2

Context: I'm working with a team on PHP projects and we just ran into an issue where a code review from another team member modified the format of the all time fields in the composer.lock file. It turned out he was using a much older version of composer which output the time fields in a different format. Once he updated an re-installed the package, the fields remained the same.

Is there a way to specify a minimum version of Composer to require all team members working on a project to use the minimum version to avoid problems like this. If we hadn't spotted this issue, the composer.lock file would have had this unnecessary change happen any time new packages were installed by people with different composer versions

Improve this question
2
  • lock your package versions in composer.json by setting to a specific tag.
    – Lawrence Cherone
    Commented Mar 8, 2018 at 21:20
  • I don't mean locking the package versions. I mean locking the version of Composer itself being used.
    – webbower
    Commented Mar 8, 2018 at 22:12

3 Answers 3

Reset to default
3

You can create script which will be called before each update, and throw exception if composer version is too old.

In composer.json:

"scripts": {
    "pre-update-cmd": [
        "ComposerVersionCheck::check"
    ]
}

Simple class for version checking:

class ComposerVersionCheck {

    public static function check() {
        if (version_compare(\Composer\Composer::VERSION, '1.7.0', '<')) {
            throw new \Exception(
                'Your Composer version (' . \Composer\Composer::VERSION . ') is too old,'
                . ' 1.7.0 or higher is required.'
            );
        }
    }
}
Improve this answer
0

There are two possibilities:

  • either check in composer.phar to ensure everyone is using the same version of composer
  • keep composer itself updated at all times to ensure everyone is using the latest version of composer, by running composer self-update

Regardless, since composer changes over time, you would probably still have run into the same issue.

Improve this answer
0

You can do this in composer.json:

"require": {
    "composer": "^2.2",
    [...]
}

Note: this will prevent composer update if <2.2, but not composer install, so it will not ensure that Composer is up to date in the deployment servers and team machines, but it will prevent composer.lock from being changed by older versions.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.