Menu
I've used following command to remove a package using composer.
composer remove sjparkinson/static-review
Above command removes entry from composer.json file but composer.lock file still contains entry for mentioned library in require section.
What is the proper way to update composer.lock ? Should I update it manually?
395
lock file prevents you from automatically getting the latest versions of your dependencies. To update to the latest versions, use the update command. This will fetch the latest matching versions (according to your composer. json file) and update the lock file with the new versions.
If you're concerned about your code breaking, you should commit the composer. lock to your version control system to ensure all your project collaborators are using the same version of the code. Without a lock file, you will get new third-party code being pulled down each time.
Composer does not removing this package, because it is required by another dependency. So even if you don't require it directly, it is still required by your project, so you cannot remove it. You can use composer why some-vendor/some-package command to check what is the reason to keep this package installed:
composer why sjparkinson/static-review
magento/product-community-edition 2.2.4 requires sjparkinson/static-review (~4.1)
If you really want to remove this package, you need to remove magento/product-community-edition too (and every dependency, which depends on this package).
BTW: Editing composer.lock manually is really bad idea, you should never do that.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
