Laravel Packages In Production

- 1 answer

I want to make sure if my understanding is correct. When developing locally, from the CLI, I use Composer to bring in packages to use for my app. These packages are then put in my "vendor" directory.

Now, the vendor directory is included in my gitignore file so that won't be pushed to version control. However, when I deploy my app to production, since those vendor packages were not version controlled, in my CLI (while SSH'd into my server) I need to run composer update. This will grab all the dependencies from my composer.lock file and install them all on my server.

Consequently, when developing locally, if I pull in a new package, I'd have to run another composer update on the server to get that new package for production.

Please let me know if my understanding of this is correct. Thanks!



You probably don't want to be running composer update on production. You would want to run composer install.

With composer update you have the possibility of upgrading packages you are using to versions you haven't tested them on. If you need to update your dependencies you can do that from local and the composer.lock file will get updated. With the lock file committed, on the server running composer install will install the packages to match the versions in the lock file to keep everything consistent in your environments.