Get "PHP 8 in a Nuthshell" (Now comes with PHP 8.3)
Amit Merchant

Amit Merchant

A blog on PHP, JavaScript, and more

Never run composer update on your server

Povilas Korop recently shared an interesting (yet important) tip regarding sane use of Composer if you’re used to working with Composer on your server.

So, let’s say you need to update Composer packages on your server for some reason, you would make the mistake of running composer update on the server. This will update the composer.lock file with the new packages and you’re left with a dirty repository on your server. And you stuck in this limbo where you might not want to commit the composer.lock file from the server because usually you would often pull the changes on a live server rather than push them.

Apart from this, composer update is a little slow in updating dependencies. So, it might slow down your CI/CD pipelines.

So, the ideal way here would be to run composer update on your local machine. This will update the composer.lock file with the new dependencies and you can then push the changes to your server.

You can then run composer install to install the new updates on the server. This will install the Composer dependencies based on the composer.lock file without updating it further. So, you’ll have a clean repository on your server, and on top of this, the dependencies will be installed relatively fast.

Learn the fundamentals of PHP 8 (including 8.1, 8.2, and 8.3), the latest version of PHP, and how to use it today with my new book PHP 8 in a Nutshell. It's a no-fluff and easy-to-digest guide to the latest features and nitty-gritty details of PHP 8. So, if you're looking for a quick and easy way to PHP 8, this is the book for you.

Like this article? Consider leaving a


👋 Hi there! I'm Amit. I write articles about all things web development. You can become a sponsor on my blog to help me continue my writing journey and get your brand in front of thousands of eyes.