Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Config option to disable lockfile generation? #8354

Open
aboks opened this issue Oct 2, 2019 · 2 comments

Comments

@aboks
Copy link
Contributor

commented Oct 2, 2019

I know that opinions differ on whether the composer.lock file should be versioned for libraries. I don't really want to pick a side here; fact is that there's quite a lot of people who omit the lock file from version control. For those projects composer still generates a lock file, so that you end up with a local lock file that may be outdated compared to thecomposer.json versioned in the repository. This means that after pulling you either need to throw away your lock file before running composer install or run composer update instead. This seems less than ideal, especially as the workflow now differs between projects with and without a versioned lock file.

How would you feel about adding a no-lock config option to disable lockfile generation? By putting that into the config section of composer.json one can prevent a lockfile from being generated at all, so that they can still run composer install safely after pulling from VCS.

I'm willing to try and give the implementation a shot, just wanted to check first if this is something that you would accept as a PR at all.

@Seldaek

This comment has been minimized.

Copy link
Member

commented Oct 6, 2019

The use case makes sense, but might conflict with #6822 - or at least should be taken into consideration there too.

@stof

This comment has been minimized.

Copy link
Contributor

commented Oct 7, 2019

Well, if you don't generate a lock file, any install you run is actually an update. So I would still be in favor of #6822. We could make explicit that when you don't generate a lock file, you can only ever update dependencies, not install them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.