PHPackages servinube/composer-patches - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. servinube/composer-patches ActiveComposer-plugin[Utility & Helpers](/categories/utility) servinube/composer-patches ========================== Provides a way to patch Composer packages. 1.7.4(1y ago)1461[1 issues](https://github.com/servinube/composer-patches/issues)BSD-3-ClausePHPPHP >=5.3.0 Since Apr 23Pushed 1y agoCompare [ Source](https://github.com/servinube/composer-patches)[ Packagist](https://packagist.org/packages/servinube/composer-patches)[ RSS](/packages/servinube-composer-patches/feed)WikiDiscussions add-preserve-paths-events Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (23)Used By (0) composer-patches ================ [](#composer-patches) Simple patches plugin for Composer. Applies a patch from a local or remote file to any package required with composer. Note that the 1.x versions of Composer Patches are supported on a best-effort basis due to the imminent release of 2.0.0. You may still be interested in using 1.x if you need Composer to cooperate with earlier PHP versions. No new features will be added to 1.x releases, but any security or bug fixes will still be accepted. Usage ----- [](#usage) Example composer.json: ``` { "require": { "cweagans/composer-patches": "~1.0", "drupal/drupal": "~8.2" }, "config": { "preferred-install": "source" }, "extra": { "patches": { "drupal/drupal": { "Add startup configuration for PHP server": "https://www.drupal.org/files/issues/add_a_startup-1543858-30.patch" } } } } ``` Using an external patch file ---------------------------- [](#using-an-external-patch-file) Instead of a patches key in your root composer.json, use a patches-file key. ``` { "require": { "cweagans/composer-patches": "~1.0", "drupal/drupal": "~8.2" }, "config": { "preferred-install": "source" }, "extra": { "patches-file": "local/path/to/your/composer.patches.json" } } ``` Then your `composer.patches.json` should look like this: ``` { "patches": { "vendor/project": { "Patch title": "http://example.com/url/to/patch.patch" } } } ``` Allowing patches to be applied from dependencies ------------------------------------------------ [](#allowing-patches-to-be-applied-from-dependencies) If your project doesn't supply any patches of its own, but you still want to accept patches from dependencies, you must have the following in your composer file: ``` { "require": { "cweagans/composer-patches": "^1.5.0" }, "extra": { "enable-patching": true } } ``` If you do have a `patches` section in your composer file that defines your own set of patches then the `enable-patching` setting will be ignored and patches from dependencies will always be applied. Ignoring patches ---------------- [](#ignoring-patches) There may be situations in which you want to ignore a patch supplied by a dependency. For example: - You use a different more recent version of a dependency, and now a patch isn't applying. - You have a more up to date patch than the dependency, and want to use yours instead of theirs. - A dependency's patch adds a feature to a project that you don't need. - Your patches conflict with a dependency's patches. ``` { "require": { "cweagans/composer-patches": "~1.0", "drupal/drupal": "~8.2", "drupal/lightning": "~8.1" }, "config": { "preferred-install": "source" }, "extra": { "patches": { "drupal/drupal": { "Add startup configuration for PHP server": "https://www.drupal.org/files/issues/add_a_startup-1543858-30.patch" } }, "patches-ignore": { "drupal/lightning": { "drupal/panelizer": { "This patch has known conflicts with our Quick Edit integration": "https://www.drupal.org/files/issues/2664682-49.patch" } } } } } ``` Allowing to force the patch level (-pX) --------------------------------------- [](#allowing-to-force-the-patch-level--px) Some situations require to force the patchLevel used to apply patches on a particular package. Its useful for packages like drupal/core which packages only a subdir of the original upstream project on which patches are based. ``` { "extra": { "patchLevel": { "drupal/core": "-p2" } } } ``` Using patches from HTTP URLs ---------------------------- [](#using-patches-from-http-urls) Composer [blocks](https://getcomposer.org/doc/06-config.md#secure-http) you from downloading anything from HTTP URLs, you can disable this for your project by adding a `secure-http` setting in the config section of your `composer.json`. Note that the `config` section should be under the root of your `composer.json`. ``` { "config": { "secure-http": false } } ``` However, it's always advised to setup HTTPS to prevent MITM code injection. Patches containing modifications to composer.json files ------------------------------------------------------- [](#patches-containing-modifications-to-composerjson-files) Because patching occurs *after* Composer calculates dependencies and installs packages, changes to an underlying dependency's `composer.json` file introduced in a patch will have *no effect* on installed packages. If you need to modify a dependency's `composer.json` or its underlying dependencies, you cannot use this plugin. Instead, you must do one of the following: - Work to get the underlying issue resolved in the upstream package. - Fork the package and [specify your fork as the package repository](https://getcomposer.org/doc/05-repositories.md#vcs) in your root `composer.json` - Specify compatible package version requirements in your root `composer.json` Error handling -------------- [](#error-handling) If a patch cannot be applied (hunk failed, different line endings, etc.) a message will be shown and the patch will be skipped. To enforce throwing an error and stopping package installation/update immediately, you have two available options: 1. Add `"composer-exit-on-patch-failure": true` option to the `extra` section of your composer.json file. 2. Export `COMPOSER_EXIT_ON_PATCH_FAILURE=1` By default, failed patches are skipped. Patches reporting ----------------- [](#patches-reporting) When a patch is applied, the plugin writes a report-file `PATCHES.txt` to a patching directory (e.g. `./patch-me/PATCHES.txt`), which contains a list of applied patches. If you want to avoid this behavior, add a specific key to the `extra` section: ``` "extra": { "composer-patches-skip-reporting": true } ``` Or provide an environment variable `COMPOSER_PATCHES_SKIP_REPORTING` with a config. Patching composer.json in dependencies -------------------------------------- [](#patching-composerjson-in-dependencies) This doesn't work like you'd want. By the time you're running `composer install`, the metadata from your dependencies' composer.json has already been aggregated by packagist (or whatever metadata repo you're using). Unfortunately, this means that you cannot e.g. patch a dependency to be compatible with an earlier version of PHP or change the framework version that a plugin depends on. @anotherjames over at @computerminds wrote an article about how to work around that particular problem for a Drupal 8 -> Drupal 9 upgrade: [Apply Drupal 9 compatibility patches with Composer](https://www.computerminds.co.uk/articles/apply-drupal-9-compatibility-patches-composer) ([archive](https://web.archive.org/web/20210124171010/https://www.computerminds.co.uk/articles/apply-drupal-9-compatibility-patches-composer)) Difference between this and netresearch/composer-patches-plugin --------------------------------------------------------------- [](#difference-between-this-and-netresearchcomposer-patches-plugin) - This plugin is much more simple to use and maintain - This plugin doesn't require you to specify which package version you're patching - This plugin is easy to use with Drupal modules (which don't use semantic versioning). - This plugin will gather patches from all dependencies and apply them as if they were in the root composer.json Credits ------- [](#credits) A ton of this code is adapted or taken straight from , which is abandoned in favor of , which is (IMHO) overly complex and difficult to use. ### Health Score 32 — LowBetter than 72% of packages Maintenance17 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community19 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor1 Top contributor holds 64% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~173 days Recently: every ~250 days Total 21 Last Release 566d ago Major Versions 1.7.3 → 2.0.0-beta12023-07-01 PHP version history (3 changes)1.0.0PHP >=5.4.0 1.4.0PHP >=5.3.0 2.0.0-beta1PHP >=8.0.