Detailed explanation of the difference between composer.josn and composer.lock, as well as the difference between Composer install and Composer updata

The following columncomposer tutorialwill introduce to you the difference between composer.josn and composer.lock, as well as the detailed explanation of the difference between Composer install and Composer updata. I hope it will be helpful to friends who need it. help!

Problem description

We often need to add expansion packs to existing projects. Sometimes due to incorrect guidance in the documentation, The following picture comes from this document:

composer update This command may cause huge harm to the project in our current logic.

Because the logic of composer update is to update all expansion packages to the latest version according to the expansion package version rules specified by composer.json. Note, it is all expansion packages. For example, when you start the project Monolog was used, and the configuration information at that time was

"monolog/monolog": "1.*",

The monolog 1.1 version was installed, and now, more than a month later, monolog has It is 1.2. After running the command, it is directly updated to 1.2. At this time, the project has not been tested for 1.2. The project suddenly becomes very unstable. The situation is sometimes worse than this, especially in a huge project. If you don't write complete coverage tests for the project, you won't know what is broken.

Whichcomposer commandshould be used? install, update or require?

Next we will explain one by one.

Simple explanation

composer install - If there is a composer.lock file, install it directly, otherwise install the latest expansion package and dependencies from composer.json;

composer update - From composer .json installs the latest extension packages and dependencies;

composer update vendor/package - configure the configuration from composer.json or the corresponding package, and update it to the latest;

composer require new/package - add installation new/package, you can specify the version, such as: composer require new/package ~2.5.

Process

Let’s introduce several daily production processes to facilitate everyone’s understanding understanding.

Process 1: New project process

Create composer.json and add the extension package it depends on;

Run composer install to install the extension package And generate composer.lock;

Submit composer.lock to the code version controller, such as: git;

Process 2: Project collaborators install existing projects

After cloning the project, run composer install directly in the root directory to install the specified version of the expansion package and its dependencies from composer.lock;

This process is suitable for the deployment of production environment code.

Process 3: Add a new extension package to the project

Use composer require vendor/package to add the extension package;

Submit the updated composer.json and composer.lock to the code version controller, such as: git;

About the composer.lock file

The composer.lock file stores the dependencies of each code The version record (see figure below) is submitted to the version controller and used in conjunction with composer install to ensure the consistency of the code versions running in the development environment and online production environment of all collaborators in the team.

About the installation method of the expansion package

So, prepare to add an expansion package, install, update, require three commands It can be used to install expansion packs. Which one is the right one to choose?

The answer is: use the composer require command

In addition, after manually modifying composer.json to add the expansion package, composer update new/package can be used to specify the expansion package update method, which can also be installed correctly. , but it is not recommended to use this method, because once you forget to finalize the expansion package name, you will enter a state of doom, so don't leave yourself a trap.

The above concepts are quite confusing for novices or veterans. The main thing to remember is this concept:

To add extensions to the original project, use composer require new/package. way to install.

If you need to add a version

composer require "foo/bar:1.0.0"

Update the specified extension to the specified version

Sometimes you used before New features have been added to the previous expansion pack. If you want to update this single expansion pack to a specified version, you can also use require to do so.

As in the following example, you need to update "sami/sami": "3.0." to "sami/sami": "3.2."

Command line run:

over！

The above is the detailed content of Detailed explanation of the difference between composer.josn and composer.lock, as well as the difference between Composer install and Composer updata. For more information, please follow other related articles on the PHP Chinese website!