composer update

作曲家更新

composer updatewill update your depencencies as they are specified in composer.json

composer update将更新您的依赖项，因为它们在 composer.json

For example, if you require this package as a dependency:

例如，如果您需要此包作为依赖项：

"mockery/mockery": "0.9.*",

and you have actually installed the 0.9.1version of the package, running composer updatewill cause an upgrade of this package (for example to 0.9.2, if it's already been released)

并且您实际上已经安装了0.9.1该软件包的版本，运行composer update将导致此软件包升级（例如升级到0.9.2，如果它已经发布）

in detail composer updatewill:

详细composer update将：

• Read composer.json
• Remove installed packages that are no more required in composer.json
• Check the availability of the latest versions of your required packages
• Install the latest versions of your packages
• Update composer.lockto store the installed packages version

• 读 composer.json
• 删除不再需要的已安装包 composer.json
• 检查所需软件包的最新版本的可用性
• 安装最新版本的软件包
• 更新composer.lock以存储已安装的软件包版本

composer install

作曲家安装

composer installwill not update anything; it will just install all the dependencies as specified in the composer.lockfile

composer install不会更新任何东西；它只会安装composer.lock文件中指定的所有依赖项

In detail:

详细：

• Check if composer.lockfile exists (if not, run composer-updateand create it)
• Read composer.lockfile
• Install the packages specified in the composer.lockfile

• 检查composer.lock文件是否存在（如果不存在，运行composer-update并创建它）
• 读取composer.lock文件
• 安装composer.lock文件中指定的包

When to install and when to update

何时安装和何时更新

• composer updateis mostly used in the 'development phase', to upgrade our project packages according to what we have specified in the composer.jsonfile,

• composer installis primarily used in the 'deploying phase' to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.lock file created by composer update.

• composer update主要用于“开发阶段”，根据我们在composer.json文件中指定的内容升级我们的项目包，

• composer install主要用于“部署阶段”，在生产服务器或测试环境上安装我们的应用程序，使用存储在 composer.lock 文件中的相同依赖项，由 composer update 创建。

When you run composer installit will look for a lock file and install whatever is contained in it, if it can't find one, it'll read composer.json, install its dependencies and generate a lockfile.

当您运行时，composer install它会寻找一个锁定文件并安装其中包含的任何内容，如果找不到，它将读取composer.json、安装其依赖项并生成一个锁定文件。

When you run composer updateit simply reads composer.json, installs the dependencies and updates the lockfile (or creates a new lockfile).

当您运行composer update它时，它只是读取composer.json、安装依赖项并更新锁文件（或创建一个新的锁文件）。

composer install

composer install

1. If composer.lockdoes exist.
   • Processes and installs dependencies from the composer.lockfile.
2. If composer.lockdoes notexist.
   • Process package installs from composer.json.
   • Creates the composer.lockfile based on the installed packages.

1. 如果composer.lock确实存在。
   • 从composer.lock文件处理和安装依赖项。
2. 如果composer.lock确实不存在。
   • 进程包从composer.json.
   • composer.lock根据已安装的软件包创建文件。

As per: composer help install:

根据composer help install：：

The install command reads the composer.lockfile from the current directory, processes it, and downloads and installs all the libraries and dependencies outlined in that file. If the file does not exist it will look for composer.jsonand do the same.

install 命令composer.lock从当前目录读取文件，对其进行处理，然后下载并安装该文件中列出的所有库和依赖项。如果该文件不存在，它将查找composer.json并执行相同的操作。

composer update

composer update

1. Processes dependencies from the composer.jsonfile (installs, updates and removes).
2. Creates or updates the composer.lockfile according to the changes.

1. 处理composer.json文件中的依赖项（安装、更新和删除）。
2. composer.lock根据更改创建或更新文件。

As per: composer help update:

根据composer help update：：

The update command reads the composer.jsonfile from the current directory, processes it, and updates, removes or installs all the dependencies.

update 命令composer.json从当前目录读取文件，对其进行处理，然后更新、删除或安装所有依赖项。

See also: Composer: It's All About the Lock File

另请参阅：作曲家：一切都与锁定文件有关

The best difference between composer updateand composer install

composer update和之间的最佳区别composer install

composer install

作曲家安装

To add dependencies you need to add it manually to the composer.json file.

要添加依赖项，您需要手动将其添加到 composer.json 文件中。

If composer.lock file exists, install exactly what's specificated on this file

如果 composer.lock 文件存在，请完全安装此文件中指定的内容

• Otherwise read composer.json file to look out what dependencies needs to be installed
• Write the composer.lock with the information of the project (installed dependencies)

• 否则阅读 composer.json 文件以查看需要安装哪些依赖项
• 用项目的信息（已安装的依赖项）编写composer.lock

Not any component will be updated with this command.

