[riquito]

> I'd say PHP is definitely one of those

I still don't like it but the landscape definetely changed, and it keeps getting better.

> Meanwhile I think composer is one of the best package managers around.

Apart from the fact that it uses gigabytes of ram on real projects. At work we ended up using it outside virtual machines, to later copy back the dependencies.

[alexbilbie]

Are you committing the composer.lock file in your projects? Likewise you should try and use as close to absolute version numbers as possible in your composer.json `requires` sections.

I used did a quick test (having run `composer clearcache` each time) on one of my projects:

Without composer.lock: Memory usage: 75.96MB (peak: 87.5MB), time: 38.54s

With composer.lock: Memory usage: 7.47MB (peak: 8.99MB), time: 28.6s

[riquito]

I do, I also have just absolute version numbers. I'm not the only one with such problems

https://github.com/composer/composer/issues/1898

[thejosh]

What's a "real project"?

I use composer every day, and have 0 problems when doing a `composer install` on production.

I also recommend setting up Toran Proxy, which will allow you to ensure you're not boned when Github goes down.

[riquito]

> What's a "real project"?

One of not negligible size. They usually have many dependencies. I can see on our composer.json around ~60 dependencies, and the number will only grow (apart some lucky circumstances).

https://github.com/composer/composer/issues/1898

> I also recommend setting up Toran Proxy, which will allow you to ensure you're not boned when Github goes down.

Yes, that's a good idea