Automic VaultAutomic Vault

brew

composer を Homebrew, apk, chocolatey, apt, dnf, pacman, scoop, zypper でインストール

composer のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。

エージェント安全性

エージェント安全性の回答

composer manages PHP dependencies and package publishing workflows.

認証情報アクセス

Reads auth.json, repository tokens, environment variables, and project config.

リモート変更

Can install packages and run scripts that affect remote systems.

公開/成果物リスク

Can publish packages or build deployable PHP artifacts.

推奨コントロール

Gate scripts, publish operations, and credentialed repository access.

エージェント利用ガイダンス

Allow dependency inspection; require approval for scripts, publishes, and private-repo credentials.

インストール

追加のインストールコマンド

macOS

Homebrew確認済み · 100%
brew install composer

local Homebrew formula metadata

Linux

Alpine Linux apk確認済み · 92%
sudo apk add composer

Alpine Linux edge package indexes · composer · ソース: dl-cdn.alpinelinux.org

Debian apt確認済み · 92%
sudo apt install composer

Debian stable package indexes · composer · ソース: deb.debian.org

Fedora dnf確認済み · 92%
sudo dnf install composer

Fedora Rawhide package metadata · composer · ソース: dl.fedoraproject.org

Arch Linux pacman確認済み · 92%
sudo pacman -S composer

Arch Linux sync databases · composer · ソース: geo.mirror.pkgbuild.com

openSUSE zypper確認済み · 92%
sudo zypper install php-composer

openSUSE Tumbleweed package metadata · php-composer · ソース: download.opensuse.org

Windows

Chocolatey確認済み · 92%
choco install composer

Chocolatey community package catalog · composer · ソース: community.chocolatey.org

Scoop確認済み · 92%
scoop install main/composer

Scoop official bucket manifest trees · bucket/composer.json · ソース: api.github.com

概要

パッケージ概要

Dependency Manager for PHP

コマンドとエイリアス

  • composer

履歴

プロジェクトの歴史と使われ方

Composer is the standard dependency manager for PHP projects. It lets projects declare library dependencies, resolves installable versions, and installs packages into the project rather than acting like a system package manager.

プロジェクトの歴史

Composer was created by Nils Adermann and Jordi Boggiano and released under the MIT license. Official documentation describes it as inspired by npm and Bundler, bringing per-project dependency resolution and installation to PHP. Packagist serves as the public package index for Composer packages.

採用の歴史

Packagist records `composer/composer` package versions starting with 1.0.0-alpha1 in 2012, and GitHub releases include 1.0.0-alpha1 in 2013. The official README points users to Packagist for public packages and to Private Packagist for private hosting, showing how Composer became both a CLI and a package ecosystem.

使われ方

Normal Composer usage starts with a project `composer.json`, produces a lock file for reproducible installs, and installs dependencies into `vendor`. It can be installed locally as a PHAR, globally on PATH, through Docker, or through OS package managers such as Homebrew.

パッケージ好きにとっての重要性

Composer is package-manager infrastructure, not just a CLI. Its resolver, lock file, Packagist integration, authentication model, and VCS support made PHP packages installable with dependency constraints in a way familiar to users of npm, Bundler, and other language package managers.

タイムライン

  • 2012: Packagist records `composer/composer` 1.0.0-alpha1.
  • 2013: GitHub releases include Composer 1.0.0-alpha1.
  • 2016: Composer 1.0.0 was released.
  • 2020: Composer 2.0.0 was released.
  • 2026: Packagist continues to track active Composer 2.x development.

Related projects

  • Composer is closely tied to Packagist, Private Packagist, PHP's PHAR distribution model, and language package managers such as npm and Bundler that influenced its design.

セキュリティ状態

リスクレベル: orange

infrastructure mutation or orchestration signal.

