Can composer generate the `composer.lock` without actually download the packages?

Question

It does exist a command to generate the composer.lock from a composer.json?

Something similar ruby's bundler : $ bundle lock

Answer 1

If you do not have a composer.lock

The answer is "no", you have to generate the lock file using:

composer install 

Installing Without composer.lock

If you have never run the command before and there is also no composer.lock file present, Composer simply resolves all dependencies listed in your composer.json file and downloads the latest version of their files into the vendor directory in your project.

Source: getcomposer.org

NB Potential Issue: Without the lock file Composer will use the latest version of the dependencies.

If you already have a composer.lock

If you already have a composer.lock and Composer is complaining about it being out of sync, you'll see this warning:

Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.

To fix this you can update the lock file itself, without updating the dependencies. This will only update the content-hash in the lock file:

composer update --lock 

From the Composer manual:

--lock Only updates the lock file hash to suppress warning about the lock file being out of date.

---

Composer v2 Change

In v1 running composer update would update lock file and install, there was no option to only write the lock file. Composer v2 has separated the two so composer update will update the lock file but does not download anything.

NB: composer update in v2 will create an updated composer.lock of course, so if you failed to save your composer.lock file from earlier there is still no way of recreating that state, you still have a problem.

Composer v2 Upgrade notes

Answer 2

Writing lock file composer.lock without download packages:

composer update --no-install 

Composer version 2.2.5