When I Almost Broke Up With Composer
I was just that lazy guy who always edited the composer.json and just ran composer update right after that.
Well I always looked at that like: It is always good to update old packages.
What possibly could go wrong?
Everything.
You know, there are those developers cough Laravel cough who ignore semver. That could give you some headaches.
However it wasn’t Laravel. Since it locks itself in with 5.2.* not with 5.* :)
It was a package with 1.4.* and the developer managed to introduce 6 breaking changes and killed the App.
Nevertheless back to composer.
How to use composer
I heard horror stories that a developer instead of composer install he actually did composer update (because that’s the “only command” he used with composer)
The whole dev team was looking into his reported Issue that the app is broken did not start. They went back and forth on the code but couldn’t replicate the bug. After a week of agony someone went thru his bash_history just to find that he used composer update to install the depedencies. As soon as they did the same, found out that a package contained breaking changes (cheers to not following semver!)
So how to use it properly?
Always use:
composer installto install all the depedenciescomposer require vendor/package "1.0.*"to add a packagecomposer require vendor/package "1.0.*"to update that existing packagecomposer require vendor/package "1.1.*"to upgrade that existing packagecomposer remove vendor/package"to remove that single package
This is all you do. Nothing else.
However some lazy developer still has the power to break your code, so always double check. :)
Question to you
Are you using semver?
Why are you or are you not using it?