By default Composer installs all package files under the vendor directory. If you want to install asset files in the Web document root directory, you need to resort to another solution. This Asset Manager package is a plugin that extends Composer to install any package files outside the vendor directory. Additionally, it can also read the user names and passwords from a configuration file, so you do not have to enter them every time Composer retrieves packages from repositories that may require authentication, like PHP Classes and JS Classes.
Using an asset manager plugin for Composer, he shows how to include an "extra" section into your "composer.json" for the other files. There's also an example of how to implement a custom installation action that, in this case, was used to implement the "extras" functionality. The post finishes up with a look at handling authentication in the Composer requests, using the same tool to parse a "config" section with Basic HTTP authentication information.