4

In my project I have some Composer vendor libraries that have been manually edited; my purpose is to restore them to the original state, on my development machine.

I unfortunately triggered a composer update so I don't have a correct composer.lock anymore (it has been updated). I got the composer.lock from our production system (that had the same libraries version of the old development composer.lock).

After replacing the new composer.lock with the old one, what should I execute for being sure to have the same environment as before?

Should composer install be enough to reinstall the old versions of the dependencies? (after removing the old Composer vendor/ directory)

I want to reinstall without getting any newer version. And, in future cases where I will avoid to perform a composer update, what should I have triggered for restoring a vendor library after a manual edit of it?

Improve this question
4
  • 1
    Yes, composer install will use the composer.lock file
    – Max
    Commented Oct 13, 2014 at 15:45
  • Oh thanks. I couldn't find where it was already discussed. Do you think it will work also with a restored composer.lock from another machine (different machine but with the same project and in the desired state)?
    – Kamafeather
    Commented Oct 13, 2014 at 15:53
  • 1
    Exactly. The command install looks for the composer.lock file and will download the versions specified there. The only risk with a restored version is that maybe it's an older version therefore installing older dependencies. Have a look here: composer.lock - The Lock File
    – Max
    Commented Oct 13, 2014 at 15:59
  • Send composer.lock to your git/svn. Ever you upgrade or install new dependencies, the composer.lock will be updated and you have to send this to your git/svn.
    – Édipo Costa Rebouças
    Commented Oct 13, 2014 at 18:23

1 Answer 1

Reset to default
5

As answered from Max:

"Yes, composer install will use the composer.lock file"

I just restored the composer.lock from my production system and then performed a composer install.

As stated from Édipo Costa Rebouças, if we commit the composer.lock to our repository every time we update it then we will always have the right reference to the correct versions of the dependencies.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.