Menu
We are working with multiple people on a project which uses composer packages. Every time a colleague updates/installs a package, the plugin-api-version changes in the composer.lock file.
Is this a problem or can we ignore this as long as there are no packages specifying a plugin-api-version?
271
asked Jan 16 '26 21:01
It's a problem when it becomes a problem.
If it doesn't block you from installing your project, then it's not a problem.
But if multiple developers are working on the same project, and all of them are making changes on dependencies (e.g. running update and/or require calls on that project), the better practice would be for all developers to be on the same version (and hopefully not on V1).
61
This is happening because people have different versions of composer in their environments.
Since 2020 (Version 1.10.0) composer.lock has the field plugin-api-version to track which Composer version created it.
I recommended all devs to work with the same version of Composer of the production environment, to avoid surprises on deploy.
You can upgrade/rollback versions by running sudo composer self-update <version> or downloading the appropriate composer.phar file from the "Manual Download" section of Composer downloads page.
If developers prefer to have and manage their own versions of composer, you may want to download composer.phar and make it part of the project. This way, you ensure the same composer is used across all environments on a per-project basis.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
