Can someone tell me if I should regularly be running “composer update”, or only after installations? Is it like apt-get update?
Should it only be run after the upgrade process? I ran it without having done the upgrade and now I am worried I have broken something.
I have read the docs below but I am still not sure what “composer update” does, it clearly installed a bunch of things. I expected to have to issue an explicit upgrade command (my ignorance). Have I broken something?
Personally I think that using composer is simply a suicide that can break everything just with one package it upgrades, Imagine with tens of packages what it can do and the nightmare to get everything to work if yo haven’t taken a full back-up!
So it should only bring in versions that we allow for. No surprises are expected here, although there might be some unexpected things in the middle of so many packages.
You can get precious security updates, which is good.
But this is the “caveat”:
Treat the command “composer install” command as you would treat any other upgrade on your server. Something you need to backup, test, evaluate, etc.
So that connects with what @amariussi was explaining - there is some risk when a package handler is changing your installation.
Because of this, what I would recommend is to run “composer install” when you are about to upgrade SuiteCRM itself, and so you can do both “moves” with a single process, making backups first, deploying, testing, etc. Especially if we’re talking about your production server, of course.