Ultra Web Hosting Docs

Using Composer

Composer is the dependency manager for PHP. Over SSH it reads your composer.json, resolves the libraries your project needs, and installs them into a vendor/ directory. This page covers running Composer on your hosting account.

Note Composer is a command-line tool for developers who are comfortable working in a shell. You will run every command over SSH — see SSH Access to open a session first.

The Core Commands

From your project directory, these three commands cover almost everything:

composer install
composer update
composer require vendor/package

Selecting the PHP Version

Composer runs under whichever PHP the shell defaults to, which may not match the version your site uses. Set your account's CLI version in the Select PHP Version tool (the CloudLinux PHP Selector) in cPanel, or call the matching ea-php binary explicitly:

php -v
ea-php82 -v
ea-php82 composer.phar install

Running Composer through the same PHP version your application targets ensures the resolved dependencies are compatible with your runtime.

Tip Check php -v before installing. If it reports a different version than your site runs, prefix your Composer command with the correct ea-php binary so dependencies are resolved against the right PHP.

Raising the Memory Limit

Large dependency trees can exhaust PHP's memory limit, and Composer will stop with a fatal allowed memory size exhausted error. Give Composer an unlimited limit just for that run:

php -d memory_limit=-1 composer.phar install
php -d memory_limit=-1 composer.phar update

The -d memory_limit=-1 flag applies only to that single command — it does not change your account's PHP settings.

Where the vendor/ Directory Goes

Composer installs packages into a vendor/ directory next to your composer.json, and writes a vendor/autoload.php file you include to load them:

require __DIR__ . '/vendor/autoload.php';
Warning Keep vendor/ out of your public web root where possible, and never edit files inside it by hand — the next composer install or composer update will overwrite your changes. Manage dependencies only through composer.json.

Committing composer.json and composer.lock

Both files belong in version control. Commit composer.json (your declared dependencies) and composer.lock (the exact resolved versions), but add vendor/ to your .gitignore:

echo "/vendor/" >> .gitignore
git add composer.json composer.lock .gitignore
git commit -m "Add project dependencies"

On deployment you then run composer install to rebuild vendor/ from the committed lock file, guaranteeing every environment gets identical versions. See Git Version Control for setting up a repository and automatic deployment.

Note If Composer cannot reach the package repositories, or an install fails for reasons unrelated to your project, open a support ticket with the full command output.