I came across a magento 2.3 project and I saw an intentional commit upon ./vendor also sometimes I saw manually editing code upon it.
This was an intentional action and not due to lack of knowledge. And the reason why is because composer may download breaking dependencies or may cause unstability because the versions are not too concrete. Therefore the latest subversions is installed upon composer install.
Furthermore, according to ma coleagues, any instability with vendor causes many manhours for debugging. As a result upon initial composer install they commit the ./vendor.
Is this also a practice you follow? Do you have an alternative approach? Is there a way to cement the installed versions regardless what dependencie's composer.json says?
Top comments (4)
Nope, never...
I write own magento modules for our company - each one with an own github repository. I add the repository to the composer file, along with the module.
In principle, I only push the composer.lock and the composer.json to our magento repository. Everything else gets downloaded by composer that way.
If I need to change code from another vendor, I add it by a patch and add the patch file(s) to our repo.
I think, thats a very clean way of implementation.
Why end up with bad codebase?????
With the way I am approaching it?
Well i found it like this and is not up to my hand some stuff.