Setting composer minimum stability for your application

Do you have a confusion of how do you determine the stability when using composer dependency manager? What should be the minimum stability setting? Do you receive this dreaded error when updating via composer?

Your requirements could not be resolved to an installable set of packages.

Well all of them probably point to the right stability setting in your composer settings. Read on to understand how you can set your application landscape and package dependencies the right way.

Minimum Stability Settings

Composer accepts these flags as minimum-stability settings. The default setting for minimum-stability if not provided is assumed to be stable, but you could define any of the flags down the hierarchy.

stable (most stable)
dev (least stable)

Resolving Stability Dependencies

So let’s consider you have set a minimum-stability to stable in your composer.json, and on updating packages, receive an error like below:

Your requirements could not be resolved to an installable set of packages.
- vendor/package1 dev-master requires vendor/package2 * -> satisfiable by vendor/package2[dev-master].
- vendor/package3 dev-master requires vendor/package4 * -> satisfiable by vendor/package4[dev-master].

The reason for this is that all of your packages need a minimum-stability of stable. This may not be available for all your dependent packages. You do need a lower stability setting for them. So how do you resolve this? Here are the various options that you could consider to resolve the package dependencies.

Option 1: Set minimum-stability to dev

You can lower your minimum-stability down to “dev”. But when you do that, it applies to all constraints and as a result you may get unstable versions of all packages which you do not desire. Let’s consider an example of installing the yiisoft/yii2 framework. You would want a stable release of yii2 to be applied each time you run composer. But setting minimum-stability to stable do affect your install/update of other yii2 extensions like kartik-v/yii2-widgets, kartik-v/yii2-grid etc. But the recommendation still is DO NOT change the minimum-stability UNTIL you really need to. If you are working with minimum-stability set to stable, then move on to Option 2.

Option 2: Use stability flags (recommended)

Rather than changing minimum-stability setting, use stability flags. As described in this article – a stability flag is defined as part of a version constraint. Since stability is determined by the root package only, flags are also root-only. Flags defined in dependent packages are simply ignored. You can use flags to whitelist specific unstable packages. So let’s see your stability section of the revised composer.json now for yiisoft/yii2 with kartik-v extensions. If you are installing say kartik-v/yii2-grid extension with yiisoft\yii2, then in your application composer.json, set yii2-grid and its dependent packages to @dev as shown below:

    "minimum-stability": "stable",
    "require": {
        "php": ">=5.4.0",
        "yiisoft/yii2": "*",
        "yiisoft/yii2-bootstrap": "*",
        "yiisoft/yii2-swiftmailer": "*",
        "kartik-v/yii2-grid": "@dev"

You can note that you did not define an actual version in the root package. Now with this, your yiisoft/yii2 install does not care about the stability of kartik-v/yii2-grid and its required extensions/packages for example.

Option 3: Set prefer-stable option

Another option could be to set the prefer-stable option for your packages. This can be easy to use and can often work for you. For example, you can add the following line in your root composer.json:

minimum-stability: dev,
prefer-stable: true

Composer will automatically then try to figure out the most stable dependencies it can. If you require a dev version or only alphas are available for a package, those will still be selected granted that the minimum-stability allows for it.

Having said that, you may still want to set what stability you really want, and declaring it explicitly. Otherwise, you would not know which version of the package caused what problem. So as a general thumb rule then, option 2 may yet be the best way to go forward in handling minimum stability.

One thought on “Setting composer minimum stability for your application

Comments are closed.