Add check for lock file integrity in composer install
#75
Comments
|
Why is there two commands? arent we always interested in installing the changed version numbers or the new libraries when doing |
|
No. Install installs the dependencies to their latest version OR to the versions specified in the lock file if it's present. Update gives you the latest version and writes down a new lock file. It's important to keep both paths. |
|
Suggestion is to calculate the md5 of the composer.json at the time of an update and put it into the .lock, so composer can emit a friendly warning on "install" time if the checksum changed |
digitalkaoz
pushed a commit
to digitalkaoz/composer
that referenced
this issue
Nov 22, 2013
digitalkaoz
pushed a commit
to digitalkaoz/composer
that referenced
this issue
Nov 22, 2013
Detect lock file changes and warn users on install, fixes composer#75
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you call install, and have a lock file, it will install dependencies from the lock file. That's all good, but we should check if the packages described in the lock file actually match the requirements of the app composer.json.
If it doesn't match, we should proceed as usual, but output a warning to the user that probably he wants to run
composer updateto get some package versions that match with his current composer.json.The text was updated successfully, but these errors were encountered: