How to Install Composer on Ubuntu Linux

Last updated on November 17, 2025 4:34 pm by Joshua James
Estimated reading time: 8 minutes
Composer PHP logo with code brackets and Ubuntu logo showing dependency management installation

Composer is a widely used dependency manager for PHP, allowing developers to manage libraries and packages efficiently within their projects. Consequently, it automates the process of installing, updating, and managing dependencies while ensuring correct versions are installed and handling complex dependency trees, making it indispensable for modern PHP development.

This guide covers installing Composer on Ubuntu using the official getcomposer installer, which provides the latest version directly from the source with current security improvements. In addition, it explains how to verify the installer’s integrity, configure Composer globally, and validate the installation for production use so you can trust the tool in daily workflows.

Contents hide
1 Install Required PHP Packages for Composer
2 Download and Install Composer
3 Update Composer
4 Basic Composer Usage
5 Troubleshoot Composer Installation Issues
6 Conclusion

Install Required PHP Packages for Composer

Before installing Composer, update your system’s package database and install the necessary PHP packages. These commands use APT, Ubuntu’s package manager that works much like a combined Windows Update and Microsoft Store. Composer requires PHP CLI (the command-line interface for running PHP scripts outside a browser, similar to PowerShell), php-zip for extracting downloaded packages, php-curl for fetching data from URLs, curl for pulling down the installer itself, and git for repository operations.

To begin, update the package index:

sudo apt update

Next, install the required packages:

sudo apt install curl php-cli php-zip php-curl php-mbstring git unzip

Together, these packages provide the foundation for Composer to function properly. Additionally, curl fetches the installer and API data, php-mbstring supports multibyte string handling (required by many PHP packages), git enables Composer to clone repositories, and unzip extracts archived packages efficiently.

Download and Install Composer

Composer provides a PHP-based installer script that handles the installation process automatically. From there, the steps involve downloading this script, verifying its integrity against a published hash, and then executing it to install Composer globally on your system.

Download the Composer Installer

Next, use curl to download the installer script to your temporary directory. The -sS flags make curl silent while still displaying errors, and -o specifies the output location:

cd ~
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php

Verify the Installer Integrity

Afterward, verify its authenticity by comparing the downloaded file’s hash against Composer’s published SHA-384 hash. A hash is a fixed-length checksum calculated from the file’s contents, and matching values ensure the installer has not been tampered with during download.

First, fetch the latest hash from Composer’s signature page and store it in a shell variable:

HASH=`curl -sS https://composer.github.io/installer.sig`

Optionally, inspect the fetched hash to confirm it downloaded correctly:

echo $HASH

Next, verify the downloaded installer by comparing its hash with the stored value. This PHP command computes the file’s SHA-384 hash and compares it against the expected hash:

php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('/tmp/composer-setup.php'); } echo PHP_EOL;"

The command outputs one of two results. Specifically, a successful verification displays:

Installer verified

Otherwise, if verification fails, you’ll see:

Installer corrupt

When the installer is corrupt, the script automatically deletes the file. Therefore, re-download the installer and repeat the verification process.

Install Composer Globally

At this point, with the verified installer, you can install Composer system-wide. This global installation places Composer in /usr/local/bin, making the composer command accessible from any directory:

sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer

After the script runs, the installer will display output confirming the installation succeeded:

All settings correct for using Composer
Downloading...

Composer (version x.x.x) successfully installed to: /usr/local/bin/composer
Use it: php /usr/local/bin/composer

Verify Composer Installation

Next, confirm Composer installed correctly by checking its version:

composer --version

This output displays the installed Composer version, confirming successful installation:

Composer version 2.x.x 2024-xx-xx xx:xx:xx

Alternatively, run composer without flags to display the full command list and usage information. The output begins with Composer’s ASCII logo:

   ______
  / ____/___  ____ ___  ____  ____  ________  _____
 / /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
                    /_/
Composer version 2.x.x 2024-xx-xx xx:xx:xx

Use Composer Per Project

For localized workflows, if you need a local copy of Composer for a specific project, run the installer before deleting it so it drops a composer.phar file into your working directory:

php /tmp/composer-setup.php --install-dir=$PWD --filename=composer.phar

Then, use PHP to execute the local binary whenever you want to manage dependencies without touching the system-wide Composer installation:

php composer.phar --version

If you’ve already deleted the installer, rerun the earlier curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php command to recreate it before generating composer.phar.

Finally, once everything checks out, remove the installer file as it’s no longer needed:

php -r "unlink('/tmp/composer-setup.php');"

Update Composer

After installation, keep Composer current by running the self-update command, which checks for newer versions and updates automatically:

sudo composer self-update

If you’re already running the latest version, the output confirms:

You are already using the latest available Composer version 2.x.x (stable channel).

