How to fix Server crashes when running “composer update”

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article. You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

UPDATED: April 14, 2023 | Elijah Were

$5.50 Monthly

4 vCPU Cores | 8GB RAM

$15.50 Monthly

6 vCPU Cores | 16GB RAM

$17.50 Monthly

8 vCPU Cores | 24GB RAM

Composer is a dependency manager for PHP, used to manage the packages and libraries that a PHP project depends on. It allows developers to declare the libraries and packages that their project requires, and manages the installation and update process for those dependencies.

Composer is built on the concept of packages, which are defined in a file called composer.json. This file lists the required dependencies for a project, along with their versions and any other requirements or constraints.

When a developer runs composer install or composer update, Composer reads the composer.json file and downloads the required packages and libraries from the internet, along with any additional packages required by those packages. Composer also generates an autoload.php file, which maps the namespaces used in the project to the files containing the relevant code.

Using Composer can make it much easier to manage dependencies in a PHP project, as it ensures that all required packages are installed and up to date. This can save developers a lot of time and effort, as they no longer need to manually download and manage packages themselves.

Why does the server fail or crash when running composer?

When a server crashes while running composer update, it could be due to a variety of reasons, such as:

Insufficient memory (RAM)

Composer can require a significant amount of memory to download, install and update packages, especially if the project has many dependencies. If your server doesn’t have enough memory, the process can be killed, and the server can crash.

The amount of RAM required to run Composer can vary depending on the size and complexity of the project and its dependencies. However, a recommended minimum amount of RAM for running Composer is 2GB. Running Composer with less than 2GB of RAM can lead to slow performance or even crashes.

Updating multiple dependences

Updating multiple dependencies at once can potentially cause the server to crash if the dependencies have complex interdependencies or if the update process requires a lot of memory.

When updating multiple dependencies, Composer will download and install all updated versions of the dependencies in one go. This can cause a significant amount of memory to be used, especially if the updated versions of the dependencies have new dependencies that also need to be downloaded and installed.

If the server does not have enough memory available to handle the update process, it can cause the server to crash or become unresponsive. Similarly, if the updated versions of the dependencies have complex interdependencies or conflicting requirements, it can cause the update process to fail and potentially cause the server to crash.

To minimize the risk of a server crash when updating multiple dependencies at once, it is recommended to first test the updates on a staging or development environment before deploying them to a production environment. Additionally, it is a good practice to allocate enough memory to the server and to monitor the resource usage during the update process to ensure that there is enough available memory.

PHP version conflicts

The PHP version being used can potentially conflict with Composer and lead to crashes. This is because Composer is written in PHP and requires a specific version of PHP to be installed on the server.

If the server is running an incompatible version of PHP, it can cause Composer to fail or crash. For example, if Composer requires PHP 7.2 or higher, but the server is running PHP 5.6, Composer may not work properly.

Additionally, different versions of PHP may have different dependencies or requirements, which can conflict with the dependencies required by Composer. This can cause issues with the installation or update process and potentially lead to crashes.

To avoid conflicts between PHP and Composer, it is recommended to ensure that the correct version of PHP is installed on the server before installing or updating Composer. You can check the required PHP version for the version of Composer you are using in the Composer documentation.

Why you shouldn’t run “composer update” on a live server?

It’s recommended not to run composer update on a live server because of the following reasons:

Breaking changes

When you run composer update, Composer will update all packages to their latest versions that are compatible with your project. However, these updates can include breaking changes, which means that your codebase might no longer work as expected. This can lead to unexpected behavior, downtime, and even data loss.

Dependency conflicts

Different packages may depend on different versions of the same package. When you run composer update, Composer will attempt to resolve these conflicts, but it may not always be successful. This can cause issues with your application and make it unusable.

Slow performance

Running composer update on a live server can take a long time, especially if you have a lot of dependencies. This can cause your server to become unresponsive and lead to slow performance.

Security risks

Updating packages on a live server can introduce security risks. If you update a package that has a security vulnerability, your server may become vulnerable to attacks. It is important to test updates in a staging environment before deploying them to production.

What is the best way to push composer update to a live server?

Here is the recommended way to run composer update:

Update your dependencies on your local development environment

This will generate a new composer.lock file that contains the updated dependency versions. composer.lock is a file that is generated by Composer during dependency installation. It serves as a record of the exact versions of all dependencies (and their dependencies) that were installed for a particular project at a particular point in time.

When you run composer install or composer update, Composer looks at the composer.json file to determine which dependencies to install or update, respectively. It then generates a composer.lock file that lists the exact versions of all dependencies that were installed, as well as their dependencies.

The composer.lock file ensures that everyone working on the project has the same set of dependencies installed, regardless of when they install them. This helps to prevent dependency conflicts and ensures that the project will work consistently across different environments.

The composer.lock file should be committed to version control along with the composer.json file. When someone clones the project and runs composer install, Composer will read the composer.lock file and install the exact same versions of all dependencies as were installed when the file was generated. This ensures that everyone has the same set of dependencies installed, and helps to prevent issues that can arise from installing different versions of dependencies.

Commit both your composer.json and composer.lock

.You need to first ensure that both composer.json and composer.lock are present in your project directory . You can now initialize your version control system by running the git init command (assuming you are using Git).

Then, create a .gitignore file in the root directory of your project if it doesn’t exist already, and add the following lines to ignore any dependencies that may be installed by Composer:

/vendor

Add composer.json and composer.lock files to your Git repository by running the following commands:

git add composer.json
git add composer.lock

Now, commit changes with a meaningful message using the following command:

git commit -m "Added composer.json and composer.lock files"

Push changes to the live server

After completing these steps, your composer.json and composer.lock files will be included in your version control system, and any changes made to these files will be tracked and committed with the rest of your code.

SSH into your live server and navigate to your project’s root directory. Run the following command to only install the dependencies specified in the composer.lock file.

composer install --no-dev

The --no-dev flag tells Composer to skip installing any development dependencies that are not required for production.

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

Website migration, troubleshooting, and maintenance.
Server & application deployment, scaling, troubleshooting, and maintenance
Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx, OpenVPN, cPanel, WHMCS, WordPress, and more
Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.