Packages
Packages in Pricore represent your private Composer packages. They can be synced automatically from Git repositories or managed manually.
Package Basics
Each package has:
- Name - Follows Composer naming convention:
vendor/package-name - Description - Brief description of the package
- Type - Package type (library, project, metapackage, etc.)
- Visibility - Private or public within your organization
- Versions - Release versions synced from tags or branches
Creating Packages
From a Repository
The recommended way to create packages is by connecting a Git repository:
- Connect a repository to your organization
- Pricore automatically discovers
composer.jsonand creates the package - Tags become release versions, branches become dev versions
Manual Creation
For packages not hosted in Git:
- Navigate to Packages > Create Package
- Enter the package name and metadata
- Upload or configure versions manually
Package Versions
Versions in Pricore follow Composer's versioning rules:
| Source | Version Format | Example |
|---|---|---|
| Git tag | Semantic version | 1.0.0, v2.1.3 |
| Git branch | Dev version | dev-main, dev-feature-x |
Version Metadata
Each version stores:
- Complete
composer.jsoncontent - Dependencies and dev-dependencies
- Autoload configuration
- Scripts and extra metadata
Syncing Versions
Versions are synced automatically when:
- A webhook is triggered by your Git provider
- You manually trigger a sync from the package page
- The scheduled sync job runs (if configured)
Using Packages with Composer
1. Add the Repository
Add your Pricore organization as a Composer repository:
json
{
"repositories": [
{
"type": "composer",
"url": "https://packages.yourcompany.com/org/your-organization"
}
]
}2. Authenticate
Configure Composer with your access token:
bash
composer config --global --auth http-basic.packages.yourcompany.com token YOUR_ACCESS_TOKENOr add to auth.json:
json
{
"http-basic": {
"packages.yourcompany.com": {
"username": "token",
"password": "YOUR_ACCESS_TOKEN"
}
}
}3. Require the Package
bash
composer require your-vendor/your-packagePackage Visibility
Private Packages
Private packages are only accessible to:
- Organization members
- Users with valid access tokens that have permission
Proxied Packages
Pricore can proxy packages from Packagist, allowing you to:
- Cache packages locally for faster installs
- Maintain availability even if Packagist is down
- Control which public packages your team can use
Package Metadata
Viewing Package Details
The package page shows:
- Overview - Description, stats, and quick links
- Versions - All available versions with release dates
- Dependencies - Required packages for each version
- Dependents - Other packages that depend on this one
Editing Packages
Package owners and admins can:
- Update description and metadata
- Change visibility settings
- Link/unlink repositories
- Delete the package
Best Practices
- Follow Composer naming - Use lowercase, hyphenated names:
acme/my-package - Use semantic versioning - Tag releases with proper semver:
1.0.0,1.0.1,1.1.0 - Keep composer.json complete - Include description, license, authors, and autoload
- Document your packages - Add README files and use the description field
- Audit versions - Remove outdated or broken versions when necessary