Good content takes time and effort to come up with.
Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.
composer.json v/s composer.lock
07th May 2020
3 mins read
Share On
In this article, you will learn what is the difference between the following
- composer.json v/s composer.lock
- Composer Install & Composer Update
- Tip while using composer
Prerequisites
You need to have composer installed on your computer or server.
Even if you don't have any knowledge of the composer that's totally fine. I have written a detailed article for it here What Is Composer? How Does It Work? Useful Composer Commands And Usage.
composer.json v/s composer.lock
Composer Update ( Refers composer.json file )
When you do composer update it will check for the composer.json file and updates all the packages/libraries that are listed in it & once the packages are updated it will rewrite new updates in composer.json & composer.lock file by deleting old package updates.
Basically, the following process takes place
- Read composer.json
- Remove installed packages that are not required in composer.json
- Check latest versions of required packages in composer.json from https://packagist.org
- Install the latest versions of your packages
- Update composer.lock with installed packages version & even update composer.json file with it
- composer install
Eg: Let's take an example of this, in your composer.json file you may have this
"require": {
"guzzlehttp/guzzle": "^6.3",
}
Think that you have installed the guzzle package for CURL requests 2 months back in your project with the version was 6.3.0.
When you do a composer update composer will go and check in its repositories if any new update available for the guzzle package. If any new update like 6.3.2 then it will go ahead and update the package to 6.3.2.
Along with updating the package, it will also update the composer.json and composer.lock file.
Composer Install ( Uses composer.lock file)
When you do composer install it will check for composer.lock file and install all the packages/libraries that are listed in composer.lock file.
This command won't update anything like composer update.
Basically, the following process takes place
1) composer.lock file
- If it does not exists then run composer-update and create it
- If exists then read composer.lock file for installation of packages
2) Install the packages specified in the composer.lock file
Composer Install & Composer Update
Composer Install (Production, Development & Testing)
Use this command in any of the product stages ie Production, Development & Testing. As this won't have any effect on the composer.json & composer.lock file.
Composer Update (Development & Testing)
Use this command in the Development & Testing stages of your product only. This will update the composer.json & composer.lock files.
Be very cautious with this command
Tip While Using Composer
A few of the tips I would like to give you guys from my experiences are as follows
1) Add vendor folder in .gitignore
Yes! You saw it right. Make sure to put the vendor in .gitignore file if using GIT else similar file with other version control. When you use version control make sure to only commit composer.json & composer.lock file.
If any of your colleagues need to use this vendor folder then let them run composer install or composer update as per needs
2) Commit composer.lock file to production
Don't neglect the composer.lock while committing your code to production. Because in production you will be doing composer install if it doesn't find a composer.lock then it will update the composer.json file.
Conclusion
Hope this was helpful for you.
Articles For You
Lazy Load Images In Chrome With This Simple Trick
Securely SSH Your Server & Push Files With FileZilla
Simple Way To Create Resourceful API Controller In Laravel
Increase Session Timeout In Laravel
Client-Side Form Validation With Javascript
What Is Method Chaining In PHP?
SQLite Doesn't Support Dropping Foreign Keys in Laravel
Make Laravel Controllers Slim By Skimming Form Validation Request
Generate Fake Data In PHP With Faker
Securely Connect Server MYSQL DB From Sequel Pro / MYSQL Workbench
Upload File From Frontend Server {GuzzleHttp} To REST API Server In PHP {Laravel}
Create Zip File On The Fly With Streaming Download In PHP Laravel
