承接 sempia/external-assets 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

sempia/external-assets

Composer 安装命令:

composer require sempia/external-assets

包简介

Composer plugin to download external assets (JS, CSS, fonts, images) for any PHP project

README 文档

README

External Assets is a Composer plugin that allows to download external assets (JS, CSS, fonts, images, etc.) for any PHP project.

PHP projects often need external JavaScript or CSS libraries (jQuery plugins, Mirador, OpenSeadragon, Leaflet, etc.). These assets are typically hosted on CDNs or GitHub releases.

The issue is that composer repositories key is not inherited from dependencies. If your package defines a custom repository for a JS library, composer won't see it when users install your package. This plugin solves the problem by downloading assets defined in extra.external-assets after your package is installed, bypassing the repository inheritance limitation. Assets are downloaded directly from their source URLs.

This is a lightweight solution. For more features, consider civicrm/composer-downloads-plugin, that has more options (variables, ignore patterns, executable flag), or any other similar package of your choice.

Installation

Add to your package composer.json:

{
    "require": {
        "sempia/external-assets": "^1.1"
    }
}

When users install your package via composer, assets are downloaded automatically.

Usage

Define assets in extra.external-assets in your package composer.json:

{
    "extra": {
        "external-assets": {
            "asset/vendor/mirador/": "https://github.com/ProjectMirador/mirador/releases/download/v3.3.0/mirador.zip",
            "asset/vendor/lib/jquery.autocomplete.min.js": "https://cdn.example.com/jquery.autocomplete-1.5.0.min.js"
        }
    }
}

The key is the destination path (relative to your package directory), the value is the source URL.

DestinationURLBehavior
path/to/file.jshttps://.../lib.jsDownload and rename to file.js
path/to/dir/https://.../lib.zipExtract archive into dir/
path/to/dir/https://.../script.jsCopy script.js into dir/

Rules:

  1. File destination (no trailing /): Downloads and saves with the specified filename.

  2. Directory + archive (trailing / + .zip/.tar.gz/.tgz): Extracts the archive. If it contains a single root directory, it is stripped.

  3. Directory + file (trailing / + non-archive URL): Copies the file into the directory, keeping its original name.

Complete example

{
    "name": "your-vendor/your-package",
    "type": "library",
    "require": {
        "sempia/external-assets": "^1.1"
    },
    "autoload": {
        "psr-4": {
            "YourPackage\\": "src/"
        }
    },
    "extra": {
        "external-assets": {
            "asset/vendor/openseadragon/": "https://github.com/openseadragon/openseadragon/releases/download/v4.1.0/openseadragon-bin-4.1.0.zip",
            "asset/vendor/leaflet/": "https://unpkg.com/leaflet@1.9.4/dist/leaflet.zip",
            "asset/vendor/js/helper.min.js": "https://cdn.example.com/helper-2.0.min.js"
        }
    }
}

Cli tool for manual installations

For packages installed via git clone, assets are not downloaded automatically. Use the cli tool:

# From project root directory
php vendor/bin/external-assets /path/to/package

# Force re-download
php vendor/bin/external-assets --force /path/to/package

# Multiple packages
php vendor/bin/external-assets /path/to/package1 /path/to/package2
OptionDescription
--forceRe-download assets even if they already exist
--helpShow usage information

Best practices

  1. Use versioned release URLs instead of main/master branch links.

  2. Always use HTTPS URLs for security.

  3. Organize assets under asset/vendor/ with a consistent structure.

  4. Add downloaded assets to .gitignore:

    /asset/vendor/
    

    The lock file lives in vendor/external-assets.lock.json and is therefore already covered by the usual /vendor/ gitignore.

  5. Test both installation methods: composer require and git clone.

How it works

The plugin subscribes to four composer events:

  • post-package-install and post-package-update: download assets when a package is first installed or updated.

  • post-install-cmd and post-update-cmd: after every composer install or composer update, check for missing assets across all packages (including the root package) and download them. This ensures assets are restored if deleted, and handles the root package whose assets are not covered by per-package events.

For each asset, the plugin downloads the file and either saves it directly, extracts it (for archives), or copies it into the target directory.

