In this post to her site Lorna Mitchell makes an interesting point about relying on libraries/packages that recommend using
dev-master as the target of choice when installing via Composer. It started from a Tweet and lead to more discussion. She share some of that and more about her own thinking in this post.
If your project installation instructions recommend requiring dev-master in composer, I may need to reconsider my choice of package. [...] I got a few responses asking me to expand so I thought I would take the opportunity to write more than 140 characters on this topic.
She talks about the types of dependencies she prefers to add to her systems and how, usually, the code that lives in
dev-master is not actually what's desired. It could be in any state after all - broken or correct. She points out three places where she'd see this kind of dependency as "okay" but points out that they are rarely seen in a mature project. She ends with a recommendation to users to look for
dev-master entries in their own
composer.json files and replace them with a release to prevent issues in the future.