What is the difference between composer install and composer update?

You have answer on this post

http://stackoverflow.com/a/33052243

And you should never run composer update in production.

And you should never run composer update in production.

Actually you should, but should also run this song in the background while you do it ☺

And you should never run composer update in production.

Why ?

@tomo_pongrac thanks

Why ?

Because then your production site may be using different (newer) packages than your development site. The newer packages may break something.

Instead, run composer update in development and run your tests. Then, when you run composer install in production, you know your production site will be getting the exact same set of packages that you tested with your development site.

On a related note, never run your test suite in production.

Because then your production site may be using different (newer) packages than your development site. The newer packages may break something.

In this case I can understand but for casual update it's ok.

@MikeHopley That assumes you've got a separate code base for development. For simple sites I think this is fine (like upgrading WP on the fly). Always do a backup though.

Composer install will install the packages from your composer.lock file Composer update will update/install the packages based on your composer.json file