Should I submit a dependency package in the vendor directory?

Should I submit a dependency package in the vendor directory?

In general, is not recommended. The vendor directory (or any other directory on which you install it) should be .gitignore / svn:ignore / and so on.

It's a good idea to do this and then have all developers use Composer to install the dependency package. Similarly, build servers, CI, deploy tools, and so on should be modified so that running Composer is part of its project boot.

While submitting it in some environments can be heart-tinging, it can lead to some problems:

• When you update the code, you will greatly increase the volume and difference of the VCS repository.
• In your own VCS, you'll have a history that repeats the resource packs you depend on.
• Adding dependencies through a git repository installation of git treats them as sub-modules. This is problematic because they are not really sub-modules and you will encounter these problems.

If you really feel you have to do this, you have several options:

1. Limit yourself to the tag version (no dev version), so you only get zip-compressed installations and avoid problems with git "sub-modules".
2. Use --prefer-dist or set preferred-install as dist in the config dist
3. Delete the .git folder under each dependency after installation, and you can then add them to your git repo. You can run rm -rf vendor/**/.git quickly, but this means that you need to delete the dependent files on the disk before you can run the composer update command.
4. A new .gitignore rule vendor/.git to ignore all .git vendor. This method does not require you to delete dependent files from your disk before running the composer update command.