Not to hi-jack, but I’m curious.
Say I put something together on localhost in May that has dependencies A, B, C
I upload the vendor folder, all is well
Now in July, dependency B releases a critical security update.
I would need to redo on localhost and re-upload the vendor file
But if Composer were on the server, the critical security update would happen as soon as it was released, or just be easier to do?