It does exist a command to generate the composer.lock
from a composer.json
?
Something similar ruby's bundler
: $ bundle lock
composer update --lock
does this. "--lock: Only updates the lock file hash to suppress warning about the lock file being out of date." or perhaps this
update --lock
it installs them..
If you do not have a composer.lock
The answer is "no", you have to generate the lock file using:
composer install
Installing Without composer.lock If you have never run the command before and there is also no composer.lock file present, Composer simply resolves all dependencies listed in your composer.json file and downloads the latest version of their files into the vendor directory in your project.
Source: getcomposer.org
NB Potential Issue: Without the lock file Composer will use the latest version of the dependencies.
If you already have a composer.lock
If you already have a composer.lock
and Composer is complaining about it being out of sync, you'll see this warning:
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
To fix this you can update the lock file itself, without updating the dependencies. This will only update the content-hash
in the lock file:
composer update --lock
From the Composer manual:
--lock Only updates the lock file hash to suppress warning about the lock file being out of date.
Composer v2 Change
In v1 running composer update
would update lock file and install, there was no option to only write the lock file. Composer v2 has separated the two so composer update
will update the lock file but does not download anything.
NB: composer update
in v2 will create an updated composer.lock of course, so if you failed to save your composer.lock file from earlier there is still no way of recreating that state, you still have a problem.
Writing lock file composer.lock
without download packages:
composer update --no-install
Composer version 2.2.5
Success story sharing
composer.lock
file and then the thecomposer update --lock
to get effectivery the same lock file as withcomposer install
?--dry-run
or a similar flag wrote the lock file if it is missing.composer update --lock
will also update other parts of the lock file to matchcomposer.json
not only the hash.