How to add a GitHub authentication token to Composer?
To add a GitHub authentication token to Composer, use the command composer config --global github-oauth.github.com YOUR_GITHUB_TOKEN to set it globally. 2. Create a personal access token (PAT) in GitHub under Settings > Developer settings > Personal access tokens with at least public_repo scope for public repositories or repo for private ones. 3. Never hardcode the token in composer.json or commit it to version control to avoid security risks. 4. The global configuration stores the token in ~/.composer/config.json and applies it to all projects. 5. Verify the setup by running composer update or composer show -v and confirming no authentication errors occur, ensuring the token is correctly configured and functional.
To add a GitHub authentication token to Composer, you need to configure it so that Composer can authenticate with GitHub when downloading private repositories or avoiding rate limits on public ones. Here's how to do it properly.
✅ Set the Token Using Composer Config
The easiest and recommended way is to use the composer config command to store your GitHub token globally:
composer config --global github-oauth.github.com YOUR_GITHUB_TOKEN
Replace YOUR_GITHUB_TOKEN with a valid personal access token (PAT) from GitHub.
? Note: This stores the token in your global Composer config (
~/.composer/config.json), so it will be used for all projects.
?️ How to Create a GitHub Personal Access Token
- Go to GitHub Settings > Developer settings > Personal access tokens.
- Click Generate new token.
- Give it a descriptive name.
- Select the scopes:
- For private repos:
repo(full control) - For public repos only and rate limiting:
public_repois enough
- For private repos:
- Generate and copy the token (you won’t see it again!).
⚠️ Never hardcode tokens in
composer.jsonor commit them to version control.
? Alternative: Set Token Per-Project (Not Recommended)
You can also add the token directly in a project’s composer.json, but this is risky if the repo is public or shared:
{
"config": {
"github-oauth": {
"github.com": "YOUR_GITHUB_TOKEN"
}
}
}Again, avoid this unless you're in a secure, private environment.
❓ Why Do You Need This?
GitHub limits unauthenticated API and Git requests. Composer uses GitHub’s API to fetch metadata for packages hosted on GitHub. Without authentication:
- You may hit rate limits (
API rate limit exceeded). - You can't access private repositories.
Using a token increases the rate limit and grants access to private repos (if the token has permission).
✅ Verify It Works
Run a Composer command that interacts with GitHub, like:
composer update
Or test access:
composer show -v
If no GitHub authentication errors appear, your token is working.
Basically, just run:
composer config --global github-oauth.github.com YOUR_TOKEN
…once, and you’re set for all future Composer operations.
The above is the detailed content of How to add a GitHub authentication token to Composer?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
What are some best practices for using Composer in production environments?
Jul 08, 2025 am 01:00 AM
When using Composer in a production environment, you need to pay attention to safety, stability and performance. 1. Use composerinstall-no-dev to reduce unnecessary development dependencies and reduce online environment risks; 2. Always submit and rely on composer.lock files to ensure version consistency, and avoid using updates during deployment; 3. Optional configuration platform-check=false ignores platform differences warnings, which is suitable for building packaging scenarios; 4. Enable APCU to accelerate automatic loading to improve performance, especially suitable for high concurrency services, while paying attention to namespace uniqueness to avoid cache conflicts.
How do I check if Composer is installed correctly?
Jul 07, 2025 am 12:12 AM
To check whether Composer is installed correctly, first run the composer--version command to view the version information. If the version number is displayed, it means that it is installed. Secondly, use the composerdiagnose command to detect configuration problems and ensure that the environment variables and permissions are normal. Finally, try to verify the functional integrity through the composerrequiremonolog/monolog installation package. If the vendor directory is successfully created and the dependency is downloaded, it means that Composer is fully available. If the above steps fail, you may need to check whether PHP has been installed globally or adjusted system path settings.
How do I install a Composer plugin?
Jul 09, 2025 am 12:01 AM
To install the Composer plug-in, please first confirm that Composer is installed and the composer.json file exists, and then follow the following steps: 1. Make sure that Composer has been installed and created composer.json; 2. Search and copy the required plug-in name on Packagist; 3. Use the composerrequirequire command to install the plug-in, such as composerrequiredealerdirect/phpcodesniffer-composer-installer; 4. Verify whether the plug-in is effective and check compatibility and configuration. Follow these steps to correctly install the Composer plug-in.
How do I add a custom repository to my Composer configuration?
Jul 06, 2025 am 12:26 AM
To add a custom repository to the Composer configuration, edit the composer.json file in the project and specify the repository information under the "repositories" key. The specific steps are as follows: 1. Determine the repository type, such as VCS (Git, SVN, etc.), Composer, PEAR or Package; 2. Add the "repositories" block in composer.json and fill in the repository type and URL. For example, when using a VCS-type Git repository, the format is {"type":"vcs","url":"https
How do I update my package on Packagist?
Jul 08, 2025 am 01:02 AM
ToupdateyourpackageonPackagist,firstensureyourcomposer.jsonisupdatedwiththecorrectversion,dependencies,andmetadata,thencommitandpushchangestoyourrepository.1.Updatecomposer.jsonwithnecessarychangessuchasversion,dependencies,ormetadataandcommitit.2.Ta
How do I use the --ignore-platform-reqs flag?
Jul 11, 2025 am 01:19 AM
When you encounter the "Yourplatformdoesnotatsatisfythatrequirement" error, you can use the --ignore-platform-reqs parameter to ignore the platform requirements for installation. The full name of this parameter is --ignore-platform-requirements. It is used to skip the PHP version, extension and other checks specified in composer.json when executing composerinstall or update. For example, if the current PHP version is 8.0 but the configuration requires 8.1, an error will be reported by default. If you add this parameter, the check will be skipped. Applicable scenarios include: 1. Local environment and true in containerized deployment or CI environment
How do I add a dependency to my composer.json file?
Jul 10, 2025 am 10:55 AM
To add dependencies to composer.json, the most common method is to use the composerrequire command, followed by manually editing the composer.json file. 1. Use composerrequiredor/package to automatically add the latest stable version dependencies and install them; 2. You can specify the version such as composerrequiredor/package: 1.2.3 or use the constraint character such as ^2.0; 3. This command will synchronize the update of composer.json and composer.lock and automatically handle the dependencies; 4. Manually edit suitable for batch addition or template projects, you need to maintain the version yourself and run c
How do I use composer require --dev roave/security-advisories:dev-master?
Jul 10, 2025 am 11:18 AM
Youshouldusecomposerrequire--devroave/security-advisories:dev-mastertocheckforknownsecurityvulnerabilitiesduringdevelopment.1.Thispackageblocksinstallationofdependencieswithknownsecurityissuesbycheckingagainstalistofvulnerableversions.2.Itonlyworksdu
