Can composer generate the `composer.lock` without actually download the packages?

php composer-php

It does exist a command to generate the composer.lock from a composer.json?

Something similar ruby's bundler : $ bundle lock

Not that I'm aware of. Seems like a weird requirement.

I think composer update --lock does this. "--lock: Only updates the lock file hash to suppress warning about the lock file being out of date." or perhaps this

@Sevvlor I don't have deps installed at first, and running update --lock it installs them..

I actually think that this is not possible without installing or updating. Which is probably due to it's purpose

I actually think this would be very useful. In my scenario I need to update the version of a dependency in 6 applications. Because this feature is not available I have to checkout each application and install ALL the dependencies (70,000 files) just to get the lock file updated. Would be great to skip the copying of 70,000 files.

Duncanmoo

If you do not have a composer.lock

The answer is "no", you have to generate the lock file using:

composer install

Installing Without composer.lock If you have never run the command before and there is also no composer.lock file present, Composer simply resolves all dependencies listed in your composer.json file and downloads the latest version of their files into the vendor directory in your project.

Source: getcomposer.org

NB Potential Issue: Without the lock file Composer will use the latest version of the dependencies.

If you already have a composer.lock

If you already have a composer.lock and Composer is complaining about it being out of sync, you'll see this warning:

Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.

To fix this you can update the lock file itself, without updating the dependencies. This will only update the content-hash in the lock file:

composer update --lock

From the Composer manual:

--lock Only updates the lock file hash to suppress warning about the lock file being out of date.

Composer v2 Change

In v1 running composer update would update lock file and install, there was no option to only write the lock file. Composer v2 has separated the two so composer update will update the lock file but does not download anything.

NB: composer update in v2 will create an updated composer.lock of course, so if you failed to save your composer.lock file from earlier there is still no way of recreating that state, you still have a problem.

Composer v2 Upgrade notes

So can I somehow create a dummy composer.lock file and then the the composer update --lock to get effectivery the same lock file as with composer install?

From what I can see in the documentation the only way to generate a composer.lock is by running composer install. It would be nice if --dry-run or a similar flag wrote the lock file if it is missing.

created an issue for it directly in the composer repo - github.com/composer/composer/issues/8551

@mvorisek if I could give you kudos or a bounty I would, your suggestion will be included in Composer 2.0!

just noting composer update --lock will also update other parts of the lock file to match composer.json not only the hash.

Deividson Damasio

Writing lock file composer.lock without download packages:

composer update --no-install

Composer version 2.2.5

Can composer generate the `composer.lock` without actually download the packages?

Follow WeChat

Want to stay one step ahead of the latest teleworks?

相似问题

Platform

Support

Contact US