Private PHP Composer packages

Learn how to distribute your private PHP packages.

Requirements

In order to distribute your PHP package you must make sure a valid composer.json is located in the root of your repository. If you attempt to import or publish a release without a valid composer.json you will receive an notification.

Installation instructions

Your customers can use PHP's package manager to install your package once they added the private registry to their composer.json. The repository URL is equal to the product identifier followed by .composer.sh, for example:

1{
2 "repositories": [
3 {
4 "type": "composer",
5 "url": "https://your-product-identifier.composer.sh"
6 }
7 ],
8}

Once the repository has been added to the composer.json file, they can install your product like any other composer package using the composer require command:

composer require your/package
 
Loading composer repositories with package information
Authentication required (your-product-identifier.composer.sh):
Username: [licensee-email]
Password: [license-key]

The user will be prompted to provide their username and password. The username will be their email address and the password will be equal to their license key. If your license policy requires a fingerprint the user will need to append his/her fingerprint to their license key. For example, let's say we have the following licensee and license activation:

  • Licensee email: philo@unlock.sh
  • License key: 8c21df8f-6273-4932-b4ba-8bcc723ef500
  • Activation fingerprint: unlock.sh

This will require your licensee to enter the following information when prompted for their credentials:

Loading composer repositories with package information
Authentication required (your-product-identifier.composer.sh):
Username: philo@unlock.sh
Password: 8c21df8f-6273-4932-b4ba-8bcc723ef500:unlock.sh

To clarify, the license key and fingerprint should be separated by a colon (:). If your license policy does not require a fingerprint both the fingerprint and the colon can be omitted.