Composer Install vs Composer Update
When should we use the composer install
or the composer update
?
I have done some basic research and found out the following:
The major talking point is actually about composer.lock
and composer.json
.
Scenario 1: Without composer.lock
The assumption is that you just crafted a fresh PHP project, created a composer.json
file and required some packages. For this article, we can assume this:
{
"require": {
"monolog/monolog": "1.0.*"
}
}
Point to note:
monolog/monolog:1.0.*
means get the latest monolog release that is between1.0
and1.1
. In this case, i get1.0.2
.
On the composer install
command, because there is no composer.lock
file yet, composer uses the composer.json
file and installs the monolog package(creates a vendor folder with the package installed). Simple right?composer update
actually does the same thing in this scenario.
Scenario 2: With composer.lock
The assumption is that there is already a project on ground and composer install or update
has been run one or more times.
Running the composer install
uses the composer.lock
file, which now has the “lock” on all packages you have installed on the project. The advantage of this is that, 3months down the line, if this project is picked up by anyone and composer install
is run, you can be sure that no dependency will break., because the versions have been locked
to what you have in the composer.lock
file.
Another advantage is that say you are in a team of 6, with composer install
we can be sure that every one has the same version/release of each package at any given period of time until composer update
is run.
In the case of composer update
, it does not use the lock file, instead it uses the composer.json
file and updates the packages(if updates have been released in the last 3 months). Which gives us one problem, what if a package has broken code in its latest release?
There are definitely use cases for both, and we should know what to apply to our different cases.
References
https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies