Composer Install vs Composer Update

Favor Oriabure
2 min readAug 11, 2018
Photo by rawpixel on Unsplash

When should we use the composer install or the composer update?

I have done some basic research and found out the following:

The major talking point is actually about composer.lock and composer.json.

Scenario 1: Without composer.lock

The assumption is that you just crafted a fresh PHP project, created a composer.json file and required some packages. For this article, we can assume this:

{
"require": {
"monolog/monolog": "1.0.*"
}
}

Point to note: monolog/monolog:1.0.* means get the latest monolog release that is between 1.0 and 1.1. In this case, i get 1.0.2.

On the composer install command, because there is no composer.lock file yet, composer uses the composer.json file and installs the monolog package(creates a vendor folder with the package installed). Simple right?composer update actually does the same thing in this scenario.

Scenario 2: With composer.lock

The assumption is that there is already a project on ground and composer install or update has been run one or more times.

Running the composer install uses the composer.lock file, which now has the “lock” on all packages you have installed on the project. The advantage of this is that, 3months down the line, if this project is picked up by anyone and composer install is run, you can be sure that no dependency will break., because the versions have been locked to what you have in the composer.lock file.

Another advantage is that say you are in a team of 6, with composer install we can be sure that every one has the same version/release of each package at any given period of time until composer update is run.

In the case of composer update, it does not use the lock file, instead it uses the composer.json file and updates the packages(if updates have been released in the last 3 months). Which gives us one problem, what if a package has broken code in its latest release?

There are definitely use cases for both, and we should know what to apply to our different cases.

References

https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies

--

--