PHP download

Download the PHP package tsmsogn/composer-require-patch-enforcer without Composer

On this page you can find all versions of the php package tsmsogn/composer-require-patch-enforcer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download tsmsogn/composer-require-patch-enforcer
More information about tsmsogn/composer-require-patch-enforcer
Files in tsmsogn/composer-require-patch-enforcer

Vendor tsmsogn
Package composer-require-patch-enforcer
Short Description Composer plugin that enforces exact x.y.z versions on composer require (no range operators)
License MIT
Homepage https://github.com/tsmsogn/composer-require-patch-enforcer

Keywords composer version require composer-plugin supply-chain

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package composer-require-patch-enforcer

composer-require-patch-enforcer

A Composer plugin that blocks composer require unless each package uses an exact three-part version only: major.minor.patch with no range operators (^, ~, >=, *, ||, spaces for compound constraints, etc.). Example: monolog/monolog:3.5.0.

This pushes root requirements toward explicit pins to reduce accidental wide constraints as part of supply-chain hygiene.

Requirements

PHP >= 8.1
Composer with plugin API ^2.3 (Composer 2.3+)

Installation

From Packagist (recommended)

After the package is registered on Packagist, install a stable release with an exact version (this matches how this plugin expects root requirements to be written once it is active):

The first time you add this package, the plugin is not in vendor yet, so Composer will also accept a range (e.g. ^1.0) for that single command. After the plugin is installed, further composer require calls must use exact x.y.z for every package on the command line (or use COMPOSER_REQUIRE_PATCH_ENFORCER_SKIP=1 / --no-plugins). Upgrading this plugin to 1.0.1 should look like: composer require tsmsogn/composer-require-patch-enforcer:1.0.1.

Development: VCS or path

From Git (no Packagist):

From a local path:

If the package is not on Packagist, you may need minimum-stability or a stability suffix (e.g. @dev) as above.

Allow the plugin

Composer 2.2+ requires you to opt in to plugins:

Usage

Every package on the command line must include a version that matches this pattern (whole string, after trim):

Optional leading v
Three numeric segments: digits.digits.digits
Nothing else (no stability suffix like @stable, no pre-release like -alpha)

Regex: ^v?\d+\.\d+\.\d+$

Accepted examples

Rejected examples

These fail because the version is missing, or it is not a single exact x.y.z token.

Interactive `composer require` with no arguments

If you run composer require without any package arguments, the plugin does not validate (Composer’s interactive wizard may still resolve versions for you). For strict enforcement in CI, use non-interactive mode and always pass explicit package:version arguments.

Disabling enforcement

Temporary (one command):

Skip plugins for that invocation:

Permanent: remove the package from composer.json or set allow-plugins for this package to false and avoid loading it.

Limitations

The constraint in composer.json will be that exact string; composer update can still move to a newer version only if you change the constraint — unlike ^, a plain 3.5.0 in require typically means “== that version” for resolution. Transitive dependencies are not controlled by this plugin.
Help output is not blocked: composer require -h / --help is ignored by the plugin.

License

MIT

All versions of composer-require-patch-enforcer with dependencies

PHP Build Version

Package Version

Version 1.0.0 Release 01. Apr 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of composer-require-patch-enforcer from vendor tsmsogn

Requires php Version >=8.1
composer-plugin-api Version ^2.3

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package tsmsogn/composer-require-patch-enforcer contains the following files

Loading the files please wait ...