How to update a single library with Composer?

Question

I need to install only 1 package for my SF2 distribution (DoctrineFixtures).

When I run

php composer.phar update

I get

  - Updating twig/twig (dev-master 39d94fa => v1.13.0)
    The package has modified files:
    M CHANGELOG
    M doc/filters/batch.test
    M doc/filters/index.rst
    M doc/filters/url_encode.rst
    M doc/functions/index.rst
    M doc/tags/index.rst
    M doc/tests/index.rst
    M lib/Twig/Autoloader.php
    M lib/Twig/Compiler.php
    M lib/Twig/CompilerInterface.php
-10 more files modified, choose "v" to view the full list

It appears the last developer edited a lot of files inside vendor.

In order to get around this, I tried

php composer.phar update <package_name>

But that doesn't seem to work. How can I update/install only one library from composer.json?

Your are using the right command. Can you show us your `composer.json`? — cheesemacfly, May 24 '13 at 17:33
please try with the commands provided in my answer otherwise please provide a description of the error you get ( i.e. composer output if composer is complaining ) — Nicolai Fröhlich, May 24 '13 at 18:02
Your composer.json might refer to an alternate fork of a project. — iconoclast, Jul 09 '14 at 17:44
I updated a specific dependency in my laravel project and specifying the specific component to install explicitly: composer update laravelcollective/html. That seemed to work. — marko, Aug 31 '15 at 17:32

score 733 · Accepted Answer · edited Jan 02 '21 at 03:58

733

To install doctrine/doctrine-fixtures-bundle with version 2.1.* and minimum stability @dev use this:

composer require doctrine/doctrine-fixtures-bundle:2.1.*@dev

then to update only this single package:

composer update doctrine/doctrine-fixtures-bundle

edited Jan 02 '21 at 03:58

TorAmm

21
4

answered May 24 '13 at 17:40

Nicolai Fröhlich

51,330
11
126
130

12

May be helpful: running update/install with -vvv (verbose mode: composer.phar update -vvv package/package) can sometimes be better as occasionally an interactive prompt will appear which may be otherwise hidden – timhc22 Nov 13 '14 at 10:45
always update optimizing ClassMap. "composer update -o" , add "-o" parameter – Muhammed Feb 28 '16 at 22:06
What's the use of the `update` command in this example ? Doesn't the `require` already update/install the package ? When I `update` immediatly after `require`, composer says "Nothing to install or update". – clemlatz Jan 08 '17 at 13:17
`update` appears to do nothing at all. It does *not* upgrade my package to the latest version as specified by my constraint in composer.json. – mpen Nov 27 '17 at 18:22
31

> composer.phar update doctrine/doctrine-fixtures-bundle this updates all other packages too ((( – podarok May 22 '18 at 10:38
i get the following message Package "abc/pqr:1.0.5" listed for update is not installed. Ignoring. Loading composer repositories with package information – Gunnrryy Mar 12 '19 at 15:43
1

Does not work, this updates many packages – Black Jul 27 '22 at 13:10
It's worth pointing out that although this updates the specific package as requested - if your composer.lock file has anything set to be removed - these will get uninstalled! :( – UrbanwarfareStudios Jul 19 '23 at 09:24

Yosvel Quintero · Answer 2 · 2022-07-29T07:50:53.210

If you just want to update a few packages and not all, you can list them as such:

php composer.phar update vendor/package:2.* vendor/package2:dev-master

You can also use wildcards to update a bunch of packages at once:

php composer.phar update vendor/*

As commented by @ZeroThe2nd ZSH users may need to wrap their vendor/* in quotation marks:

php composer.phar update "vendor/*"

--prefer-source: Install packages from source when available.
--prefer-dist: Install packages from dist when available.
--ignore-platform-reqs: ignore php, hhvm, lib-* and ext-* requirements and force the installation even if the local machine does not fulfill these. See also the platform config option.
--dry-run: Simulate the command without actually doing anything.
--dev: Install packages listed in require-dev (this is the default behavior).
--no-dev: Skip installing packages listed in require-dev. The autoloader generation skips the autoload-dev rules.
--no-autoloader: Skips autoloader generation.
--no-scripts: Skips execution of scripts defined in composer.json.
--no-plugins: Disables plugins.
--no-progress: Removes the progress display that can mess with some terminals or scripts which don't handle backspace characters.
--optimize-autoloader (-o): Convert PSR-0/4 autoloading to classmap to get a faster autoloader. This is recommended especially for production, but can take a bit of time to run so it is currently not done by default.
--lock: Only updates the lock file hash to suppress warning about the lock file being out of date.
--with-dependencies: Add also all dependencies of whitelisted packages to the whitelist.
--prefer-stable: Prefer stable versions of dependencies.
--prefer-lowest: Prefer lowest versions of dependencies. Useful for testing minimal versions of requirements, generally used with --prefer-stable.

