Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should composer.lock be committed to version control?

Tags:

git

version-control

composer-php

I'm a little confused with composer.lock used in an application with a repository.

I saw many people saying that we should not .gitignore composer.lock from the repository.

If I update my libraries in my dev environment, I will have a new composer.lock but I will not be able to update them into production, will I ?

Won't it generate conflicts on this file ?

like image 841
Pierre de LESPINAY Avatar asked Oct 15 '12 13:10

Pierre de LESPINAY

People also ask

What's the purpose of a composer lock?

composer. lock records the exact versions that are installed. So that you are in the same versions with your co-workers. So in a simple check list.

Is composer lock auto generated?

json of your project and try to install all the dependencies listed in it under require and require-dev keys. Now, when you are installing dependencies for the first time and once all the dependencies are resolved successfully, Composer will automatically generate a composer. lock file along with it.

What is difference between composer json and composer lock?

lock file is present resolves and installs all dependencies that you listed in composer. json , but Composer uses the exact versions listed in composer. lock to ensure that the package versions are consistent for everyone working on your project. As a result you will have all dependencies requested by your composer.

2 Answers

If you update your libs, you want to commit the lockfile too. It basically states that your project is locked to those specific versions of the libs you are using.

If you commit your changes, and someone pulls your code and updates the dependencies, the lockfile should be unmodified. If it is modified, it means that you have a new version of something.

Having it in the repository assures you that each developer is using the same versions.

like image 106
meza Avatar answered Sep 20 '22 15:09

meza

For applications/projects: Definitely yes.

The composer documentation states on this (with emphasis):

Commit your application's composer.lock (along with composer.json) into version control.

Like @meza said: You should commit the lock file so you and your collaborators are working on the same set of versions and prevent you from sayings like "But it worked on my computer". ;-)

For libraries: Probably not.

The composer documentation notes on this matter:

Note: For libraries it is not necessarily recommended to commit the lock file (...)

And states here:

For your library you may commit the composer.lock file if you want to. This can help your team to always test against the same dependency versions. However, this lock file will not have any effect on other projects that depend on it. It only has an effect on the main project.

For libraries I agree with @Josh Johnson's answer.

like image 45
Fieg Avatar answered Sep 18 '22 15:09

Fieg
Sign in to Comment

Related questions

How to use Git for Unity3D source control?
Git - Difference Between 'assume-unchanged' and 'skip-worktree'
How do I ignore files in a directory in Git?
What's the difference between HEAD, working tree and index, in Git?
Staging Deleted files
GitHub "fatal: remote origin already exists"
How to deal with this git warning? "Pulling without specifying how to reconcile divergent branches is discouraged"
How do I "git blame" a deleted line?
Should you commit .gitignore into the Git repos?
What's the difference between 'git merge' and 'git rebase'?
Remove local git tags that are no longer on the remote repository
Remove a folder from git tracking
Undo git update-index --assume-unchanged <file>
How to git ignore subfolders / subdirectories?
See changes to a specific file using git
Need to reset git branch to origin version
How would Git handle a SHA-1 collision on a blob?
Change first commit of project with Git? [duplicate]
What's the difference between git clone --mirror and git clone --bare
How can I get the latest tag name in current branch in Git?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!