Disclaimer 1:
Certain Composer commands, including exec
, install
, and update
allow third party code to execute on your system. This is from its "plugins" and "scripts" features. Plugins and scripts have full access to the user account which runs Composer. For this reason, it is strongly advised to avoid running Composer as super-user/root.
You can disable plugins and scripts during package installation or updates with the following syntax so only Composer's code, and no third party code, will execute:
composer install --no-plugins --no-scripts ...
composer update --no-plugins --no-scripts ...
The exec
command will always run third party code as the user which runs composer
.
In some cases, like in CI systems or such where you want to install untrusted dependencies, the safest way to do it is to run the above command.
Disclaimer 2:
The purpose of this article is purely informational. We ship composer in an RPM, and generally, Composer is not updated outside of the normal RPM updates. Alternative update methods (as described in this article) are of course possible, but not supported.
Additionally, please bear in mind that we do not directly support Composer:
https://docs.cpanel.net/knowledge-base/web-services/how-to-set-up-php-composer/
Although we do provide Composer, it is usually recommended to download Composer to a local directory and use a local version which would skip over such workarounds required by using a system-level version.
Another point to keep in mind is that only root can update the system-level Composer. Non-root users can update Composer only if they install Composer locally and are not using the system-level, cPanel-provided Composer.
When updating Composer in this way, the first thing to do is to see what version of composer you are currently running on the system. This can be done by running this command:
/opt/cpanel/composer/bin/composer --version
Composer version 1.10.13 2020-09-09 11:46:34
Updating Composer to the latest stable version is quite easy, all you have to do is to use "Composer self-update" command. However, at times when you run this command, you get some errors indicating that some php.ini values need to be modified before the update could complete. If you run into such an issue you can refer to this link to see how to modify the php.ini file and resolve these issues before attempting the update command:
https://docs.cpanel.net/knowledge-base/web-services/how-to-set-up-php-composer/#required-php-directives
After that you can run the update via this command:
/opt/cpanel/composer/bin/composer self-update
Updating to version 1.10.13 (stable channel).
Downloading (100%)
We can run the first command again to confirm Composer has been indeed updated:
/opt/cpanel/composer/bin/composer --version
Composer version 1.10.13 2020-09-09 11:46:34
Additionally, in case you want to roll back to the previous version you can use this command:
/opt/cpanel/composer/bin/composer self-update --rollback
Comments
0 comments
Article is closed for comments.