Run this command periodically to receive security fixes, performance improvements, and new features.

Basic Composer Usage

Once installed, Composer manages PHP dependencies through a composer.json file that defines required packages. Consequently, it tracks version constraints and automatically resolves dependency conflicts so your applications load the correct library versions. Here are the essential commands to get started:

Initialize a New Project

To start a new workspace, create a composer.json file interactively by running composer init in your project directory. This wizard-style command prompts you for project details and initial dependencies.

composer init

Install Dependencies

Next, add packages to your project with the require command. For example, to install Monolog (a popular logging library):

composer require monolog/monolog

During installation, Composer downloads the package and displays progress:

Using version ^3.8 for monolog/monolog
./composer.json has been created
Running composer update monolog/monolog
Loading composer repositories with package information
Updating dependencies
Lock file operations: 2 installs, 0 updates, 0 removals
  - Locking monolog/monolog (3.8.0)
  - Locking psr/log (3.0.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 2 installs, 0 updates, 0 removals
  - Downloading monolog/monolog (3.8.0)
  - Downloading psr/log (3.0.2)
  - Installing psr/log (3.0.2): Extracting archive
  - Installing monolog/monolog (3.8.0): Extracting archive
Generating autoload files

Consequently, Composer downloads the package, resolves dependencies, updates composer.json, and generates two important files:

  • composer.json – Defines your project dependencies and version constraints
  • composer.lock – Locks specific package versions for consistency across environments

Additionally, the vendor/ directory stores all downloaded packages, while vendor/autoload.php provides automatic class loading.

Use Autoloading in PHP Scripts

PHP requires manual class loading by default. Composer’s autoloader eliminates this tedious process. Include the autoloader at the top of your PHP files:

<?php
require __DIR__ . '/vendor/autoload.php';

use Monolog\Logger;
use Monolog\Handler\StreamHandler;

// Create a log channel
$log = new Logger('app');
$log->pushHandler(new StreamHandler('app.log', Logger::WARNING));

// Add log entries
$log->warning('This is a warning message');
$log->error('This is an error message');

As a result, the autoloader automatically imports all required classes from installed packages, eliminating individual require statements for each dependency.

When you then run this script with php script.php (assuming you saved it as script.php), it creates an app.log file with entries like:

php script.php
[2025-11-14T12:34:56.123456+00:00] app.WARNING: This is a warning message [] []
[2025-11-14T12:34:56.123789+00:00] app.ERROR: This is an error message [] []

Update Dependencies

To keep packages current, run composer update, which checks for newer versions matching your version constraints and updates accordingly:

composer update

Alternatively, update specific packages individually to minimize risk when testing updates:

composer update monolog/monolog

Therefore, run updates regularly to receive security fixes and feature improvements while maintaining project stability.

Troubleshoot Composer Installation Issues

Fix Signature Verification Failures

Signature mismatches almost always mean the installer downloaded incompletely or your local cache still holds an older file. Remove the script, fetch a new copy, and re-run the verification steps:

rm -f /tmp/composer-setup.php
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
HASH=`curl -sS https://composer.github.io/installer.sig`
php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('/tmp/composer-setup.php'); } echo PHP_EOL;"

Resolve PHP Version or Extension Errors

Composer requires PHP 7.2.5 or newer plus the CLI, cURL, ZIP, and mbstring extensions. If the installer exits with “PHP not found” or “Missing ext-zip,” confirm your PHP runtime meets the requirements:

php -v
php -m | grep -E 'curl|zip|mbstring'

If these checks fail, reinstall the required packages:

sudo apt install curl php-cli php-zip php-curl php-mbstring

Handle Permission Denied in /usr/local/bin

If the installer cannot write to /usr/local/bin, install Composer to your home directory, then move the binary with elevated privileges:

php /tmp/composer-setup.php --install-dir=$HOME --filename=composer
sudo install -m 755 $HOME/composer /usr/local/bin/composer

Verify that the system now finds the binary globally:

which composer

Conclusion

Composer provides essential dependency management for PHP projects through its official installer, which delivers the latest version with current security improvements. The installation process covers downloading the installer, verifying integrity with SHA-384 hashes, and configuring Composer globally for system-wide access. Your Ubuntu system now automates library installation, handles complex dependency trees, and streamlines PHP development workflows through autoloading and efficient package management.

How to Install KiCad on Ubuntu 24.04/22.04/20.04

How to Install HandBrake on Ubuntu 24.04, 22.04 or 20.04

Leave a Comment


If you have any legitimate inquiries, such as article suggestions, don't hesitate to contact LinuxCapable. Please ensure that your message is written in English.

Contact Us
About Us Disclaimer Privacy Policy Terms and Conditions