ran composer update without upgrade - did I break something?

Can someone tell me if I should regularly be running “composer update”, or only after installations? Is it like apt-get update?

Should it only be run after the upgrade process? I ran it without having done the upgrade and now I am worried I have broken something.

I have read the docs below but I am still not sure what “composer update” does, it clearly installed a bunch of things. I expected to have to issue an explicit upgrade command (my ignorance). Have I broken something?


Thank you in advance.

I am still not sure what "composer update" does

So: why did you run it?

Personally I think that using composer is simply a suicide that can break everything just with one package it upgrades, Imagine with tens of packages what it can do and the nightmare to get everything to work if yo haven’t taken a full back-up!

Because I am curious.

Perhaps you can provide some advice on what this does and doesn’t do, and when/why it should be run? Otherwise your reply wasted my time and everyone else who comes along after.

@baconology YOU are wasting everybody’s time!
Instead of being grateful you are even ironic and rude!

If you do something without knowing what you are doing it’s your problem.
You just shouldn’t.

The only thing that I can suggest is to read the Composer documentation as well as of the packages that it touches in SuiteCRM.
Start here: https://getcomposer.org/doc/

PS: if you happen to be on a Jumbo and the door to the cockpit is open: do not touch anything, even if you are curious!

thanks tips, i came here for advice not to be reminded my actions are my responsibility. You actually have no idea what you are talking about and are just creating noise. Thanks for nothing.

Ok guys, lighten up! No need to take any of this personally, I am sure we can talk in peace.

Let me try to shed some light here:

“composer install” will only install software as required by SuiteCRM’s composer.json file, and limited by composer-lock file:

So it should only bring in versions that we allow for. No surprises are expected here, although there might be some unexpected things in the middle of so many packages.

You can get precious security updates, which is good.

But this is the “caveat”:

Treat the command “composer install” command as you would treat any other upgrade on your server. Something you need to backup, test, evaluate, etc.

So that connects with what @amariussi was explaining - there is some risk when a package handler is changing your installation.

Because of this, what I would recommend is to run “composer install” when you are about to upgrade SuiteCRM itself, and so you can do both “moves” with a single process, making backups first, deploying, testing, etc. Especially if we’re talking about your production server, of course.


I just made an important update to my post above.

I didn’t have a correct understanding of composer commands until recently. It seems that “composer update” can take you past supported versions of dependencies, thus breaking your installation.

You should always use “composer install”, even to get upgrades to dependencies, never “composer update”, unless you really know what you’re doing and what your lock file has or should have.