Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • Thanks for your suggestions. I agree with your advice about not using composer on a production server. The reason I am is because having cloned my repository onto my server it was missing a number of packages. I'm not quite sure why all the packages weren't synced when I commit/push from my mac but that would also be a good one to solve. I'm trying to move away from ftping stuff and just pushing and pulling from github instead. Commented Mar 31, 2014 at 7:56
  • The most obvious reason would be that you are supposed to not commit the vendor folder into your repository (include it in .gitignore), but only the composer.lock file. That way you avoid issues with cloned packages' repositories that would act as git submodules (I've been told submodules are more of a pain than a solution) when committed. So the necessary workflow is: Commit composer.lock, push the code to production, and then run composer install there. Btw, syncing isn't that bad, but YMMV. Commented Mar 31, 2014 at 10:25
  • OK thanks. Looks like the version of way/generators in my .lock file no longer satisfies composer. I've changed the version to '*' and the install works. I will follow your advice of gitignoring the vendors folder and having a lock file that works. I guess it's when a vendor changes their versions it can mess with composer installs, even if you use a lock file that previously worked. Commented Mar 31, 2014 at 10:32
  • No, actually the lock file should work every time. Because you can only create a new version if the dependencies didn't conflict. And you will only create a new version of the lock file if you either composer update everything, a single package, or add a new package with composer require. If this works flawlessly, you should be able to install afterwards on every other machine - provided that the repositories didn't vanish! (So if somebody deletes his Github repo, the install will likely fail if Composer does not have a cached copy available). Commented Mar 31, 2014 at 18:02