Include simple logic - root access any script running with full access to the body, including the ability to perform destructive operations are not asking permission from the naive user. So? So.
Further - a Composer we put third-party code, hell knows what's in that code (you're not personally checked all packages, and then recursively their dependencies, and dependencies of their dependencies). Therefore, it is do - ay-ay-Yai-opasnosti. Risky. About the Composer as it suggests.
Besides, to do anything root access on the server is a bad practice. It is for the same reasons - that the old fashioned way not kopipastit some code from the Internets to the command line - but how do comment @FanatPHP
about the classics
Should be a separate user, which you connecting, and he's right sudo. To use these rights only in extreme cases where they are really needed.