{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 虎瘦雄心在 的问题《composer.lock: how does it work?》','https://www.manongdao.com/q-266629.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to understand this part: http://getcomposer.org/doc/02-libraries.md#lock-file
this lock file will not have any effect on other projects that depend on it. It only has an effect on the main project"
Does that mean that if project P depends on library A, and library A depends on library B v1.3, project P won't care about the version of library B, and will possibly install B 1.4 instead? What's the point then?
Or does it mean the opposite, as one would expect from a dependency manager?
composer.lockrecords the exact versions that are installed. So that you are in the same versions with your co-workers.composer install
composer.lockfilecomposer.lockfile (Usingcomposer update)composer.lockfilecomposer update
composer.jsonfilecomposer.lockfile with installed versionsSo in a simple check list.
If you want to keep all co-workers in the same versions as you...
composer.lockto GIT (or vcs you have)composer.lockfilecomposer installto get the correct dependenciesIf you want to Upgrade the system dependencies to new versions
composer updatecomposer.lockfile with newest versionscomposer installFollowing will be a very good reading
https://blog.engineyard.com/2014/composer-its-all-about-the-lock-file
Enjoy the power of
composer.lockfile!Composer dependencies are defined in
composer.json. When running composer install for the first time, or when running composer update a lock file calledcomposer.lockwill be created.The quoted documentation refers to the lock file only. If your project P depends on library A and A depends on B v1.3.***, then if A contains a lock file saying someone ran "composer update" resulting in B v1.3.2 being installed, then installing A in your project P might still install 1.3.3, as the
composer.json(not.lock!) defined the dependency to be on 1.3.*.Lock files always contain exact version numbers, and are useful to communicate the version you tested with to colleagues or when publishing an application. For libraries the dependency information in
composer.jsonis all that matters.The point of the lock file is to record the exact versions that are installed so they can be re-installed. This means that if you have a version spec of 1.* and your co-worker runs
composer updatewhich installs 1.2.4, and then commits the composer.lock file, when youcomposer install, you will also get 1.2.4, even if 1.3.0 has been released. This ensures everybody working on the project has the same exact version.Read more here Composer: It’s All About the Lock File