stackoom
  简体   繁体   中英

Composer install with only composer.lock

 原文  2017-06-07 12:10:23       php/ composer-php

Question

I freshly installed a PHP application given with a composer.lock file.

When running composer install, command line tool is still asking for a composer.json.... I don't have.

In composer documentation, it's said that install command first look for a composer.lock and then for a composer.json.

Why composer is still asking for a file it doesn't need to install my dependencies ?

composer install > returns : Composer could not find a composer.json file

2 answers

solution1
 3  2017-06-07 12:16:46

You still need the composer.json file to install or update any dependencies. Having a composer.lock file means that composer will not search for the latest commits of the dependencies

A few weeks ago on Twitter, I noticed that the OpenCFP project doesn't have a composer.lock file in it's repository. “So what,” you might say, “just composer install and away you go. You'll get the same dependencies, right?” Wrong.

The point of the lock file is to record the exact versions that are installed so they can be re-installed. This means that if you have a version spec of 1.* and your co-worker runs composer update which installs 1.2.4, and then commits the composer.lock file, when you composer install, you will also get 1.2.4, even if 1.3.0 has been released. This ensures everybody working on the project has the same exact version.

Source: Composer: It's all about Lock File

solution2
 0 ACCPTED  2017-06-07 12:17:05

You must have a composer.json to install dependencies, because it's the file where dependencies theirself are listed. Refer to the documentation .

composer.lock lists dependencies which has already been installed. The composer looks first into it in order to keep versions consistent.

The (documentation states)[ https://getcomposer.org/doc/01-basic-usage.md#installing-with-composer-lock] :

running install when a composer.lock file is present resolves and installs all dependencies that you listed in composer.json, but Composer uses the exact versions listed in composer.lock to ensure that the package versions are consistent for everyone working on your project.

If you have lost your composer.json you can reverse engineering your composer.lock . Open it and read all the packages installed, then create a composer.json which requires them. Not every single package will be a direct dependency for your problem: you should identify and remove those which are not.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Composer.lock in library composer.lock timestamp format Composer & composer.lock in GIT and merge conflicts composer.lock changes despite "Nothing to install or update" Will “composer install” update vendor files after composer.lock file is modified? Re-install vendors from composer.lock (not composer.json) How to make composer update only files in composer.lock/json and not pull new versions Update symfony 2 version / composer.lock composer.lock: how does it work? "composer.lock" does not show the exact version
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM