Never run composer update on your server
Povilas Korop recently shared an interesting (yet important) tip regarding sane use of Composer if you’re used to working with Composer on your server.
So, let’s say you need to update Composer packages on your server for some reason, you would make the mistake of running composer update on the server. This will update the composer.lock file with the new packages and you’re left with a dirty repository on your server. And you stuck in this limbo where you might not want to commit the composer.lock file from the server because usually you would often pull the changes on a live server rather than push them.
Apart from this, composer update is a little slow in updating dependencies. So, it might slow down your CI/CD pipelines.
So, the ideal way here would be to run
composer updateon your local machine. This will update thecomposer.lockfile with the new dependencies and you can then push the changes to your server.
You can then run composer install to install the new updates on the server. This will install the Composer dependencies based on the composer.lock file without updating it further. So, you’ll have a clean repository on your server, and on top of this, the dependencies will be installed relatively fast.
Like this article? Consider leaving a
Tip
👋 Hi there! I'm Amit. I write articles about all things web development. You can become a sponsor on my blog to help me continue my writing journey and get your brand in front of thousands of eyes.