不会使用此命令更新任何组件。

composer update

作曲家更新

To add or remove dependencies you need to add it manually to the composer.json file

要添加或删除依赖项，您需要手动将其添加到 composer.json 文件中

• The composer.lock file will be ignored
• composer.json file dependencies will be installed and updated (if a dependency is not installed it will be downloaded)

• composer.lock 文件将被忽略
• 将安装和更新 composer.json 文件依赖项（如果未安装依赖项，它将被下载）

If you can't (or don't know how to add or remove a library which is in fact easy,just add the name of the dependency and version in the require property of the file) modify the composer.json file manually or you prefer use the command line instead, composer has special functions for this :

如果您不能（或不知道如何添加或删除一个库，这实际上很简单，只需在文件的 require 属性中添加依赖项和版本的名称）手动修改 composer.json 文件，或者您更喜欢使用命令行，composer 对此具有特殊功能：

composer require

作曲家要求

For example if we want to add a dependency with the command line we will simply execute

例如，如果我们想使用命令行添加依赖项，我们将简单地执行

composer require twig/twig

composer require twig/twig

• composer.json file will be modified automatically and the new dependency will be added
• the dependency will be downloaded to the project

• composer.json 文件将被自动修改并添加新的依赖项
• 依赖项将被下载到项目中

composer remove

作曲家删除

If you want to remove an unused dependency we will execute simply :

如果您想删除未使用的依赖项，我们将简单地执行：

composer remove twig/twig --update-with-dependencies

composer remove twig/twig --update-with-dependencies

• Twig will be removed with all his dependencies

• Twig 将与他的所有依赖项一起被删除

composer install

作曲家安装

if(composer.lock existed){
   installs dependency with EXACT version in composer.lock file
} else {
   installs dependency with LATEST version in composer.json
   generate the composer.lock file
}

composer update

作曲家更新

composer update = remove composer.lock -> composer install

Why we need 2 commands. I think it can explain by composer.lock.

为什么我们需要 2 个命令。我认为它可以通过composer.lock来解释。

Imagine, we DON'Thave composer.lockand in composer.json, there is a dependency "monolog/monolog": "1.0.*"or "monolog/monolog": "^1.0".
Then, it will have some cases

试想一下，我们不要有composer.lock和composer.json，有一种依赖"monolog/monolog": "1.0.*"或"monolog/monolog": "^1.0"。
那么，就会有一些情况

• We working well today with current dependency version (eg:1.0.0) but a few months later, the dependency update (eg:1.0.1) and it possible have some bug
• Another team member may have a different dependency version if they run composer installin a different time.

• 我们今天使用当前的依赖版本（例如：1.0.0）运行良好，但几个月后，依赖更新（例如：1.0.1）可能有一些错误
• 如果另一个团队成员composer install在不同的时间运行，他们可能有不同的依赖版本。

What if we always use an EXACT version in composer.jsonsuch as "monolog/monolog": "1.0.1"?
We still need composer.lockbecause composer.jsononly track the main version of your dependency, it can not track the version of dependencies of dependency.

如果我们总是用一个确切的版本composer.json，如"monolog/monolog": "1.0.1"？
我们仍然需要，composer.lock因为composer.json只跟踪你的依赖的主版本，它不能跟踪依赖的依赖版本。

What if all dependencies of dependency also use the EXACT version?
Imagine you begin with ALL dependencies which use the EXACT version then you don't care about composer.lock. However, a few months later, you add a new dependency (or update old dependency), and the dependencies of this dependency don't use the EXACT version. Then it's better to care composer.lockat the beginning.

如果所有依赖的依赖也使用 EXACT 版本怎么办？
想象一下，您从使用 EXACT 版本的所有依赖项开始，然后您不关心composer.lock. 但是，几个月后，您添加了一个新的依赖项（或更新了旧的依赖项），而这个依赖项的依赖项并没有使用 EXACT 版本。那么最好composer.lock一开始就关心。

Besides that, there is an advantage of a semantic version over an exact version. We may update the dependency many times during development and library often have some small change such as bug fix. Then it is easier to upgrade dependency which uses semantic version.

除此之外，语义版本优于精确版本。我们在开发过程中可能会多次更新依赖项，并且库经常会有一些小的更改，例如错误修复。然后更容易升级使用语义版本的依赖项。