How to test if composer.lock is up to date?

Question

During development (multiple people in the team) sometimes composer install returns:

Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.

Is there a way to check for this very quickly (in milliseconds, without making any changes)?

I understand how composer works. However when code merges in it doesn't necessarily cause merge conflicts on the composer.json or composer.lock file and it's not fun to run composer install all the time when theres almost never any changes and that command takes several minutes.

If I'm able to quick test if the lock fail has fallen out of sync I can build it into the bash environment to notify every command. Similar to how people like their git status to be built into their bash prompt.

Further more this makes sense in CI to make sure it does sneak it's way into the stable branch.

Answer 1

on newer versions (I suppose 1.3+) you can run the following:

$ composer validate --no-check-all --no-check-publish

Which might output something like this (with a catchable error exit code):

./composer.json is valid for simple usage with composer but has
strict errors that make it unable to be published as a package:
See https://getcomposer.org/doc/04-schema.md for details on the 
schema
The lock file is not up to date with the latest changes in composer.json, it is recommended that you run `composer update`.

Answer 2

You can run

composer install --dry-run

--dry-run Outputs the operations but will not execute anything (implicitly enables --verbose).

This won't change anything but will show the warning if not up to date. But it will still have to check the servers for new versions of your installed packages, so if you have many installed this might still take more than milli seconds. Anyway it's faster.