Knowledge easily ignored by composer

Time:2020-2-26

1. Composer version No. ~ ^*
(1) Package version:*

{

"require": {
    "monolog/monolog": "1.0.*"
}

}

1.0. * this means that any development branch that starts with 1.0 will match 1.0.0, 1.0.2, or 1.0.20.

(2) Package version:~

~1.2 is equivalent to > = 1.2, < 2.0, i.e. version 1, matching the first 1 bit 1
~1.2 only means that. 2 part can be changed, but 1. Part is fixed.

(3) Package version:^

^1.2.3 is equivalent to > = 1.2.3 < 1.3, i.e. matching the first two bits 1.2

2.composer install

(1) If the composer.lock already exists, read the compiler.lock download dependency.

(2) If there is no composer.lock file, read the composer.json file, handle the dependency, and install it in the vendor directory.

That is to say, if you have a composer.lock locally, you can ensure that no matter how long it has passed, you can pull the same dependency.
As like as two peas, what you should do is to put composer.lock in the GIT repository, so that everyone in your project, every computer, whatever system can pull the same dependency to reduce potential dependency on deployment.

3.composer update

Read the dependency specified in composer.json, put the pull dependency into the vendor directory, and write the exact version number of all pull dependencies into the composer.lock file.

(1) So when do I need to use composer update?
For example, when a new version of an extension has new functions that we need, we need to update the extension. When we update, we specify the specific update extension, such as composer update package, rather than directly composer update. Because after the direct composer update, all extensions will be updated, which is very risky.

4. summary:

(1) Composer update is updated according to composer.json, and the extended version number is written to composer.lock.
(2) Composer install is updated according to composer.lock
(3) Use less composer update in the development process, and use composer install
(4) If you add a new package, you can use: composer require “package name: version No.”