Managing site dependencies

You can use composer to install new modules and manage site dependencies. Installing a module in this way will also ensure that any other requirements (modules, plugins, libraries) also get installed. When updating modules, if there is a known incompatibility between 2 modules or a bug that will break you site, composer will only install modules that work.

Browse to the docroot folder before running composer commands.

Install a module

composer require drupal/ctools

Update a single module

composer require drupal/ctools

Update all modules and core

composer update

Remove a module inc. dependencies

First make sure you have disabled and uninstalled the module from all copies of the site.
composer remove drupal/ctools --update-with-dependencies

Note: --update-with-dependencies should now be default and may not be required

How to debug an item that won't update or seems locked in place

If you are trying to update a specific module or Drupal core and it does not want to move to the latest version it probably means there is a dependency issue or another requirement is locked.

As an example we recently found core would not update past 8.6.10 although 8.6.12 was available.

We used the following to debug this:
composer prohibits drupal/core:8.6.12

This will output the missing requirements, in this case it was because Twig was locked to a previous version and the newer version was required by 8.6.12.

The output looked like this:

drupal/core                     8.6.12                requires  twig/twig (^1.38.2)  
drupal-composer/drupal-project  dev-leading_together  requires  twig/twig (1.37.1)  

Difference between 'composer install' and 'composer update'

https://riptutorial.com/php/example/7331/difference-between--composer-install--and--composer-update-#:~:text=composer%20update%20is%20mostly%20used,dependencies%20stored%20in%20the%20composer. Example # composer update # composer update will update our dependencies as they are specified in composer.json.

For example, if our project uses this configuration:

"require": { "laravelcollective/html": "2.0.*" } Supposing we have actually installed the 2.0.1 version of the package, running composer update will cause an upgrade of this package (for example to 2.0.2, if it has already been released).

In detail composer update will:

Read composer.json Remove installed packages that are no more required in composer.json Check the availability of the latest versions of our required packages Install the latest versions of our packages Update composer.lock to store the installed packages version composer install # composer install will install all of the dependencies as specified in the composer.lock file at the version specified (locked), without updating anything.

In detail:

Read composer.lock file Install the packages specified in the composer.lock file When to install and when to update # composer update is mostly used in the 'development' phase, to upgrade our project packages.

composer install is primarily used in the 'deploying phase' to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.lock file created by composer update.