0

We've just had an issue where I work, and someone launched the composer update command on a production environment, thus causing some problems.

Is there a way to prevent any composer update and allow only composer install on a specific environment ?

Marc Brillault
  • 1,902
  • 4
  • 21
  • 41
  • I suggest to revoke access to production server for that person - an unqualified person running random commands on the server can do far more damage than running `composer update`. Even `composer install` will install dev dependencies (it may create security issues) and you will not even notice it. – rob006 Feb 07 '19 at 18:24
  • 1
    Alternatively you may create foolproof command for deployment, so nobody will be able to break anything by accident: https://stackoverflow.com/a/50776625/5812455 . If you hide `composer` binary under some unexpected name, it may be safe enough. – rob006 Feb 07 '19 at 18:26
  • @rob006, that's a nice one, thanks ! – Marc Brillault Feb 09 '19 at 12:39

0 Answers0