Using PHP build tools via composer install leads to many dependencies

Question

I'm in the middle of setting up a new system for continuous integration and delivery.

As PEAR is about to EOL for most of the packages (like phpunit) i switched to composer, which seems a good idea, as i need it for the projects.

so to test my integration's server i started with a very simple composer.json:

{
    "require-dev": {
        "phpunit/phpunit": "4.1.*",
        "phpmd/phpmd" : "2.0.*",
        "pdepend/pdepend" : "2.0.0",
        "zerkalica/php-code-browser": "dev-master",
        "squizlabs/php_codesniffer": "1.*",
        "sebastian/phpcpd": "*",
        "phpdocumentor/phpdocumentor": "dev-master"
    }
}

this leads to 230MB Vendor directory.

for the full list of packages which are installed see: https://gist.github.com/rufinus/14b271f61e143364452f

Is this an expected result?

Should i switch to the PHAR files and have them stored in a bin directory inside the project?

What is the best practice? (without pear)

Answer 1

You could configure composer to download each package instead of cloning it. This should save you some space and time.

{
    "require-dev": {
        "phpunit/phpunit": "4.1.*",
        "phpmd/phpmd" : "2.0.*",
        "pdepend/pdepend" : "2.0.0",
        "zerkalica/php-code-browser": "dev-master",
        "squizlabs/php_codesniffer": "1.*",
        "sebastian/phpcpd": "*",
        "phpdocumentor/phpdocumentor": "dev-master"
    },
    "config": {
        "preferred-install": "dist"
    }
}

To test, remove vendor, composer.lock and run composer install again. Now it should download each package, instead of cloning it.

As a side note. Try to use a specific version instead of "*" or "dev-master". phpcpd for example I know for sure that is frequently tagged.