• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

I Like Kill Nerds

The blog of Australian Front End / Aurelia Javascript Developer & brewing aficionado Dwayne Charrington // Aurelia.io Core Team member.

  • Home
  • Aurelia 2
  • Aurelia 1
  • About
  • Aurelia 2 Consulting/Freelance Work

Should You Commit “composer.lock” Into Your Git Repository?

PHP · September 15, 2014

This is an interesting question I have been asked about a few times now and it appears many developers are confused what the answer is. Long story short: Yes, you should commit your composer.lock file.

The composer.lock file is a build metadata file that specifies exact versions of dependencies in your Composer project. It means if someone else in the team pulls down your code, they will get the exact same versions specified.

In the official Composer documentation, it actually says to commit the file in bold.

Commit your application’s composer.lock (along with composer.json) into version control.

This does mean if there are updates and you first pull down the project, you won’t get them. You will need to run a “composer update” to get any updates to a dependency.

Please note, you should commit the composer.lock file only for projects and you should NEVER commit this file for a library someone else is installing, just projects.

Dwayne

Leave a Reply Cancel reply

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Newton Nyambati
Newton Nyambati
7 years ago

What about in a situation such as this:

A laravel project being worked on by a few guys. We like to keep up to date with the various libraries that a fresh laravel install comes with as well as a few added libraries we use for functionality in the project.

We’ve noticed that if one of us runs “composer update” it updates all the versions in the composer.lock file. If this person pushes and someone else pulls, subsequently running “composer update” will bring errors and ultimately force a fresh composer install.

For this reason we removed compser.lock for our repo, and we just make sure everyone runs “composer update” regularly. Is this bad practice?

0
Levi Durfee
Levi Durfee
6 years ago

Newton, I wouldn’t say that is bad practice. Each scenario is unique and you have to decide what works best for your team.

0

Primary Sidebar

Popular

  • I Joined Truth Social Using a VPN and Editing Some HTML to Bypass the Phone Verification
  • Testing Event Listeners In Jest (Without Using A Library)
  • How To Get The Hash of A File In Node.js
  • Thoughts on the Flipper Zero
  • Waiting for an Element to Exist With JavaScript
  • How To Paginate An Array In Javascript
  • How To Mock uuid In Jest
  • How To Decompile And Compile Android APK's On A Mac Using Apktool
  • How To Get Last 4 Digits of A Credit Card Number in Javascript
  • Wild Natural Deodorant Review

Recent Comments

  • CJ on Microsoft Modern Wireless Headset Review
  • Dwayne on Microsoft Modern Wireless Headset Review
  • CJ on Microsoft Modern Wireless Headset Review
  • john on Microsoft Modern Wireless Headset Review
  • Dwayne on Why You Should Be Using globalThis Instead of Window In Your Javascript Code

Copyright © 2023 · Dwayne Charrington · Log in

wpDiscuz