Composer update this command in our current logic, may cause great harm to the project.
Because the logic of composer update is to update all expansion packages to the latest version according to the expansion package version rules specified by composer.json. Note that all expansion packages. For example, you used monolog at the beginning of the project, and the configuration information at that time was
"monologue/monologue": "1. *",
Monolog 1. 1 version has been installed, and now more than a month has passed. Monolog is 1.2, and it is directly updated to after running the command.
1.2, at this time the project is not aimed at 1.2.
After testing, the project suddenly becomes very unstable, and sometimes the situation is worse than this, especially in a huge project, you didn't write a complete coverage test for the project, and you didn't know what was wrong.
Which command should I use? Installation, update or need?
Next, we will explain them one by one.
A simple explanation
Composer install-if there is a composer.lock file, install it directly; Otherwise, install the latest expansion packs and dependencies from composer.json;
Composer update- installs the latest expansion packs and dependencies from composer.json;
Composer updates the configuration of vendor/package-fromcomposer.json or the corresponding package, and updates it to the latest;
Composer requires new/package-Add and install new/package, and you can specify the version, such as composer require new/package ~2.5.
procedure
Next, we will introduce several daily production processes to help deepen our understanding.
Process 1: new project process
Create composer.json and add dependent expansion packages;
Run composer install, install the expansion pack and generate composer. Lock;
Submit composer.lock to a code version controller, such as git.
Process 2: Project partners install existing projects.
After cloning the project, run composer install directly in the root directory, and install the specified version of the expansion package and its dependencies from composer.lock;
This process is applicable to the deployment of production environment code.
Process 3: Add a new expansion package for the project.
Adding an expansion package using composer requires a vendor/package;
Submit the updated composer.json and composer.lock to a code version controller, such as git.
About composer.lock file
The composer.lock file stores the version records that depend on each code (see the figure below), submits them to the version controller, and uses them together with composer install to ensure the consistency between the development environment of all collaborators in the team and the code versions running in the online production environment.
On the installation method of expansion package
Then, to add an extension package, you can use the three commands of install, update and require to install the extension package. Which is the right choice?
The answer is: use the composer require command.
In addition, composer update new/package can be installed correctly after manually modifying composer.json to add an expansion package, but this method is not recommended, because once you forget to finalize the name of the later expansion package, you will enter a state of perdition, so don't leave a hole for yourself.
The above concepts, whether novice or veteran, are very confused. Remember this concept:
The extensions added in the original project are all installed in the way of composer require new/package.
It's done.