Detect whether vendor directory is up-to-date / composer outdated command

[joshuaspence]

I'd like to have some way of testing that dependencies installed in the vendor/ directory are up-to-date so that I can exit early from unit tests.

As an example, consider that I ran composer install locally at some stage, but there have since been additions to the composer.json and composer.lock files and it its now necessary for me to run composer install again. I would ideally be able to detect this scenario and react accordingly.

[joshuaspence]

For comparison, you can achieve this in NPM with the npm outdated command:

> npm outdated -depth=0
Package                        Current   Wanted   Latest  Location
babel-cli                       6.3.17    6.5.1    6.5.1  redacted
babel-core                      6.3.17    6.5.2    6.5.2  redacted
babel-preset-es2015             6.3.13    6.5.0    6.5.0  redacted
browser-sync                    2.10.1   2.10.1   2.11.1  redacted
eslint                          1.10.3   1.10.3    2.1.0  redacted
eslint-watch                     2.1.4    2.1.7    2.1.7  redacted
grunt-check-dependencies        0.10.1   0.10.1   0.11.2  redacted
grunt-concurrent                 2.0.4    2.0.4    2.1.0  redacted
grunt-contrib-clean              0.6.0    0.6.0    0.7.0  redacted
grunt-contrib-cssmin            0.13.0   0.13.0   0.14.0  redacted
grunt-protractor-runner          1.1.4    1.1.4    3.0.0  redacted
gulp                             3.9.0    3.9.1    3.9.1  redacted
gulp-load-plugins                1.1.0    1.2.0    1.2.0  redacted
gulp-progeny                     0.1.2    0.1.2    0.2.1  redacted
gulp-uglify                      1.0.2    1.0.2    1.5.2  redacted
isparta                          3.5.3    3.5.3    4.0.0  redacted
jspm                           0.16.25  0.16.25  0.16.27  redacted
jspm-git                         0.3.3    0.3.3    0.4.3  redacted
karma                          0.13.15  0.13.21  0.13.21  redacted
karma-babel-preprocessor         5.2.2    5.2.2    6.0.1  redacted
karma-chrome-launcher           0.1.12   0.1.12    0.2.2  redacted
karma-ievms                      0.0.4    0.0.4    0.1.0  redacted
karma-jasmine                    0.3.6    0.3.7    0.3.7  redacted
karma-junit-reporter             0.2.2    0.2.2    0.3.8  redacted
karma-mocha-reporter             0.3.2    0.3.2    1.1.5  redacted
karma-ng-html2js-preprocessor    0.1.2    0.1.2    0.2.1  redacted
karma-phantomjs-launcher         0.1.4    0.1.4    1.0.0  redacted
kss                              2.1.1    2.4.0    2.4.0  redacted
less                             2.5.3    2.5.3    2.6.0  redacted
main-bower-files                2.11.0   2.11.1   2.11.1  redacted
ng-annotate                      1.0.2    1.2.1    1.2.1  redacted
yargs                           3.31.0   3.32.0    4.1.0  redacted

[curry684]

Isn't this nearly exactly what composer update --dry-run does? Just tried changing symfony/symfony:^3.0 to symfony/symfony:^2.8 in an existing installed project and it outputs this:

  - Installing ircmaxell/password-compat (v1.0.4)
  - Installing symfony/polyfill-php55 (v1.1.0)
  - Installing symfony/polyfill-php54 (v1.1.0)
  - Updating symfony/symfony (v3.0.2) to symfony/symfony (v2.8.2)
  - Installing symfony/security-acl (v2.8.0)
  - Updating phpspec/prophecy (v1.5.0) to phpspec/prophecy (v1.6.0)
  - Installing sebastian/code-unit-reverse-lookup (1.0.0)
  - Updating phpunit/php-code-coverage (3.1.1) to phpunit/php-code-coverage (3.2.0)
  - Updating phpunit/phpunit (5.2.4) to phpunit/phpunit (5.2.5)

So apart from the latest version and the nice sorting this is already available right?

[joshuaspence]

That would check the compoer.lock file is up-to-date, but not the vendor/ directory. I am AFK at the moment, but maybe composer install --dry-run?

[Seldaek]

Yeah I think install --dry-run would be the closest to check the vendor dir against the lock file (or json in case there is no lock).

[Seldaek]

Closing as duplicate of #3771