Please note that ZSH users may need to wrap their `vendor/*` in quotation marks: `composer update "vendor/*"` — ZeroThe2nd, Feb 11 '20 at 08:52

Adam · Answer 3 · 2019-10-09T06:43:34.877

155

Difference between install, update and require

Assume the following scenario:

composer.json

"parsecsv/php-parsecsv": "0.*"

composer.lock file

  "name": "parsecsv/php-parsecsv",
            "version": "0.1.4",

Latest release is 1.1.0. The latest 0.* release is 0.3.2

install: composer install parsecsv/php-parsecsv

This will install version 0.1.4 as specified in the lock file

update: composer update parsecsv/php-parsecsv

This will update the package to 0.3.2. The highest version with respect to your composer.json. The entry in composer.lock will be updated.

require: composer require parsecsv/php-parsecsv

This will update or install the newest version 1.1.0. Your composer.lock file and composer.json file will be updated as well.

edited Oct 09 '19 at 06:43

answered Jan 15 '19 at 10:32

Adam

25,960
22
158
247

awesome, so to refresh one package within the constrained version it's `composer update author/package` and then `composer install author/package` – William Randokun Apr 10 '19 at 12:43
@WilliamRandokun if you have installed it before, then just `composer update package` is enough, no need to call install after it – Adam Apr 10 '19 at 18:03
2

exactly what I am looking for. well explained. `upvoted` – kapitan Oct 09 '19 at 02:20
IMHO this should be the accepted answer as it highlights the upgrade constrains both from `composer.json` and `composer.lock` – confirmator Nov 16 '20 at 19:06
2

tnx. I never knew that `composer require` updates also the package to latest version. – winnie damayo Feb 04 '21 at 04:19
I think this is out of date. It seems to update all packages and did not touch my composer.json file at all. – tremby Nov 28 '22 at 23:09
@tremby no, this is still how composer works. If you run `composer update` it will update all packages, if you run `composer update package` it will just update package. If `composer.json` does not change, it means everything was already up-to-date. – Adam Nov 29 '22 at 03:56
@Adam I looked back in my shell history. `composer update nystudio107/craft-retour` led to 0 installs, 41 updates (including many totally unrelated packages), 0 removals, and the only changed file tracked by git was composer.lock. But: it's likely my vendor directory was not in sync with composer.lock to start with, which would explain it. – tremby Nov 29 '22 at 20:47
And no, I don't think "if composer.json does not change, it means everything was already up-to-date" is correct. For me it updated the package I asked for but it did not change composer.json. The new version was still within the range composer.json specified, but was certainly updated. – tremby Nov 29 '22 at 20:51
@tremby I tried to create a case locally for me, where vendor was not in sync with composer.lock. When I update a single library, then I get first only one update for the package: `Updating dependencies Lock file operations: 0 installs, 1 update, 0 removals ` and after that all other packages in the vendor folder seem to be updated that are out of place `Installing dependencies from lock file (including require-dev) Package operations: 0 installs, 57 updates, 0 removals ` – Adam Nov 30 '22 at 05:12
So for a clean setup, maybe remove your vendor folder and install it using `composer install`. Then update package X will just update the single package. – Adam Nov 30 '22 at 05:14
And the second thing. I meant the `composer.lock`. So assuming your vendor folder aligns with `composer.lock`, and after a paclage update `composer.lock` is not changed, then no update took place. – Adam Nov 30 '22 at 05:15

score 24 · Answer 4 · answered Oct 16 '19 at 11:06

24

You can use the following command to update any module with its dependencies

composer update vendor-name/module-name --with-dependencies

answered Oct 16 '19 at 11:06

Wolfack

2,667
1
26
50

score 19 · Answer 5 · answered Jul 25 '15 at 04:22

You can basically do following one to install new package as well.

php composer.phar require

then terminal will ask you to enter the name of the package for searching.

$ Search for a package []: //Your package name here

Then terminal will ask the version of the package (If you would like to have the latest version just leave it blank)

$ Enter the version constraint to require (or leave blank to use the latest version) []: //your version number here

Then you just press the return key. Terminal will ask for another package, if you dont want to install another one just press the return key and you will be done.

Mostafa · Answer 6 · 2022-07-28T16:01:08.133

14

Just use

composer require {package/packagename}

like

composer require phpmailer/phpmailer

if the package is not in the vendor folder.. composer installs it and if the package exists, composer update package to the latest version.

Update:

require install or update the latest package version. if you want update one package just use update.

edited Jul 28 '22 at 16:01

answered Oct 29 '18 at 11:45

Mostafa

815
1
13
23

That won't work as expected, as it would put the library into `composer.json`. This is not needed for updating a package – Nico Haase Apr 14 '21 at 11:41
Does not work as expected. It also updates / downgrades other packages in the process. – Black Jul 28 '22 at 10:03
@Black `require` install or update the latest package version. if you wanna update one package just use `update`. Answer updated. – Mostafa Jul 28 '22 at 15:59

score 6 · Answer 7 · answered Aug 22 '16 at 09:52

6

To ensure that composer update one package already installed to the last version within the version constraints you've set in composer.json remove the package from vendor and then execute :

php composer.phar update vendor/package

answered Aug 22 '16 at 09:52

Tsounabe

2,109
1
16
25

6

You will find the same suggestion in this post : https://github.com/composer/composer/issues/3112. PS: Down vote without explanation is so easy to do and so useless. – Tsounabe Oct 27 '16 at 13:20

score 5 · Answer 8 · answered Dec 02 '18 at 07:46

5

Because you wanted to install specific package "I need to install only 1 package for my SF2 distribution (DoctrineFixtures)."

php composer.phar require package/package-name:package-version would be enough

answered Dec 02 '18 at 07:46

The Anh

121
1
8

How to update a single library with Composer?

8 Answers8

Difference between install, update and require

Linked

Related