You are browsing the documentation for version 4.2 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.
See our Release Process documentation for more information on the currently supported and upcoming releases.
Managing NPM dependencies with Composer¶
As NPM allows a lot more freedom in package naming, we could no longer update some of our NPM dependencies simply because Composer does not recognize or does not allow some NPM package names (e.g., with a different letter case or special characters). That is why we had to switch from using asset packagist to calling NPM directly from the composer install and composer update scripts.
The following software is required for composer to install JS dependencies:
For instructions on how to install Node.js, navigate to the official website.
NPM packages represent JS dependencies of the application. NPM packages are recursively collected from composer.json files of all application dependencies. During composer install (either update or require) they are passed to NPM utility, which handles further installation.
For more information on NPM, see NPM documentation.
Initial Install of Application¶
During the composer install command composer runs the
Oro\Bundle\InstallerBundle\Composer\ScriptHandler::installAssets post-install command, which recursively collects NPM packages from composer.json files of all application dependencies. Collected NPM packages are passed to npm install which handles further installation:
updates dependencies section in existing package.json or creates new file
generates package-lock.json file
fetches NPM packages and puts them into node_modules/ directory
The generated package.json file is a technical file which should not be changed manually and is ignored by Git.
An example of composer.json containing NPM dependencies in the extra.npm section:
"_comment": "skipped part of file",
Application Install When Lock Files Already Exist¶
If package-lock.json already exists, post-install command
runs npm ci which looks into the lock file, fetches NPM packages, and puts them into node_modules/ directory.
Adding New NPM Dependencies¶
Add the NPM package name and version constraint to the extra.npm section of composer.json, e.g “fullcalendar”: “3.4.0”
Delete composer.lock and the package-lock.json files
Run composer install
Resolving Conflicting NPM Dependencies¶
It is possible that you can have two different versions of the same NPM package defined in two separate Composer packages. To resolve this conflict, define the version that you want to use in the root composer.json file of your application.