CODEWITHSUNDEEP
phpcomposer-php
marcoooo
marcoooo

Reputation: 427

Composer install with only composer.lock

I freshly installed a PHP application given with a composer.lock file.

When running composer install, command line tool is still asking for a composer.json.... I don't have.

In composer documentation, it's said that install command first look for a composer.lock and then for a composer.json.

Why composer is still asking for a file it doesn't need to install my dependencies ?

composer install > returns : Composer could not find a composer.json file

Upvotes: 4

Views: 7229

Answers (2)

Ilario Pierbattista
Ilario Pierbattista

Reputation: 3265

You must have a composer.json to install dependencies, because it's the file where dependencies theirself are listed. Refer to the documentation.

composer.lock lists dependencies which has already been installed. The composer looks first into it in order to keep versions consistent.

The (documentation states)[https://getcomposer.org/doc/01-basic-usage.md#installing-with-composer-lock]:

running install when a composer.lock file is present resolves and installs all dependencies that you listed in composer.json, but Composer uses the exact versions listed in composer.lock to ensure that the package versions are consistent for everyone working on your project.

If you have lost your composer.json you can reverse engineering your composer.lock. Open it and read all the packages installed, then create a composer.json which requires them. Not every single package will be a direct dependency for your problem: you should identify and remove those which are not.

Upvotes: 0

Manish Yadav
Manish Yadav

Reputation: 1025

You still need the composer.json file to install or update any dependencies. Having a composer.lock file means that composer will not search for the latest commits of the dependencies

A few weeks ago on Twitter, I noticed that the OpenCFP project doesn’t have a composer.lock file in it’s repository. “So what,” you might say, “just composer install and away you go. You’ll get the same dependencies, right?” Wrong.

The point of the lock file is to record the exact versions that are installed so they can be re-installed. This means that if you have a version spec of 1.* and your co-worker runs composer update which installs 1.2.4, and then commits the composer.lock file, when you composer install, you will also get 1.2.4, even if 1.3.0 has been released. This ensures everybody working on the project has the same exact version.

Source: Composer: It's all about Lock File

Upvotes: 2

Related Questions