I'm not sure what's wrong in your case, but for what it's worth the Composer documentation recommends committing the composer.json
and composer.lock
files and excluding the vendor/
directory from version control.
Then, on other machines where you need to have dependencies (e.g. other development machines, staging and production servers, etc.) you can use composer install
or composer update
and let the system keep all of your dependencies synchronized for you.
This is one of the major benefits of using a dependency manager: You can define your project's dependencies in a data file, and everybody can use that data file to get the exact same versions of everything installed automatically, without including external libraries in your repository.