Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Composer: remove a package, clean up dependencies, don't update other packages

The situation

Let's say I have a project with two packages installed by Composer:

php composer.phar require 'squizlabs/php_codesniffer:~2.0' 'phpmd/phpmd:~2.1' 

The autogenerated composer.json file looks like this:

{     "require": {         "squizlabs/php_codesniffer": "~2.0",         "phpmd/phpmd": "~2.1"     } } 

In the autogenerated composer.lock file, there are the two requested packages:

  • 2.0.0 squizlabs/php_codesniffer
  • 2.1.3 phpmd/phpmd

and also four dependencies of phpmd/phpmd:

  • 2.0.4 pdepend/pdepend
  • 2.5.9 symfony/config
  • 2.5.9 symfony/dependency-injection
  • 2.5.9 symfony/filesystem

A few days later, squizlabs/php_codesniffer version 2.1.0 is released, but I don't want to run update yet. I want to stay on version 2.0.0 for now, and maybe I'll run update in a few days.


The question

I now want to remove phpmd/phpmd from my project. I want to achieve the following points:

  1. Delete phpmd/phpmd from composer.json
  2. Delete phpmd/phpmd from composer.lock
  3. Delete phpmd/phpmd from the vendor folder
  4. Delete all the dependencies of phpmd/phpmd from composer.lock
  5. Delete all the dependencies of phpmd/phpmd from the vendor folder
  6. Do not update squizlabs/php_codesniffer to version 2.1.0

Edit: I'd prefer a solution which doesn't require changing the version constraint of squizlabs/php_codesniffer in composer.json


What I've tried

If I run:

php composer.phar remove phpmd/phpmd 

this achieves points 1, 2, 3, 6, but does not achieve points 4, 5.

The dependencies of phpmd/phpmd remain in composer.lock and the vendor folder.

If I run:

php composer.phar remove phpmd/phpmd php composer.phar update 

this achieves points 1, 2, 3, 4, 5, but does not achieve point 6.

squizlabs/php_codesniffer gets updated to version 2.1.0.

like image 229
TachyonVortex Avatar asked Jan 14 '15 14:01

TachyonVortex


People also ask

How do I update all packages in composer?

To update your packagesNavigate to the root of your git repo, where your composer. json file is. Run composer update (on your local machine) to update the required packages and re-generate a composer. lock file.

Can I delete composer JSON file?

You don't have to delete it, but if you're not using composer, there's no reason to keep it.


2 Answers

Remove the entry from composer.json then run composer update phpmd/phpmd.

As to why that is the solution that works. I have no idea but that is what is required to remove a package totally from composer.lock and /vendor and allow you to install a new/replacement/conflicting package.

like image 185
kzap Avatar answered Oct 13 '22 22:10

kzap


Do this:

php composer.phar remove phpmd/phpmd 

Modify the composer.json file so it contains the following require section.

{     "require": {         "squizlabs/php_codesniffer": "2.0.*",     } } 

Now run composer.phar update. That should get you where you want to be.

Note: You could also pin the php_codesniffer package to a specific version e.g. 2.0.0. More information about how composer does versioning can be found on here.

like image 36
Kevin G. Avatar answered Oct 14 '22 00:10

Kevin G.