What does the composer.lock file do?

The following tutorial column of composer uses will introduce to you the function of composer.lock file. I hope it will be helpful to friends in need!

Basic use of Composer

Use composer.json in the project

Use composer in the project, You need to have a composer.json file. This file is mainly used to declare the relationships between packages and other element tags.

require keyword

The first thing to do in composer.json is to use the require keyword. You will tell composer which packages your project needs

The code is as follows:

{
    "require": {
        "monolog/monolog": "1.0.*"
    }
}

As you can see, the require object will map the name of the package (monolog/monolog) and the version of the package is 1.0.*

The naming of the package

Basically, the naming of the package is the main name/project name (monolog/monolog). The main name must be unique, but the name of the project, which is our package, can have the same name, for example: igorw/json, and seldaek /json

Package version

The version of monolog we need to use is 1.0.*, which means that as long as the version is the 1.0 branch, such as 1.0.0, 1.0.2 or 1.0 .99

Two ways of version definition:

1. Standard version: Define a guaranteed version package file, such as: 1.0.2

2. A certain range Version: Use comparison symbols to define the range of valid versions. Valid symbols are >, >=, <,<=, !=

3. Wildcard characters: special matching symbols *, for example 1.0.* is equivalent to >=1.0,<1.1 version is enough

4. The next important version: the best explanation of the ~ symbol is that ~1.2 is equivalent to >1.2,< ;2.0, but ~1.2.3 is equivalent to >=1.2.3,

Installation package

Run in the project file path

The code is as follows:

$ composer install

In this way, it will automatically download monolog/ monolog file to your vendor directory.

The next thing that needs to be explained is

composer.lock - lock file

After installing all required packages, composer will generate a standard package version The files are in the composer.lock file. This will lock versions of all packages.

Use composer.lock (of course together with composer.json) to control the version of your project

This is very important. When we use the install command to process it, it will first Determine whether the composer.lock file exists. If it exists, the corresponding version will be downloaded (not based on the configuration in composer.json), which means that anyone who downloads the project will get the same version.

If composer.lock does not exist, composer will read the required package and relative version through composer.json, and then create the composer.lock file

This way you can After the package has a new version, you will not be automatically updated. To upgrade to the new version, just use the update command. This way you can get the latest version of the package and also update your composer.lock file.

$ php composer.phar update
或者
$ composer update

Packagist (This should be composer. It feels a bit like a python package, although it is not as powerful. Haha, with this standard, it will definitely be easy for everyone to develop websites in the future, and you can learn from many people’s codes. , and more convenient!)

Packagist is the main warehouse of composer. You can check it out. The basis of the composer warehouse is the source code of the package. You can obtain it at will. The purpose of Packagist is to build a library that can be used by anyone. A repository can be used, which means any require package in your file.

About automatic loading

In order to conveniently load package files, Composer automatically generates a file vendor/autoload.php. You can use it conveniently anywhere you want. Where you need to use

require 'vendor/autoload.php';

This means that you can use third-party code very conveniently. If your project needs to use monlog, you can use it directly, they have been automatically loaded!

The code is as follows:

$log = new Monolog\Logger('name');
$log->pushHandler(new Monolog\Handler\StreamHandler('app.log', Monolog\Logger::WARNING));
$log->addWarning('Foo');

Of course you can also load your own code in composer.json:

The code is as follows:

{
    "autoload": {
        "psr-0": {"Acme": "src/"}
    }
}

composer will put psr-0 Register as Acme namespace

You can define a mapping through the namespace to the file directory. The src directory is your root directory and vendor is the directory at the same level. For example, a file is: src/Acme/Foo. PHP contains the Acme\Foo class

After you add autoload, you must reinstall to generate the vendor/autoload.php file

When we reference this file, it will Returns the strength of an autoloader class, so you can put the returned value into a variable and then add more namespaces. This is very convenient if you are in a development environment. For example:

The code is as follows:

$loader = require 'vendor/autoload.php';
$loader->add('Acme\Test', __DIR__);

The role of the composer.lock file

The install command reads the composer.json file from the current directory, processes the dependencies, and installs it into the vendor directory .

code show as below:

composer install

如果当前目录下存在 composer.lock 文件，它会从此文件读取依赖版本，而不是根据 composer.json 文件去获取依赖。这确保了该库的每个使用者都能得到相同的依赖版本。

如果没有 composer.lock 文件，composer 将在处理完依赖关系后创建它。

为了获取依赖的最新版本，并且升级 composer.lock 文件，你应该使用 update 命令。

代码如下:

composer update

这将解决项目的所有依赖，并将确切的版本号写入 composer.lock。

如果你只是想更新几个包，你可以像这样分别列出它们：

代码如下:

composer update vendor/package vendor/package2

你还可以使用通配符进行批量更新：

代码如下:

composer update vendor/*

The above is the detailed content of What does the composer.lock file do?. For more information, please follow other related articles on the PHP Chinese website!