First, you need to understand what composer is. It's a "dependency manager". So it manages your application dependencies, basically the libraries your application needs to work.
It does so recursively. So if your application requires NiceDependency to work, and NiceDependency in turn requires AnotherNicePackage, it installs both. It deals also with conflict resolution (when one of your dependencies requires something that's not compatible with something that another of your dependencies require).
The file where your dependencies are declared is composer.json.
So when you run composer require [some-vendor/some-package], a few things happen behind the curtain. Simplifying things a lot:
- If your
composer.json file doesn't exist, it will create it.
- It will try to find your dependency in the central repository (packagist.org)
- If found, it will download the package and store it in the
vendor directory.
- It will update your
composer.json it to add your dependency to the require key.
In the process, it will resolve all the nested dependencies and do the same for those.
When it's done, it will also create a composer.lock file.
This "lock" file stores a frozen snapshot of all the references to all the packages that were actually installed. This is necessary because when you declare your dependencies you can define a range of versions (e.g "anything greater or equal than version 2.2; but lower than version 2.3"). Your composer.lock would store the specific version that's actuall installed (e.g. "version 2.2.4").
Later, if someone got your project files and executed composer install, the lock file would be read so they installed exactly the same files as you did.
(require adds a dependency to your project's composer.json file; install reads your composer.json and composer.lock files and sets up a project from there; there is also a update command that would read only composer.json, download the latest available packages respecting to the version restrictions in each dependency, and update `composer.lock accordingly)
Additionally, composer helps with autoloading, to make the process of actually using the installed libraries easier and faster for developers.
Autoloading is very convenient. Not only you no longer have to add a require someclass.php; statement for each class you want to use, but you also gain the advantage of not having to read these files until they are actually needed.
So not only it simplifies using these new classes, it helps making your application perform better.
For this, inside the vendor directory a file named autoload.php is created. Typically, you need to require this file as the first thing you do on your application entry point.
For example, assuming you have a structure like this:
- project root/
--- composer.json
--- composer.lock
--- vendor/
--- public/
----- index.php
Your index.php file should read:
// public/index.php
<?php
require('../vendor/autoload.php');
This would allow you to use any installed library normally. In the case of the tool you want to install:
// public/index.php
<?php
require('../vendor/autoload.php');
$a = [
'foo' => 'bar',
'baz' => [1, 2, 3],
'xxx' = false
];
krumo($a);
As a side note, that library seems to be quite old. I'd try to get something a bit newer. I'd recommend Symfony's VarDump component.
And no, it is not a particularly friendly "newbie" tool. It helps dealing with a lot of things, but it's mostly aimed to slightly more advanced users, since it helps solving issues that aren't so significant in starter/very simple projects.
