0

I want to install zizaco/entrust package in laravel 5.8, in their github page it was said to include "zizaco/entrust": "5.2.x-dev" in composer.json file and run composer update command. I did so as below and ran composer update command.

"require" : {
        "php" : "^7.1.3",
        "fideloper/proxy" : "^4.0",
        "laravel/framework" : "5.8.*",
        "laravel/tinker" : "^1.0",
        "laravel/ui" : "^1.2",
        "maatwebsite/excel" : "^3.1",
        "zizaco/entrust" : "5.2.x-dev"
    },

but composer update command updates all packages to latest versions (these packages i included in "require" field as above) when installing zizaco/entrust package. So is if there are some coding faults in latest updated packages then whole site can break. FYI after i run the above command i see local git showing changes in many files in folders under vendor folder, it means that there are some updates in packages right?. so it's recommended that composer install command should be run so that those dependency packages will not be updated to latest versions.

So, in my case after including "zizaco/entrust": "5.2.x-dev" in require field in composer.json as above, if i run composer install then it don't install zizaco/entrust package. Furthermore, if i run composer require zizaco/entrust 5.2.x-dev then it still installs latest versions of dependency packages.

So how do i prevent installing latest versions of dependency packages i included in "require" field in composer.json file and i only install zizaco/entrust package.

So that my laravel 5.8 site don't break for updating any packages to latest versions because of malfunction codes or whatever in latest versions. It's very important to handle this scenario because we need to install packages in laravel site for various needs.

dev_hero
  • 19
  • 1
  • 11
  • I would not use this package, it has been abandoned. I would use [spatie/permission](https://github.com/spatie/laravel-permission) instead. – Remul Jul 10 '20 at 12:01
  • thanks but my question is regarding updating dependencies – dev_hero Jul 10 '20 at 12:06
  • Running `composer require spatie/laravel-permission` should only install the package and not update existing ones. – Remul Jul 10 '20 at 12:09

3 Answers3

1

You've got two options: use composer require to specify the package to install, or manually update your composer.json file and use composer update [package].

Composer Require

composer require zizaco/entrust:5.2.x-dev

This will automatically update your composer.json file and install the specified version. This will not update any of your other dependencies. While the documentation specifies the package and version should be separated by a colon (:), I tested it with a space and it seemed to work.

Composer Update [package]

composer update zizaco/entrust

If you have manually updated your composer.json file, you will need to run composer update and specify the package to update. If you specify a package to update, only that package will be affected. When you don't specify the package to update, composer will look for updates for all packages.

A Note On Composer Install

composer install will not help you here. If you already have a composer.lock file (which you will since you're just attempting to add a new package), composer install will only look at your composer.lock file and attempt to install everything that is defined there. That means, if you manually update your composer.json file, and run composer install, it will not install the new requirement you specified.

Only when you don't already have a composer.lock file will composer install attempt to resolve dependencies and install them.

patricus
  • 59,488
  • 15
  • 143
  • 145
0

Run composer install instead. Alternatively you could use composer require <package name>.

Composer install looks in your composer.lock for exact versions, and only in composer.json for packages that are missing.

Composer update will look in composer.json for version constraint which roughly means "a range of versions". This is why different versions are getting installed.

online Thomas
  • 8,864
  • 6
  • 44
  • 85
0

Step 1: You just need to add your package to the composer.json file and run the command:

composer install

composer install will check for the new package and install that, besides that it will check for any deprecation in other packages.

Step 2:

You can directly run your command in composer

composer require package/name

For example, if I need to install firebase, run below command from the project root:

composer require firebase/php-jwt

Installing new packages from the terminal automatically adds it into the composer.json file and it does not update previously installed packages.

Hope this helps!!

Ankit Jindal
  • 3,672
  • 3
  • 25
  • 37