Private PHP Composer packages

Learn how to distribute your private PHP packages.


In order to distribute your PHP package you must make sure a valid composer.json is located in the root of your repository. If you attempt to import or publish a release without a valid composer.json you will receive an notification.

Installation instructions

Your customers can use PHP's package manager to install your package once they added the private registry to their composer.json. The repository URL is equal to the product identifier followed by, for example:

2 "repositories": [
3 {
4 "type": "composer",
5 "url": ""
6 }
7 ],

Once the repository has been added to the composer.json file, they can install your product like any other composer package using the composer require command:

composer require your/package
Loading composer repositories with package information
Authentication required (
Username: [licensee-email]
Password: [license-key]

The user will be prompted to provide their username and password. The username will be their email address and the password will be equal to their license key. If your license policy requires a fingerprint the user will need to append his/her fingerprint to their license key. For example, let's say we have the following licensee and license activation:

  • Contact email: [email protected]
  • License key: 8c21df8f-6273-4932-b4ba-8bcc723ef500
  • Activation fingerprint:

This will require your licensee to enter the following information when prompted for their credentials:

Loading composer repositories with package information
Authentication required (

To clarify, the license key and fingerprint should be separated by a colon (:). If your license policy does not require a fingerprint both the fingerprint and the colon can be omitted.

If your license is not assigned to a licensee you can enter unlock as the username instead of the email.


How can I give Dependabot access to the private repository?

In order for Dependabot to access a private repository you will need to configure your credentials as follows:

1version: 2
3 wire-elements-pro:
4 type: git
5 url:
6 username: [email protected]
7 password: "${{secrets.WIRE_ELEMENTS_PRO_LICENSE_KEY}}"
9 - package-ecosystem: "composer"
10 ...
11 registries:
12 - wire-elements-pro

Make sure you add your license key to the GitHub Action Secrets. Dependabot will now notify you when new releases for a given product have been published.