composer is a dependency management tool for php. It allows you to declare code libraries that your project depends on and it will install them for you in your project.
However, novices may not know how to "install them".
Some answers on the Internet say composer install, and some say composer update. Both of them seem to be able to successfully download and install dependencies. So what is the difference between them?
Related recommendations: "composer Tutorial"
The first thing to understand is that all dependencies are defined in composer.json , some basic usage and examples are given in the manual. You may have noticed that when specifying a version number, we don't necessarily specify an exact version. Then it may happen that for the same composer.json, the dependency files we pull at different times may be different (because composer will pull the latest dependency when the conditions are met), resulting in some abnormal situation.
composer update and composer install appeared to solve this problem.
When you execute composer update, composer will read the dependencies specified in composer.json, analyze them, and pull the latest version of the dependencies that meet the conditions. Then he will put the pulled dependencies into the vendor directory, and write the precise version numbers of all pulled dependencies into the composer.lock file.
What composer install does is very similar, except for the first step. When you already have a copy of composer.lock locally, it will read your composer.lock instead of composer.json, and use this as a standard to download dependencies. When you don't have composer.lock locally, what it does is actually no different from composer update.
This means that as long as you have a copy of composer.lock locally, you can guarantee that you can pull the same dependencies no matter how long it takes. And if you incorporate it into the version control of your project, then you can ensure that everyone and every computer in your project, no matter what system, can pull the exact same dependencies to reduce potential dependencies. Impact on deployment. Of course, please remember that the command you should use is composer install.
So when should I use composer update? When you modify your dependencies, whether you add a new dependency, modify the dependency version, or delete a dependency, if you execute composer install at this time, there will be no changes, but you You will get a warning message
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
Some people may be curious about how php knows that I have modified the dependency, or composer.lock has expired. It's very simple. If you open composer.lock, you will find a hash field in it, which is the hash value of the corresponding dependency at that time. If the values are inconsistent, you will naturally know that a change has occurred.
At this time, you should update your dependencies through composer update.
If you do not want to affect other installed dependencies and only update the parts you modified, you can determine the scope of update by specifying a whitelist. For example, composer update monolog/monolog will only update monolog/ Monlog is a dependency, and other dependencies will be ignored even if they are updated.
The above is the detailed content of Introduction to composer commands: install and update and their differences. For more information, please follow other related articles on the PHP Chinese website!