Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Composer Dist Plugin
Assessments

Composer Dist Plugin Laravel Package

pixelfear/composer-dist-plugin

Composer plugin that prefers installing packages from dist archives, speeding up installs and reducing VCS checkouts. Useful in CI/CD and production deployments where source clones aren’t needed, with configurable behavior per package or repository.

View on GitHub
Deep Wiki
Context7

Getting Started

Install the package as a development dependency:

composer require --dev pixelfear/composer-dist-plugin

Add a dist section to your composer.json to define distributable sources:

{
  "extra": {
    "dist": {
      "path/to/target/file.js": "https://example.com/path/to/source/file.js"
    }
  }
}

Run composer update (or install) — the plugin will fetch the remote asset and place it at path/to/target/file.js. No need to commit third-party binaries; they’ll be auto-downloaded on deployment.

Implementation Patterns

Use for bundling static assets (e.g., JS/CSS, binaries, CLI tools) without including them in your repo. Ideal for internal package dependencies where release builds require pre-built assets but you want to avoid bloat in source control.
Common workflow:

  • Define dist targets in composer.json of your package’s root.
  • Hook into post-autoload-dump or post-install-cmd scripts if you need to regenerate assets (e.g., after a new release tag).
  • Combine with asset-packagist or npm/yarn for hybrid frontends — use this plugin only for non-NPM-available binaries or locked-down releases.

Example: embedding a vendored CLI tool:

"extra": {
  "dist": {
    "bin/mytool": "https://github.com/org/mytool/releases/download/v1.2.3/mytool.phar"
  }
}

Gotchas and Tips

  • The plugin does not verify checksums by default — use --with-verification if available, or enforce strict URLs/versions manually to prevent supply-chain issues.
  • File paths are relative to the project root, not the package root — double-check paths if used across subpackages.
  • Overwrites files without warning — avoid pointing to shared or manually edited assets.
  • Only supports HTTP/HTTPS — no local filesystem or S3 (unless proxied via URL).
  • Works best with immutable URLs (e.g., pinned release artifacts). Never use latest or mutable tags.
  • For CI/CD, ensure composer install runs with -o (optimize autoloader) if needed — the plugin doesn’t interfere with autoloading but avoids unnecessary rebuilds.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport
twbs/bootstrap4
php-http/client-implementation
phpcr/phpcr-implementation
cucumber/gherkin-monorepo
haydenpierce/class-finder
psr/simple-cache-implementation
uri-template/tests