Don't know anything about the PHP world but they might both right approaches and both wrong: it depends on "reproducibility" and the platform.
Most tools now (npm 5, yarn, pipenv, bundler) have a side "lock" file which allows repeatable installations. If you configure them correctly you can be 100% sure that what you have installed in your development environment is the same in staging and production.
Committing vendor seems to make sense at first but (for example) if you develop on OSX and deploy on Linux (as many do) and you have libraries compiled against your own environment you might not be able to reproduce the build, even with the committed vendor.
So, if PHP/Composer allows you to have reproducible installs then remove the vendor, otherwise go for it (or find better tooling :D).
Another option is to use docker so you can just make an image of your environment and be sure it's the same on the server too.
Don't know anything about the PHP world but they might both right approaches and both wrong: it depends on "reproducibility" and the platform.
Most tools now (npm 5, yarn, pipenv, bundler) have a side "lock" file which allows repeatable installations. If you configure them correctly you can be 100% sure that what you have installed in your development environment is the same in staging and production.
Committing vendor seems to make sense at first but (for example) if you develop on OSX and deploy on Linux (as many do) and you have libraries compiled against your own environment you might not be able to reproduce the build, even with the committed vendor.
So, if PHP/Composer allows you to have reproducible installs then remove the vendor, otherwise go for it (or find better tooling :D).
Another option is to use docker so you can just make an image of your environment and be sure it's the same on the server too.
Also composer has a composer.lock file.