Are Composer issues causing headaches in your Drupal projects? Discover the top 10 real-world Composer mistakes and how to fix them, so you can build cleaner, safer, and more maintainable Drupal sites.

Prerequisite
Participants should have a basic understanding of Drupal site development, Composer usage (composer.json, composer.lock, vendor/ directory), and PHP package management concepts. Familiarity with Drupal Composer-based workflows will help maximize the value of this session.

Outline
This session explores the top 10 most common Composer-related problems found across hundreds of Drupal sites. Attendees will see real examples of mistakes — from improper dependency management, cluttered composer.json files, accidental inclusion of development tools in production, to security risks like exposing the vendor/ directory publicly.
We’ll discuss why these issues happen, how they impact Drupal projects over time, and clear, practical solutions to prevent them. Emphasis will be placed on best practices for clean dependency management, securing the project structure, and understanding how Composer truly works in a Drupal context.
Attendees will walk away with actionable strategies to maintain a healthier Composer workflow and avoid common pitfalls that can cause long-term problems in their Drupal projects.

Learning Objectives
- Recognize the most common Composer mistakes that developers make in Drupal projects.
- Understand the long-term risks of unmanaged or bloated composer.json files.
- Learn how to properly separate development tools from production code using require-dev.
- Apply best practices for securing the vendor/ directory and the project structure.
- Gain practical skills to debug, clean up, and maintain a healthy Composer setup in any Drupal project.

Experience level
Intermediate