In this article you will learn what is the difference between composer install & composer update.

  1. composer.json v/s composer.lock
  2. Composer Install & Composer Update
  3. Tip while using composer

Prerequisites

You need to have composer installed in your computer or server.

Even if you don’t have any knowledge on the composer thats totally fine. I have written an details article for it here What Is Composer? How Does It Work? Useful Composer Commands And Usage.


composer.json v/s composer.lock

Composer Update ( Refers composer.json file )

When you do **composer update** it will check for composer.json file and updates all the packages/libraries that are listed in it & once the packages are updated it will rewrite new updates in **composer.json** & **composer.lock** file by deleting old package updates.

Basically the following process

  1. Read composer.json
  2. Remove installed packages that are not required in composer.json
  3. Check latest versions of required packages in composer.json from https://packagist.org
  4. Install the latest versions of your packages
  5. Update composer.lock with installed packages version & even update composer.json file with it
  6. composer install

Eg: Lets take an example of this, in your composer.json file you may have this

"require": {
    "guzzlehttp/guzzle": "^6.3",
}

Think that you have installed guzzle package for CURL requests 2 months back in your project with version was 6.3.0.

When you do composer update composer will go and check in its repositories if any new update available for the guzzle package. If any new update like 6.3.2 then it will go ahead and update the package to 6.3.2.

Along with updating the package it will also update the composer.json and composer.lock file.


Composer Install ( Uses composer.lock file)

When you do **composer install** it will check for **composer.lock** file and install all the packages/libraries that are listed in **composer.lock** file.

This command won’t update anything like composer update.

  1. composer.lock file
  2. If it does not exists then run composer-update and create it
  3. If exists then read composer.lock file for installation fo packages
  4. Install the packages specified in the composer.lock file

Composer Install & Composer Update

Composer Install (Production, Development & Testing)

Use this command in any of the product stages ie Production, Development & Testing. As this wont have any affect on the composer.json & composer.lock file.


Composer Update (Development & Testing)

Use this command in **Development & Testing **stages of your product only. As this will update the composer.json & composer.lock files.

Be very cautious with this command


Tip While Using Composer

Few of the tips I would like to give you guys from my experiences are as follows

1) Add **vendor** folder in .gitignore

Yes! You saw it right. Make sure to put vendor in .gitignore file if using GIT else similar file with other version control. When you use version control make sure to only commit composer.json & composer.lock file.

If any of your colleagues needs to use this vendor folder then let them run composer install or composer update as per needs

  1. Commit composer.lock file to production

Don’t neglect composer.lock while committing your code to production. Because in production you will be doing composer install, if it doesn’t find composer.lock then it will update the composer.json file.


Conclusion

Hope this was helpful for you.

WHATS NEXT?

You might be interest to learn more on composer please find my whole article on it

How To Install Packages Parallel For Faster Development In Composer

What Is Composer? How Does It Work? Useful Composer Commands And Usage

Happy Coding :)

#json #composer #stackcoder

composer.json v/s composer.lock
16.50 GEEK