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/80b385e9e8779ea76bff4cc1413f9e3b99b5465e66ed5d6237a758f15b644443?d=identicon)[jmsosso](/maintainers/jmsosso) --- Top Contributors [![cweagans](https://avatars.githubusercontent.com/u/101590?v=4)](https://github.com/cweagans "cweagans (80 commits)")[![LionsAd](https://avatars.githubusercontent.com/u/354804?v=4)](https://github.com/LionsAd "LionsAd (7 commits)")[![Leksat](https://avatars.githubusercontent.com/u/989015?v=4)](https://github.com/Leksat "Leksat (3 commits)")[![ukgodzuki](https://avatars.githubusercontent.com/u/240904750?v=4)](https://github.com/ukgodzuki "ukgodzuki (3 commits)")[![danepowell](https://avatars.githubusercontent.com/u/1984514?v=4)](https://github.com/danepowell "danepowell (3 commits)")[![pfrenssen](https://avatars.githubusercontent.com/u/442924?v=4)](https://github.com/pfrenssen "pfrenssen (2 commits)")[![dan2k3k4](https://avatars.githubusercontent.com/u/158704?v=4)](https://github.com/dan2k3k4 "dan2k3k4 (2 commits)")[![mmenozzi](https://avatars.githubusercontent.com/u/1199914?v=4)](https://github.com/mmenozzi "mmenozzi (2 commits)")[![hussainweb](https://avatars.githubusercontent.com/u/1040271?v=4)](https://github.com/hussainweb "hussainweb (2 commits)")[![grasmash](https://avatars.githubusercontent.com/u/539205?v=4)](https://github.com/grasmash "grasmash (1 commits)")[![greg-1-anderson](https://avatars.githubusercontent.com/u/612191?v=4)](https://github.com/greg-1-anderson "greg-1-anderson (1 commits)")[![awd-studio](https://avatars.githubusercontent.com/u/15061745?v=4)](https://github.com/awd-studio "awd-studio (1 commits)")[![jhedstrom](https://avatars.githubusercontent.com/u/76833?v=4)](https://github.com/jhedstrom "jhedstrom (1 commits)")[![mbrodala](https://avatars.githubusercontent.com/u/5037116?v=4)](https://github.com/mbrodala "mbrodala (1 commits)")[![mxr576](https://avatars.githubusercontent.com/u/1755573?v=4)](https://github.com/mxr576 "mxr576 (1 commits)")[![navarr](https://avatars.githubusercontent.com/u/145128?v=4)](https://github.com/navarr "navarr (1 commits)")[![phenaproxima](https://avatars.githubusercontent.com/u/4504530?v=4)](https://github.com/phenaproxima "phenaproxima (1 commits)")[![pingers](https://avatars.githubusercontent.com/u/1512865?v=4)](https://github.com/pingers "pingers (1 commits)")[![pivulic](https://avatars.githubusercontent.com/u/7068697?v=4)](https://github.com/pivulic "pivulic (1 commits)")[![QuingKhaos](https://avatars.githubusercontent.com/u/993350?v=4)](https://github.com/QuingKhaos "QuingKhaos (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/servinube-composer-patches/health.svg) ``` [![Health](https://phpackages.com/badges/servinube-composer-patches/health.svg)](https://phpackages.com/packages/servinube-composer-patches) ``` ### Alternatives [vaimo/composer-patches Applies a patch from a local or remote file to any package that is part of a given composer project. Patches can be defined both on project and on package level. Optional support for patch versioning, sequencing, custom patch applier configuration and patch command for testing/troubleshooting added patches. 2994.3M16](/packages/vaimo-composer-patches)[mglaman/composer-drupal-lenient 1317.4M15](/packages/mglaman-composer-drupal-lenient)[drupal/core-composer-scaffold A flexible Composer project scaffold builder. 5341.9M446](/packages/drupal-core-composer-scaffold)[drupal/core-project-message Adds a message after Composer installation. 2122.6M172](/packages/drupal-core-project-message)[olvlvl/composer-attribute-collector A convenient and near zero-cost way to retrieve targets of PHP 8 attributes 184108.8k8](/packages/olvlvl-composer-attribute-collector)[lullabot/drainpipe An automated build tool to allow projects to have a set standardized operations scripts. 41716.4k2](/packages/lullabot-drainpipe) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)