リスク分類器

リスク orange · 信頼度 中 · infrastructure

理由

  • infrastructure mutation or orchestration signal

信号

  • text:dependency manager

インストール挙動

  • formula メタデータに Homebrew post-install フックは記録されていません。
  • Homebrew bottle メタデータは 6 個のプラットフォームターゲットで利用できます。
  • 1 件の実行時依存関係とともにインストールされます。

推奨レビュー

エージェントに無人実行させる前に、このツールが平文の認証情報を読むか、リモート状態を書き込むか、成果物を公開するか、プラグインを起動するかを確認してください。

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Credential files

Credential-bearing paths to review before unattended agent runs.

macOS
~/Library/Application Support/Composer/auth.json
Unix
$XDG_CONFIG_HOME/composer/auth.json~/.composer/auth.json

実行可能ファイル

インストールされる実行可能ファイル

コマンド種類公開範囲メモ
composercliグローバル実行可能ファイル

鮮度

バージョンと鮮度

これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。

ページ生成日2026-07-10
マネージャ版2.10.2
マネージャ更新日2026-07-01
ローカルデータOK
上流not checked
検出された最新未検出

https://getcomposer.org/

インストールメタデータ

パッケージメタデータ

パッケージキーbrew:composer
バージョン2.10.2
パッケージマネージャHomebrew
パッケージマネージャページhttps://formulae.brew.sh/formula/composer
ホームページhttps://getcomposer.org/
リポジトリhttps://github.com/composer/composer
上流ドキュメントhttps://getcomposer.org/doc
ライセンスMIT
ソースアーカイブhttps://getcomposer.org/download/2.10.2/composer.phar
最終更新2026-07-01T13:09:12Z
Pulseupdated
依存関係php
Bottle利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install未定義
サービス宣言なし

レジストリ情報

ソースデータベース詳細

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecomposer
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

ソースデータベース一致

他のパッケージマネージャ記録

一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。

Debian apt95%

composer 2.8.8-1+deb13u2

dependency manager for PHP

https://getcomposer.org/

sudo apt install composer
  • Section: php
  • Architecture: all
  • 18 依存関係
  • 10 任意依存関係
  • normalized package name match
  • 一致条件: Composer
Debian stable package indexes · deb.debian.org · Debian stable package indexes: composer from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt95%

composer 2.7.1-2

dependency manager for PHP

https://getcomposer.org/

sudo apt install composer
  • Section: universe/php
  • Architecture: all
  • 18 依存関係
  • 10 任意依存関係
  • normalized package name match
  • 一致条件: Composer
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: composer from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

composer 2.10.1-r0

Dependency manager for PHP

https://getcomposer.org/

sudo apk add composer
  • License: MIT
  • Architecture: x86_64
  • Source Package: composer
  • 1 依存関係
  • 1 提供
  • normalized package name match
  • 一致条件: Composer
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: composer from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk95%

composer-bash-completion 2.10.1-r0

Bash completions for composer

https://getcomposer.org/

sudo apk add composer-bash-completion
  • License: MIT
  • Architecture: x86_64
  • Source Package: composer
  • normalized package name match
  • 一致条件: Composer
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: composer-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
dnf95%

composer 2.10.1-1.fc45

Dependency Manager for PHP

https://getcomposer.org/

sudo dnf install composer
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: composer
  • 27 依存関係
  • 4 提供
  • normalized package name match
  • 一致条件: Composer
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: composer from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

composer 2.10.1-1

Dependency Manager for PHP

https://getcomposer.org/

sudo pacman -S composer
  • License: MIT
  • Architecture: any
  • 2 依存関係
  • normalized package name match
  • 一致条件: Composer
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: composer from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

php-composer 1.10.26-2.7

Dependency Management for PHP

https://getcomposer.org/

sudo zypper install php-composer
  • License: MIT
  • Category: Development/Libraries/Other
  • Architecture: noarch
  • Source Package: php-composer
  • 8 依存関係
  • 5 提供
  • normalized package name match
  • 一致条件: Composer
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: php-composer from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

php-composer2 2.10.0-1.1

Dependency Management for PHP

https://getcomposer.org/

sudo zypper install php-composer2
  • License: MIT
  • Category: Development/Libraries/Other
  • Architecture: noarch
  • Source Package: php-composer2
  • 8 依存関係
  • 4 提供
  • normalized package name match
  • 一致条件: Composer
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: php-composer2 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
Chocolatey95%

composer

choco install composer
  • normalized package name match
  • 一致条件: Composer
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: composer from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','cmake.portable'
Scoop95%

main/composer

scoop install main/composer
  • normalized package name match
  • 一致条件: Composer
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/composer.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

ソース経路

リポジトリデータから生成

このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。

使用ソース

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment