New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add check for lock file integrity in composer install
#75
Comments
Why is there two commands? arent we always interested in installing the changed version numbers or the new libraries when doing |
No. Install installs the dependencies to their latest version OR to the versions specified in the lock file if it's present. Update gives you the latest version and writes down a new lock file. It's important to keep both paths. |
Suggestion is to calculate the md5 of the composer.json at the time of an update and put it into the .lock, so composer can emit a friendly warning on "install" time if the checksum changed |
Detect lock file changes and warn users on install, fixes composer#75
If you call install, and have a lock file, it will install dependencies from the lock file. That's all good, but we should check if the packages described in the lock file actually match the requirements of the app composer.json.
If it doesn't match, we should proceed as usual, but output a warning to the user that probably he wants to run
composer update
to get some package versions that match with his current composer.json.The text was updated successfully, but these errors were encountered: