Composer-based workflow

Drop Guard is capable of managing your website using Composer. In Composer mode, Drop Guard only updates your composer.json and composer.lock files, the rest of codebase remains untouched. This also addresses a common privacy concern, as you don't have to give Drop Guard read and write access to the whole repository.

There are two available options to choose from:

1. Respect version constraints

If set, Drop Guard will never overwrite constraints set in composer.json file. So, for example, if you have a constraint set like this:

{
  "require": {
    "drupal/google_analytics": "^8.2"
  }
}

Drop Guard will only update the module until the version 9.0 is released, as set by the constraint. When the 9.0 version comes out, Drop Guard update task will fail to perform an update, so that you will have to update the constraint manually. Only composer.lock file will be changed.

2. Ignore version constraints

If set, during the first update released for this module Drop Guard will overwrite it with the exact version number and will do it every time the module gets a new version. Both composer.json and composer.lock files are updated as a result.

{
  "require": {
    "drupal/google_analytics": "8.2.5"
  }
}

We recommend evaluating the benefits and drawbacks of each method carefully as they have a huge impact on the workflow.