Composer Update vs. Composer Install: Which One Should You Choose?
As a developer, we regularly run these commands. Most of the time with our Laravel projects or any other PHP framework. During the composer Install command, we often get this suggestion in the terminal to run composer update instead of composer install and we run it without thinking about its benefits and drawbacks. It will be better if we know what we are going to do before running these commands.
The main difference between composer update and composer install
If we simply answer this question then the composer install command is used to install the project dependencies with the exact version as mentioned in composer.lock file, and composer update command is used when we want to update our project dependencies to their latest version. It will download the latest version of the dependency as mentioned in the composer.json file.
How do these commands work?
As you may know, that composer have two files in our projects composer.json and composer.lock. These two files are used during the composer install and composer update commands.
Composer.json
composer.json file is used to specify our project dependencies. In a fresh PHP project, you can create this file by yourself and specify the dependencies. If you run the composer install command after that it will download the dependencies and create a composer.lock file.
Composer.lock
composer.lock file is created and updated by the composer itself when we run the composer install or composer update commands. As the lock in file name specifies that this file has lock on it for dependencies version and it is used the download exact version of the dependency by composer install command.
Which file is used when?
In simple words composer.json file is used by composer update command and composer.lock is used by the composer install command. But if there is no composer.lock file then composer.install will use composer.json file to download packages.
Let\’s assume we have a fresh PHP project with no composer.lock file and we created a compose.json file in it. After that let\’s require a package/packages in it.
\"require\": {
\"fideloper/proxy\": \"1.0.*\"
}This will download the latest version of the package between 1.0 to 1.1.
If we run composer install command here and because there is no composer.lock file, composer.json file is used by composer install and the latest version of the package will get installed in the vendor folder. Composer update will also do the same thing in this case. Let’s assume we have installed the 1.0.5 version.
Now we have composer.lock file in our project and dependency in it with version 1.0.5 Now if we delete the vendor folder and try to download the dependencies again with composer install command then composer install command will use the composer.lock file and download the dependencies with the exact version as mentioned in the composer.lock file.
But if we run composer update command then it will not use the composer.lock file but the composer.json file. It will find the latest version of the dependencies and install them in the project.
Steps taken by theses commands
composer install
- Find the composer.lock file
- If not found composer.json file is used and the latest versions of the dependencies are installed.
- If found, Read the lock file and install the dependencies mentioned in the file with the exact verion.
composer update
- Read the composer.json file
- Remove packages that are not required now.
- Find the latest versions of the required dependencies.
- Install the latest versions of the dependencies.
- Update the
composer.lockfile.
When to use composer install and composer update
Composer Update is mostly used in the development environment to update the latest versions of the dependencies. We should not run this command without understanding the effect because it will download the latest versions of the dependencies and they may have breaking changes in them which can cause our project to break too.
Composer Install is used on production servers and during the first time setup of an existing project on our local machine to download the exact supported versions of dependencies.
Conclusion
In conclusion, we can say that composer update uses the composer.json file and download the latest versions of the dependencies in our project. But the composer install command uses the composer.lock file and download the exact versions of the dependencies mentioned in the file.
Hope this article helped you to learn some new things. Please share your thoughts and suggestions in the comment or email us at support@ExpandableTechnologies.com.
