Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Config option to disable lockfile generation? #8354

aboks opened this issue Oct 2, 2019 · 2 comments


Copy link

commented Oct 2, 2019

I know that opinions differ on whether the composer.lock file should be versioned for libraries. I don't really want to pick a side here; fact is that there's quite a lot of people who omit the lock file from version control. For those projects composer still generates a lock file, so that you end up with a local lock file that may be outdated compared to thecomposer.json versioned in the repository. This means that after pulling you either need to throw away your lock file before running composer install or run composer update instead. This seems less than ideal, especially as the workflow now differs between projects with and without a versioned lock file.

How would you feel about adding a no-lock config option to disable lockfile generation? By putting that into the config section of composer.json one can prevent a lockfile from being generated at all, so that they can still run composer install safely after pulling from VCS.

I'm willing to try and give the implementation a shot, just wanted to check first if this is something that you would accept as a PR at all.


This comment has been minimized.

Copy link

commented Oct 6, 2019

The use case makes sense, but might conflict with #6822 - or at least should be taken into consideration there too.


This comment has been minimized.

Copy link

commented Oct 7, 2019

Well, if you don't generate a lock file, any install you run is actually an update. So I would still be in favor of #6822. We could make explicit that when you don't generate a lock file, you can only ever update dependencies, not install them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.