Third-party libraries


I’m learning Yii2 framework and I have a big question.

What is the advantage of installing third party libraries in our projects (using Composer) ?

For example, I saw that packages installed via Composer are created inside vendor directory, after that, should I do something else to avoid dependencies problems or something similar?

How can I ensure that the installed package wont’ be updated or modified by the real owner in the future?

Is there a way to include extensions in our projects and put them outside vendor’s directory so they won’t be updated?


If you want to stick to a specific version of a 3rd party library, you can tell composer to only pull exactly that version. But in general, a huge advantage of composer is that it is very easy to use up-to-date versions of vendor code.

Yes, download manually, put in a directory, add a use statement. You MAY need to change the namespace to get it to actually work, but I’m not sure about that. Now what if a bug/flaw is fixed…redo the above.

However, as previously noted, composer will keep it updated AND check dependencies.

Thanks for the answers ::)

But what happens if the vendor code I installed in my project is no more available on GitHub ? I’m worried that.

Because of that I was searching for a way to ensure and lock 3rd party code in view to these situations…

If that’s your concern, you can fork the 3rd party code and then tell composer to pull your own version. Of course if you do that, you have the overhead of keeping your fork up-to-date.