ocramius/package-versions
Fast, zero‑I/O access to Composer dependency versions at runtime. Reads version data compiled from composer.lock during install/update, so calls are cheap. Use PackageVersions\Versions::getVersion('vendor/package') to embed or log exact versions.
Install the package with composer require ocramius/package-versions. After installation, run composer dump-autoload --optimize for best performance (enables classmap usage without runtime I/O). The core API is simple: \PackageVersions\Versions::getVersion('vendor/package') returns a version string like 1.2.3@abc123, where the suffix is the short commit hash. For the root package name, use \PackageVersions\Versions::rootPackageName() (not the old constant). First use case: injecting version info into application banners or health-check endpoints without hitting Composer’s metadata API at runtime.
Generate static assets during build/deploy using version data — e.g., embed dependency versions in JS/CSS cache-busting filenames, API response metadata, or logging context. Use Versions::getVersion() in services that need version context (e.g., App\Version\VersionInfo factory). Combine with Composer scripts: run a post-install/update dump of version data to JSON/YAML for external tooling or release notes. In CLI commands, fetch and format versions for diagnostic output (php bin/console system:info). Leverage the generated vendor/ocramius/package-versions/src/PackageVersions.php as a reference — though it’s auto-generated, it’s designed to be optimized into classmap and requires no runtime modification.
composer.lock: versions are baked during install/update; if you forget to commit composer.lock and rebuild in a new environment, the wrong versions may appear. Always deploy with composer.lock.getVersion() in performance-critical loops or per-request paths (cache or pre-compute instead).ROOT_PACKAGE_NAME constant was removed — use rootPackageName() method to avoid BC breaks.optimize-autoloader, if you skip dump-autoload --optimize (e.g., in CI with --no-dev), expect I/O overhead on first getVersion() call.composer show -i or composer lock --raw to verify lock-file accuracy. If getVersion() returns unexpected data, check for outdated lock files or manual composer.lock edits.path repos or with no git reference may omit the commit hash suffix — versions like 1.0.0 appear as-is.How can I help you explore Laravel packages today?