Use composer update with caution!

The following tutorial column of composer will introduce to you the issues about using composer update with caution. I hope it will be helpful to friends in need!

Problem Description

We often need to add extension packages to existing projects , sometimes due to incorrect guidance in the document, as the following picture comes from this document:

composer update This command may cause great harm to the project in our current logic.

Because the logic of composer update is to update all expansion packages to the latest version according to the expansion package version rules specified by composer.json. Note, it is all expansion packages. For example, when you start the project Monolog was used. The configuration information at that time was

"monolog/monolog": "1.*",

. The monolog 1.1 version was installed. But now, more than a month later, monolog is already 1.2. After running the command, it is directly updated to 1.2. At this time, the project does not After testing against 1.2, the project suddenly became very unstable. The situation is sometimes worse than this, especially in a huge project where you have not written complete coverage tests for the project. Something broke for you. Do not know at all.

Which command should be used? install, update or require?

Next we will explain one by one.

Simple explanation

composer install - 如有 composer.lock 文件，直接安装，否则从 composer.json 安装最新扩展包和依赖；
composer update - 从 composer.json 安装最新扩展包和依赖；
composer update vendor/package - 从 composer.json 或者对应包的配置，并更新到最新；
composer require new/package - 添加安装 new/package, 可以指定版本，如： composer require new/package ~2.5.

Process

Let’s introduce a few Daily production process to facilitate and deepen everyone’s understanding.

Process 1: New project process
Create composer.json and add the extension package it depends on;
Run composer install, install the extension package and generate composer.lock;
Submit composer. lock to the code version controller, such as: git;

Process 2: Project collaborators install existing projects
After cloning the project, run composer install directly in the root directory to install the specified version from composer.lock The extension package and its dependencies;

This process is suitable for the deployment of production environment code.

Process 3: Add a new extension package to the project

Use composer require vendor/package to add the extension package;
Submit the updated composer.json and composer.lock to the code In the version controller, such as: git;

About the composer.lock Use composer update with caution!

The composer.lock Use composer update with caution! stores the dependencies of each code The version record (see figure below) is submitted to the version controller and used in conjunction with composer install to ensure the consistency of the code versions running in the development environment and online production environment of all collaborators in the team.

关于扩展包的安装方法

那么，准备添加一个扩展包，install, update, require 三个命令都可以用来安装扩展包，选择哪一个才是正确的呢？

答案是：使用 composer require 命令

另外，在手动修改 composer.json 添加扩展包后，composer update new/package 进行指定扩展包更新的方式，也可以正确的安装，不过不建议使用这种方法，因为，一旦你忘记敲定后面的扩展包名，就会进入万劫不复的状态，别给自己留坑呀。

上面的概念不论对新手或者老手来说，都比较混淆，主要记住这个概念：

原有项目新添加扩展的，都使用 composer require new/package 这种方式来安装。

需要加版本的话

composer require "foo/bar:1.0.0"

更新指定扩展到指定版本

有时候你之前使用过的扩展包，加入了新功能，你想更新单独这个扩展包到指定版本，也可以使用 require 来操作。

如下面例子，需要更新 “sami/sami”: “3.0.” 到 “sami/sami”: “3.2.” 

命令行运行： 
 

The above is the detailed content of Use composer update with caution!. For more information, please follow other related articles on the PHP Chinese website!