I am working on a Laravel application, and I ran the command
composer updatelooks for new versions of installed dependencies and, if found, installs new versions instead of the old ones. It doesn't care whether any changes were made to installed dependencies, because it's looking just at their descriptions stored in the
.composer/cache, but I see no reason whatsoever for the lost files to be there. Yes, they are probably permanently deleted and, if those are critical, you should look for a file recovery program.
You definitely shouldn't store any modifications made to dependencies for the mentioned reasons.
Also, you probably shouldn't add
vendor/ to your repository, for all dependencies are tracked with
composer.lock anyway, and changing dependencies inside
vendor (making them hardcoded) is against
As suggested by Kévin Dunglas, you can also try to look for the lost changes in the local history of your IDE (e.g. in PHPStorm).