What does ‘composer dump-autoload’ do in Laravel?

Composer is a major part of the Laravel MVC Framework, but it also exists without Laravel. In fact you could use it in any project. This article digs into the different files that are used by composer.
It’s important to understand what these files are and what these files do.

composer.json

This is the only file you have to edit manually. In this file you can lists which packages you want and which versions of that package you want to install. Versions can be vague (1.x.x) or specific (1.1.2).

vendor/composer/autoload_classmap.php

This file (no class) returns an array of all aliasses and files based on the autoload section in composer.json.
This file is regenerated on each dump-autoload. If you have a new class somewhere in your project it will not be loaded unless it is included in autoload_classmap (hence you have to execute composer dump-autoload)
In Laravel, composer.json includes all controllers, models, commands, migrations, seeds, services and facades in your root folder structure. If you want a custom folder to dump files, you have to add it to the autoload-section
in composer.json. That way it will be included in the autoload_classmap.php
autoload_classmap.php also includes the providers in config/app.php
In Laravel, the autoload_classmap is included inside app/bootstrap/autoload.php (as /../vendor/autoload.php which includes the autoload_classmap)

composer.lock

This file is not, as it might suggest, an indication of an update of an install going on. It’s not.
composer.lock lists all exact versions of each vendor package that is installed.
If you run composer install and there is a lock file present, it will download the versions of composer.lock no matter what’s inside composer.json
If you run composer install and there is no lock file, it will generate a lock file of all the vendor versions it has installed based on composer.json
If you run composer update it will overwrite the composer.lock file with the newest available vendor packages based on composer.json
This means that if you include composer.lock in your GIT repository; clone and execute composer install on another computer, it will download the exact same versions as in composer.lock

What’s the difference between composer dump-autoload, composer update and composer install?

The above text already explains the difference between those commands, but for fast readers:

composer install installs the vendor packages according to composer.lock (or creates composer.lock if not present),
composer update always regenerates composer.lock and installs the lastest versions of available packages based on composer.json
composer dump-autoload won’t download a thing. It just regenerates the list of all classes that need to be included in the project (autoload_classmap.php).
Ideal for when you have a new class inside your project.

Ideally, you execute composer dump-autoload -o , for a faster load of your webpages. The only reason it is not default, is because it takes a bit longer to
generate (but is only slightly noticable)