Lock file (vendor/external-assets.lock.json)

Since version 1.1, the plugin maintains a vendor/external-assets.lock.json file inside each package, mapping each destination to the URL last installed:

{
    "asset/vendor/openseadragon/": "https://.../openseadragon-bin-4.1.0.zip",
    "asset/vendor/js/helper.min.js": "https://cdn.example.com/helper-2.0.min.js"
}

At every install/update, the plugin compares the URLs declared in composer.json against the URLs stored in the lock:

  • If the asset is present on disk and the URL is unchanged, it is skipped.
  • If the URL changed, the previous content is removed and the asset is re-downloaded.
  • If the asset is missing, it is downloaded.

The lock file represents the local installed state on a given machine, similar to vendor/composer/installed.json for composer. By placing it inside vendor/, the lock is naturally excluded from version control (since vendor/ is universally gitignored). Each machine therefore maintains its own lock, which allows the plugin to correctly detect a stale install on a colleague's machine when only composer.json changes.

Removing entries from composer.json cleans the lock accordingly, but the files already on disk are not removed automatically.

Requirements

RequirementVersion
PHP7.2.5+
Composer2.0+
unzip or ZipArchiveAny
tar or PharDataAny

Development

Running tests

# Unit tests only
vendor/bin/phpunit --exclude-group integration

# All tests (unit + integration)
PROJECT_PATH=/path/to/project vendor/bin/phpunit

The PROJECT_PATH environment variable should point to any valid directory (e.g., the project where the plugin is installed). Integration tests use this path to verify the plugin can be loaded in a real environment.

Warning

Use it at your own risk.

It's always recommended to backup your files and your databases and to check your archives regularly so you can roll back if needed.

Troubleshooting

See online issues on the plugin issues page on GitLab.

Assets not downloading

  • Ensure your package requires sempia/external-assets
  • Verify URLs are accessible: curl -I https://your-url.com/file.js
  • Check that the package directory is writeable

Archive extraction fails

The plugin uses unzip/ZipArchive for .zip and tar/PharData for .tar.gz. Ensure at least one method is available.

Assets outdated

Normally, changing the URL in composer.json is enough: the next install or update detects the URL change against external-assets.lock.json and re-downloads the asset.

For a forced re-download (for example after manual changes on disk), use the cli tool:

php vendor/bin/external-assets --force /path/to/package

Alternatively, composer reinstall <vendor/package> wipes the package directory (including its lock file), which triggers a complete re-download on the next event.

License

This plugin is published under the CeCILL v2.1 license, compatible with GNU/GPL and approved by FSF and OSI.

This software is governed by the CeCILL license under French law and abiding by the rules of distribution of free software. You can use, modify and/ or redistribute the software under the terms of the CeCILL license as circulated by CEA, CNRS and INRIA at the following URL "http://www.cecill.info".

As a counterpart to the access to the source code and rights to copy, modify and redistribute granted by the license, users are provided only with a limited warranty and the software's author, the holder of the economic rights, and the successive licensors have only limited liability.

In this respect, the user's attention is drawn to the risks associated with loading, using, modifying and/or developing or reproducing the software by the user in light of its specific status of free software, that may mean that it is complicated to manipulate, and that also therefore means that it is reserved for developers and experienced professionals having in-depth computer knowledge. Users are therefore encouraged to load and test the software's suitability as regards their requirements in conditions enabling the security of their systems and/or data to be ensured and, more generally, to use and operate it in the same conditions as regards security.

The fact that you are presently reading this means that you have had knowledge of the CeCILL license and that you accept its terms.

Copyright

  • Copyright Daniel Berthereau, 2025-2026 (see Daniel-KM on GitLab)

This plugin was originally designed for Omeka S modules for the digital library Manioc of the Université des Antilles (subvention Agence bibliographique de l’enseignement supérieur Abes).

sempia/external-assets 适用场景与选型建议

sempia/external-assets 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.11k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「assets」 「download」 「external」 「composer-plugin」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 sempia/external-assets 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 sempia/external-assets 我们能提供哪些服务?
定制开发 / 二次开发

基于 sempia/external-assets 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.11k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 29
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: CECILL-2.1
  • 更新时间: 2026-02-04