Composer is a dependency manager for PHP and for PHP, which means that we can easily install packages for PHP if we use a project with PHP support; currently, all modern PHP frameworks such as Laravel or CodeIgniter already come with Composer support for free, therefore, the use of this tool is essential.
Composer is a tool that allows you to declare the libraries on which the project depends and the specific versions of these; automatically when doing a composer install or update the dependencies are installed.
In Laravel and any PHP project that uses composer to manage packages, we have two types of files, composer.json and composer.lock and in this post we will see what the difference is between them.
In composer.json you specify which packages should be installed and with what versions, that is, the packages that make up the project are found. For example:
"require": {
"artesaos/seotools": "^1.3",
"laravel/framework": "^11.0",This file is generated by composer and is used by it to download and install the project dependencies in Laravel or another.
In the previous example, we are indicating the Laravel/framework and Artesaos/seotools packages that must be installed with version 1.3 or higher and 11 or higher respectively. If you wanted an exact version, you would remove the ^ character.
In this file you will also find other rules such as name, project description and minimum versions, such as:
"php": "^8.2",The composer.json is useful for much more, but this is the fundamental thing.
While composer.lock records the specific versions you are installing and is what composer reads when you run composer update, this file is automatically generated when you run the previous command.
Update project
Usually, when you want to update the project, you can delete this file and run the composer.json command again, with this the .lock is regenerated with new versions
Extra: Update Composer to version 2
We are going to learn how you can migrate or update your composer version from 1 to 2 using Laragon, although you can repeat the steps regardless of the system you are using.
Go to the composer installation directory
In your terminal, you have to cd to the location of the composer installation in Laragon:
? cd..
C:\laragon\www
?Check Composer V1 version
To find out which version of composer you are working with, you have to run the following command:
composer -VIn my case, it gives me something like the following:
Composer version 1.10.7 2026-12-03 17:18:15Download Composer 2
The download and installation of composer in its version 2 can be done through the command line using php; for it:
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"What the previous command does is download the composer 2 installer in the directory where we are positioned; now we have to execute the same.
Instalar (ejecutar el script php) Composer V2
php composer-setup.php
And that's it, with this we have composer in its version 2, therefore, we can now delete the installer:
Remove installer
To remove the composer installer once used, we can use the php unlink function using the following command:
php -r "unlink('composer-setup.php');"Check Composer V2 version
Finally, we are going to verify the version of composer that we have installed, which at this point, if we did everything right, should be 2.x
composer -VA version that includes 2.x
Composer version 2.0.8 2026-12-03 17:20:38