I don't want to automatically pull the latest version. I would only use this after I studied the code and made sure it is not doing anything harmful. That's why this has to be as simple as possible.
> I don't want to automatically pull the latest version.
You don't have to. Composer allows you to pick a particular package version if you like, and it's only going to fetch a more recent version if your composer.json permits it and if you explicitly run composer update.
You don't have to. Composer allows you to pick a particular package version if you like, and it's only going to fetch a more recent version if your composer.json permits it and if you explicitly run composer update.