composer update --lock invokes composer update

[caugner]

When I run just composer update --lock to update my root composer.lock's content-hash, the post-update-cmd is invoked and basically updates all vendor-bin dependencies, not just their lock files.

// composer.json (extract)
  "scripts": {
    "bin": "echo 'bin not installed'",
    "post-install-cmd": [
      "@composer bin all install --ansi"
    ],
    "post-update-cmd": [
      "@composer bin all update --ansi"
    ]
  }

This doesn't seem right, so either (a) Composer shouldn't run the post-update-cmd on update --lock, or (b) the Composer-bin-plugin should/could detect this somehow and only run update --lock as well (maybe Composer passes the parameter in an ENV variable or so?).

Obviously, a workaround for us would be to remove the post-update-cmd, because we can call bin all update manually if we need to.

[caugner]

Unfortunately, Composer always runs the event scripts, except if the --no-scripts option is provided:

https://github.com/composer/composer/blob/62dfd0af231996b7d3afc306700e026cb0b4aae4/src/Composer/Command/UpdateCommand.php#L128

The event script is then called here:

https://github.com/composer/composer/blob/005117dda39a6356e72f6cbf589a586751c022b3/src/Composer/Installer.php#L369-L373

However, Composer's EventDispatcher cannot distinguish between --lock and other update invocations.

[caugner]

Fixed by #67.