I'm having my vendor directory in
Composer provides the
composer.lock file for this purpose.
Installing a new package, doing a
composer update, etc. that causes package changes will write the exact versions of the installed packages to
composer.lock. You should include this file in your repository's versioned files.
You can run
composer install to automatically install the exact list of package versions from
composer.lock. As it's going to be versioned, you can always roll it back to a working version and run
composer install again.
composer dump-autoload shouldn't make any destructive changes in