Currently I am developing a small headless CMS. If anyone wants to use it he should just copy the root folder of my CMS and put it into his public_html folder. So for any requests to the CMS the URL looks like this:
example.com/my-cms-name/subfolder/...
To better organize third-party libraries I decided to use composer. But now I have the composer.json file and the vendor file in my CMS folder which is going to be in the public_html folder. So everything from composer will be available for everybody which is obviously not a good practice.
How can I overcome this problem? Should I do all composer things separately in a different folder? But then the user of my CMS has to include multiple folders into multiple directories which makes everything more complicated...
I agree to Half Crazed. Probably people will have to upload your CMS files via FTP anyway and set a root path. So you might as well divide your scripts in private and public ones. So a directory structure like this might be a good idea.
-config
-public_html (root path that people must point their domain to)
-css
-javascript
-images
-index.php
-.htaccess (optional)
-src (where your namespaced script should reside )
--MyApp
-vendor
-composer.json
-composer.lock
Update composer.json and add your own src, run update command. Then include the vendor autoload.php in your index.php and go the router/controller way.