later, you will run into mysterious PHP errors, because on your target system, you do not have PHP 7.1 available.
This is the reason, we always fix / force the PHP version in our composer to match the current live system.

Drupal Core update: How can I preserve the ".htaccess" and "development.services.yml" file during the update?

If you do Drupal core updates, these files get always overriden by the default files. On some projects you might have changes these files and its quite annoying to revert the changes on every Core update.

Use the following options in the "extra"-section of your composer.json to get rid of this issue.

    "extra": {
        "drupal-scaffold": {
            "excludes": [

Tell us what you think