How to explain Composer's error log?

Documentation of Composer can be found at getcomposer.org/doc, especially Troubleshooting section. Usually the dependency problems comes from misconfiguration of your composer.json and understanding Composer logs comes with experience or learning on trial and error. Documenting every possible errors out of hundreds can become quickly outdated. If you believe some specific error isn't clear enough, you can always raise a new suggestion at the Composer's GitHub page.

As suggested in linked GitHub issue, "Conclusion: don't install" message it could be related to requirements defined in minimum-stability. Another linked question could be related to Composer's bug as reported at GH-7215.

Errors

Here is a small guide explaining the common Composer's errors:

• Can only install one of: org/package[x.y.z, X.Y.Z].

  If you see this messages, that could be the main cause of the dependency issue. It basically means that based on the Composer's dependency calculation both of these versions are required, but only one major version can be installed (you cannot have both x.y.z and X.Y.Z, unless you split your configuration for different folders). To see why these packages are required, use the composer why/depends command and adjust the dependencies accordingly.

  See: How to resolve a "Can only install one of:" conflict? & How to solve two packages requirements conflicts when running composer install?

• Installation request for org/package2 (locked at vX.Y.Z)

  This message means that there was an installation request for org/package, however, it is locked at X.Y.Z. If the requested version is not compatible with the locked version (like a different major version), you cannot install both. This message often comes along with already mentioned "Can only install one" one. So, whenever you see "locked at", that means Composer reads your installed package version from the composer.lock file. To troubleshoot, you can use composer why/depends command to find why the package was requested and adjust the compatibility, otherwise, you may try to remove composer.lock file and start from scratch (ideally from the empty folder).

  See: Installation failed for laravel/lumen-installer: guzzlehttp/guzzle locked at 6.3.0

• org/package1 vx.y.z conflicts with org/package2[vX.Y.Z].

  It is a similar issue as above where two packages are conflicting and you need to solve the dependency manually. Reading the whole context of the message may give you some more clues. Checking the dependency tree may also help (composer show -t).

• conflict with your requirements or minimum-stability

  This message means as it reads, so you should check the required version and your minimum-stability settings.

  See: But these conflict with your requirements or minimum-stability

For any other errors, check out the official Composer's Troubleshooting page.

Troubleshooting

Here are more suggestions how to troubleshoot the Composer dependency issues in general:

• Add -v/-vv/-vvv parameter to your command for more verbose output.
• Run composer diagnose to check for common errors to help debugging problems.
• If you seeing "locked at x.y.z" messages, it relates to packages locked in your composer.lock.
• Test your composer.json on the empty folder.
• Keep your composer.json to minimum.
• Run composer show -t to see your current dependency tree.
• Run composer show -a org/package x.y.z to check the details about the package.
• Feel free to ask a new question at .

To fully debug Composer's dependency problem, you can:

• Analyse or modify the source code (e.g. DependencyResolver/Problem.php).
• Run Composer under XDebug, either by the breakpoint or generating a full or partial trace file.

Useful threads explaining common errors:

• How to resolve a "Can only install one of:" conflict?
• composer.json fails to resolve installable set of package
• Discover latest versions of Composer packages when dependencies are locked
• When trying to install php-jwt facing trouble with auth0
• Reference - "Your PHP version does not satisfy requirements" with Composer

Indeed, Composer will not recursively look at composer.json files in the file system. It needs to see the composer.json files in the repository. The way it usually works is that a package has a git or svn URL somewhere. Composer will fetch, for instance, git://<host>/<package>/composer.json directly from the repository to figure out that package's dependencies before it's even installed to calculate the overall dependencies.

In your case, you are defining a package inline in your own composer.json file. This is used instead of a composer.json file in the dependency. This means Composer takes the "package": { ... } to be the canonical composer.json file for that package, it will not look into the code itself; especially not after unpacking it. It treats the Zip file as if it had no composer.json file of its own.

Define the dependencies in the "package": { ... } or host the code in a version control system from which Composer can fetch the composer.json file.

You can't do any additional customization or implement any of that logic with the built-in error handler, you'd need to set your own error handler with set_error_handler().

This function takes a callback which will be invoked when PHP encounters an error, and you can act accordingly.

See the example on the docs for how to use this function and how to implement a proper callback.