Installing private PHP Composer packages

Once you have signed up for a Gemfury account, you can upload Composer packages via Git, and install them into your project via composer.json.

Uploading packages

After using one of many guides on the web about creating a Composer package, you can now upload your creation to Gemfury. Please make sure that your composer.json details include the name of the package.

Use the following command to add Gemfury remote repository to your package and upload the package to your account:

# Initial one-time setup
$ git remote add fury

# Push to build a new version
$ git push fury master
Username for '': <Your personal username>
Password for '': <Your personal password>

When entering the URL for your repository, username can be yours or any of the account usernames on which you collaborate. Package-name should be the name of your package without the vendor name – no additional slashes are permitted in the URL.

If you’d like to avoid entering your credentials on every push, learn more about configuring and using Git with Gemfury.

Deleting packages

In addition to deleting packages in your account, you may want to delete the Git repository for your project. You can use the following CLI command:

$ fury git:reset repo-name

Manually building and uploading

If you’re using an SCM other than Git, you can build your package by hand and upload it manually to Gemfury. Go to the parent directory outside of the package and run:

$ zip -r package-dir/ -x 'package-dir/.svn/*'

You can then upload this package to Gemfury via the Dashboard, Gemfury CLI, or cURL.

Your secret Repository URL

The secret repository URL is the Composer endpoint for your Gemfury account and packages. Do not share this URL to keep your account private.

Your Repository URL has the following format:

Install modules via composer.json

Add the repositories option with your Repository-URL to your your composer.json. As described in the Composer manual, repositories option can only be applied to a root package:

  "repositories": [{
    "type": "composer",
    "url": ""

  "require": {
    "user/package-name": ">= 1.0.0"

Test it out by running:

$ php composer.phar install

Keeping your credentials separate & secure

Athough the method described above is the simplest, we strongly recommend that you do not keep secret tokens in your composer.json nor commit them into your SCM. Instead, we encourage you to store your Composer credentials in a separate configuration file.

To use this method, create auth.json in your COMPOSER_HOME or the root directory of your project. This will be done individually by each developer, so be sure to include this file in your .gitignore or equivalent:

  "http-basic": {
    "": {
      "username": "your-secret-token",
      "password": ""

Now you can safely commit your private repo configuration to composer.json:

  "repositories": [
    { "type": "composer", "url":  "" }


You can choose between explicit or tag-based versioning modes for building your package by either specifying or omitting the version property in your composer.json.

  • Explicit versioning will build your package from the tip of the pushed master branch and use the version specified in your composer.json file.
  • To enable tag-based versioning, remove the version property from your composer.json and Gemfury will version your package using your Git tags.