Can composer generate `composer.lock` without downloading packages?
It is not possible to create a lock file without installing or updating, this is by design (Credit Manish Yadav )
The point of the lock file is to record the exact versions that are installed so that they can be re-installed. This means that if you have a 1. * spec and your co-worker runs an update for composer that installs 1.2.4 and then writes the composer.lock file when you install composer, you will also get 1.2.4 even if version 1.3.0 has been released. This ensures that everyone working on the project has the same exact version.
source to share
If you don't have composer .lock
The answer is no, you need to generate a lock file using:
composer install
Installation without linker.
If you have never run the command before and there is also no composer.lock file present , composer simply resolves all dependencies listed in the composer.json file and loads the latest version of its files into the vendor directory in your project.
Source: getcomposer.org
NB Potential issue: Without the lock file linker, the latest dependencies will be used.
If you already have composer.lock
And the composer complains that it is out of sync (can't remember the exact warning), then you can update the lock file, but this really only updates the hashes in the file:
composer update --lock
From the composer's guide:
- lock Only updates the hash of the lock to suppress the warning that the lock is out of date.
source to share