What does composer prohibits command do?
The prohibits feature in Composer is not a command but a directive in composer.json that blocks specified packages from being installed, even as dependencies. 1. It prevents unwanted packages by defining forbidden packages and versions under the "prohibits" key. 2. It is useful for blocking insecure, deprecated, or conflicting packages and enforcing project standards. 3. Syntax supports version constraints like "symfony/debug": "
The prohibits command isn't a standalone command in Composer — you might be referring to the --prohibit flag or the prohibits section used in composer.json to define forbidden packages during dependency resolution.
This feature helps prevent unwanted or problematic packages from being installed in your project, even as dependencies of other packages.
✅ What Does prohibits Do in Composer?
The prohibits section in composer.json lets you explicitly forbid certain packages from being installed. If any package — directly or as a dependency — requires a prohibited package, Composer will fail the installation or update and show a conflict.
This is useful for:
- Blocking known insecure packages
- Avoiding deprecated or problematic libraries
- Enforcing project standards
? How to Use prohibits in composer.json
You add a prohibits key under the root of your composer.json:
{
"require": {
"monolog/monolog": "^2.0"
},
"prohibits": {
"symfony/debug": "<4.0",
"laravel/framework": "5.*",
"paragonie/random_compat": "*"
}
}In this example:
- Any version of
paragonie/random_compatis blocked symfony/debugversions below 4.0 are not allowed- Laravel 5.x versions are prohibited
If any required package depends on one of these, Composer throws an error like:
Because my-project prohibits symfony/debug <4.0, version 3.4 is not installable.
? Use Cases
- Security: Block packages with known vulnerabilities.
- Legacy Code: Prevent outdated packages that cause conflicts.
- Standardization: Stop team members from adding discouraged dependencies.
- Migration Help: During upgrades (e.g., Symfony 5 → 6), block old versions that shouldn’t be used.
⚠️ Notes
prohibitsworks likerequire, but in reverse — it defines negative constraints.- It applies to all packages, not just direct dependencies.
- The syntax supports version constraints just like in
require. - It’s supported since Composer 2.0 .
✅ Example: Block an Insecure Package
"prohibits": {
"guzzlehttp/guzzle": "<7.0",
"phpunit/phpunit": "<9.0"
}This ensures no one (or no dependency) pulls in old Guzzle or PHPUnit versions that may have security issues.
So, while there’s no composer prohibits command to run in the terminal, the prohibits directive in composer.json is a powerful way to enforce package exclusions.
Basically, it's a "blocklist" for packages — Composer will refuse to install anything that brings in a prohibited one.
The above is the detailed content of What does composer prohibits command do?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Laravel Introduction Example
Apr 18, 2025 pm 12:45 PM
Laravel is a PHP framework for easy building of web applications. It provides a range of powerful features including: Installation: Install the Laravel CLI globally with Composer and create applications in the project directory. Routing: Define the relationship between the URL and the handler in routes/web.php. View: Create a view in resources/views to render the application's interface. Database Integration: Provides out-of-the-box integration with databases such as MySQL and uses migration to create and modify tables. Model and Controller: The model represents the database entity and the controller processes HTTP requests.
How to view the version number of laravel? How to view the version number of laravel
Apr 18, 2025 pm 01:00 PM
The Laravel framework has built-in methods to easily view its version number to meet the different needs of developers. This article will explore these methods, including using the Composer command line tool, accessing .env files, or obtaining version information through PHP code. These methods are essential for maintaining and managing versioning of Laravel applications.
laravel installation code
Apr 18, 2025 pm 12:30 PM
To install Laravel, follow these steps in sequence: Install Composer (for macOS/Linux and Windows) Install Laravel Installer Create a new project Start Service Access Application (URL: http://127.0.0.1:8000) Set up the database connection (if required)
Laravel framework installation method
Apr 18, 2025 pm 12:54 PM
Article summary: This article provides detailed step-by-step instructions to guide readers on how to easily install the Laravel framework. Laravel is a powerful PHP framework that speeds up the development process of web applications. This tutorial covers the installation process from system requirements to configuring databases and setting up routing. By following these steps, readers can quickly and efficiently lay a solid foundation for their Laravel project.
Recommended Laravel's best expansion packs: 2024 essential tools
Apr 30, 2025 pm 02:18 PM
The essential Laravel extension packages for 2024 include: 1. LaravelDebugbar, used to monitor and debug code; 2. LaravelTelescope, providing detailed application monitoring; 3. LaravelHorizon, managing Redis queue tasks. These expansion packs can improve development efficiency and application performance.
What is the difference between php framework laravel and yii
Apr 30, 2025 pm 02:24 PM
The main differences between Laravel and Yii are design concepts, functional characteristics and usage scenarios. 1.Laravel focuses on the simplicity and pleasure of development, and provides rich functions such as EloquentORM and Artisan tools, suitable for rapid development and beginners. 2.Yii emphasizes performance and efficiency, is suitable for high-load applications, and provides efficient ActiveRecord and cache systems, but has a steep learning curve.
Laravel environment construction and basic configuration (Windows/Mac/Linux)
Apr 30, 2025 pm 02:27 PM
The steps to build a Laravel environment on different operating systems are as follows: 1.Windows: Use XAMPP to install PHP and Composer, configure environment variables, and install Laravel. 2.Mac: Use Homebrew to install PHP and Composer and install Laravel. 3.Linux: Use Ubuntu to update the system, install PHP and Composer, and install Laravel. The specific commands and paths of each system are different, but the core steps are consistent to ensure the smooth construction of the Laravel development environment.
Laravel logs and error monitoring: Sentry and Bugsnag integration
Apr 30, 2025 pm 02:39 PM
Integrating Sentry and Bugsnag in Laravel can improve application stability and performance. 1. Add SentrySDK in composer.json. 2. Add Sentry service provider in config/app.php. 3. Configure SentryDSN in the .env file. 4. Add Sentry error report in App\Exceptions\Handler.php. 5. Use Sentry to catch and report exceptions and add additional context information. 6. Add Bugsnag error report in App\Exceptions\Handler.php. 7. Use Bugsnag monitoring
