What format must the package name use?

Composer package names are vendor/package, all lowercase, like acme/blog. The vendor segment groups your packages and the package segment names the project. The tool normalises your input to this form and prefixes a default vendor if you omit one.

What does the caret ^ constraint allow?

A caret constraint such as ^8.3 allows any version from 8.3.0 up to but not including 9.0.0, following semantic versioning. It lets Composer pull in non-breaking updates automatically. Use a tilde or an exact version when you need a tighter range.

How does PSR-4 autoloading work?

The autoload psr-4 map links a namespace prefix to a directory, for example App\\ to app/. Composer then loads the class App\Models\User from app/Models/User.php automatically, so you never write require statements for your own classes.

What goes in require-dev?

require-dev lists packages needed only for development and testing, such as phpunit, pint or phpstan. They are installed locally but skipped in production when you run composer install --no-dev, keeping the deployed dependency tree lean.

What do minimum-stability and prefer-stable do?

minimum-stability sets the lowest release stability Composer will consider, usually stable. prefer-stable set to true tells Composer to choose stable releases when available even if a dependency permits less stable ones, so you only get pre-release versions when you explicitly require them.

composer.json Builder (PHP)

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

The composer.json Builder generates the manifest Composer uses to manage a PHP project’s dependencies, autoloading and scripts. Choose Laravel, Symfony or a plain library and the tool emits valid JSON with the right framework packages and dev tooling.

How it works

Composer reads composer.json to resolve packages from Packagist. The require section lists runtime dependencies — for Laravel that means laravel/framework and laravel/tinker plus a PHP constraint; for Symfony, the console and runtime components. The require-dev section holds tools like phpunit, pint or phpstan that are installed only outside production. Version constraints use the caret operator, so ^11.0 accepts any 11.x but blocks 12.0.

The autoload.psr-4 map wires a namespace prefix to a directory so Composer can locate your classes by filename. Laravel projects get the conventional App\, Database\Factories\ and Database\Seeders\ mappings; libraries get a single src/ mapping. The output is produced with JSON.stringify, so it is always valid JSON.

Example

After saving the file, install dependencies:

composer install            # writes composer.lock
composer install --no-dev   # production: skip require-dev

Tips and notes

Commit composer.lock for applications so deployments install identical versions. Keep minimum-stability at stable with prefer-stable: true unless you deliberately need pre-release packages. The optimize-autoloader and sort-packages config keys speed up class loading and keep your require sections tidy. Run composer validate to confirm the file is well formed before committing.