Composer is the standard dependency manager for the PHP language. Its own introduction describes it as “a tool for dependency management in PHP” that lets you “declare the libraries your project depends on and it will manage (install/update) them for you.” Rather than installing libraries globally, Composer works per project, placing dependencies in a local vendor directory.
You list your requirements in a composer.json file using package names and version constraints. The official basic-usage guide explains that running an update resolves those constraints, downloads the libraries, and “writes all of the packages and their exact versions to the composer.lock file, locking the project to those specific versions.” Committing that lock file means everyone who sets up the project installs the exact same versions. The documentation states plainly that “Composer enables reproducible builds by default.”
The libraries themselves come from a registry. Composer’s documentation names Packagist.org as “the main Composer repository” and the default source, where open source PHP projects are published for discovery and installation. The Composer documentation notes that the tool was inspired by npm and Ruby’s Bundler, adapting the manifest-plus-lockfile model to PHP.
Composer matters because it modernized PHP development. Before it, sharing PHP libraries was fragmented and manual; afterward, pulling in a tested third-party package became a single command, which reshaped how PHP frameworks and applications were built and distributed.