macOS
Homebrew
已验证 · 100%
brew install composer
local Homebrew formula metadata
安装
使用 Automic Vault 安装
Automic Vault
sudo av install brew:composerLinux
Alpine Linux apk
已验证 · 92%
sudo apk add composer
Alpine Linux edge package indexes · composer · 来源: dl-cdn.alpinelinux.org
Debian apt
已验证 · 92%
sudo apt install composer
Debian stable package indexes · composer · 来源: deb.debian.org
Fedora dnf
已验证 · 92%
sudo dnf install composer
Fedora Rawhide package metadata · composer · 来源: dl.fedoraproject.org
Arch Linux pacman
已验证 · 92%
sudo pacman -S composer
Arch Linux sync databases · composer · 来源: geo.mirror.pkgbuild.com
Windows
Chocolatey
已验证 · 92%
choco install composer
Chocolatey community package catalog · composer · 来源: community.chocolatey.org
Scoop
已验证 · 92%
scoop install main/composer
Scoop official bucket manifest trees · bucket/composer.json · 来源: api.github.com
软件包管理器来源
平台说明
- 没有特定于此软件包的平台说明。
概览
软件包摘要
Automic Vault 根据本地软件包数据发布 composer 的安装路径、可执行文件事实和安全元数据。
radioisotope
Plain Text Composer Auth
Composer stores repository passwords and service tokens in auth.json. Our isotope stores that auth file in the macOS keychain and injects it as COMPOSER_AUTH only while `composer` runs.
风险分类器
orange 风险 · medium 置信度 · infrastructure
原因
- infrastructure mutation or orchestration signal
信号
- text:dependency manager
安装行为
- No Homebrew post-install hook is recorded in formula metadata.
- Homebrew bottle metadata is available for 6 platform targets.
- 安装时包含 1 个运行时依赖。
本地 README 摘录
Composer Radioisotope
Composer stores repository credentials and service tokens in auth.json. Those entries can include HTTP basic passwords, GitHub OAuth tokens, GitLab tokens, and bearer tokens.
This radioisotope migrates the first default Composer auth.json containing credentials into the macOS keychain and wraps composer so it receives those credentials through COMPOSER_AUTH only while it runs.
Caveats
- We currently migrate the first default
auth.jsoncontaining credentials. - Project-local
auth.jsonfiles are not migrated. - Direct execution of the original binary will not receive credentials.
来源: data/radioisotopes/composer/README.md
覆盖来源
Caveats
- We currently migrate the first default auth.json containing credentials.
- Project-local auth.json files are not migrated.
- Direct execution of the original binary will not receive credentials.
可执行文件
已安装的可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
composer | cli | global executable |
新鲜度
版本和新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
页面生成时间2026-05-26
管理器版本2.9.8
管理器更新时间2026-05-13
本地数据ok
上游not checked
检测到的最新版本未检测到
- info Release/tag comparison is only available for GitHub repositories. https://getcomposer.org/ none 置信度
安装元数据
软件包元数据
| 软件包键 | brew:composer |
|---|---|
| 版本 | 2.9.8 |
| 软件包管理器 | Homebrew |
| 软件包管理器页面 | https://formulae.brew.sh/formula/composer |
| 主页 | https://getcomposer.org/ |
| 上游文档 | https://getcomposer.org/ |
| 许可证 | MIT |
| 源码归档 | https://getcomposer.org/download/2.9.8/composer.phar |
| 更新 | 2026-05-13T09:56:15Z |
| Pulse | updated |
| 依赖 | php |
| Bottle | 可用 (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定义 |
| 服务 | 未声明 |
来源线索
由仓库数据生成
此页面由 scripts/generate-pkg-pages.py 写入。如果 www/pkg/ 相对于本地软件包数据已过期,部署会拒绝发布。
使用的来源
- Geiger risk classifier
- Nucleus package database
- cross-ecosystem install command graph
- local isotope README
- package relationship graph
- package version freshness
- package-page enrichment
- radioisotope security manifest