PHP Composer Dependency Manager Difference between 'composer install' and 'composer update'


composer update

composer update will update our dependencies as they are specified in composer.json.

For example, if our project uses this configuration:

"require": {
    "laravelcollective/html": "2.0.*"

Supposing we have actually installed the 2.0.1 version of the package, running composer update will cause an upgrade of this package (for example to 2.0.2, if it has already been released).

In detail composer update will:

  • Read composer.json
  • Remove installed packages that are no more required in composer.json
  • Check the availability of the latest versions of our required packages
  • Install the latest versions of our packages
  • Update composer.lock to store the installed packages version

composer install

composer install will install all of the dependencies as specified in the composer.lock file at the version specified (locked), without updating anything.

In detail:

  • Read composer.lock file
  • Install the packages specified in the composer.lock file

When to install and when to update

  • composer update is mostly used in the 'development' phase, to upgrade our project packages.

  • composer install is primarily used in the 'deploying phase' to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.lock file created by composer update.