i got a problem with composer
In the VM instance, php and some packages installed(listed in composer.lock file)
When i try to install new package at local(i copy package folder from another VM can install via internet) the old composer.lock which list installed package will be replace with information of only new package i install.
step:
i update composer.json with new package
{
"repositories": [
{
"packagist": false
},
{
"type": "path",
"url": "/path/to/artifact/"
}
],
"require": {
"firebase/php-jwt": "^6.4"
}
}
then run
php composer.phar update
new package installed but composer.lock just have only new package(php-jwt) all other contents deleted
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 50 removals
- Removing cakephp/debug_kit (2.2.9)
- Removing clue/stream-filter (v1.6.0)
- Removing composer/installers (v1.12.0)
- Removing doctrine/instantiator (1.4.1)
...
- Locking firebase/php-jwt (6.4.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
- Downloading firebase/php-jwt (6.4.0)
- Installing firebase/php-jwt (6.4.0): Extracting archive
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
No security vulnerability advisories found
what i can do for install new package and update(append) information to composer.lock instead of add only new package to it?
Update: i change update command to require, the same result
php composer.phar require /path/to/artifact/
2
Answers
The command
reads the
composer.jsonfile and update/downgrade/remove/add the packages following the list in therequiresection to the latest version possible following its rules and avoiding conflicts.In your case only the
firebase/php-jwtis specified, so only itself and its dependecies are kept/updated and all other packages are removed andcomposer.lockreflects the state after theupdateoperation.To solve the issue you should use the full package list contained in the
composer.jsonfile that references the packages originally installed and add thefirebase/php-jwtpackage manually to it and run the command:or use the command:
to let composer add the
firebase/php-jwtpackage to thecomposer.jsonfile and install the package.You’re effectively updating the lock-file as configured and with the right command –
composer update– the question is merely getting the grasp on the removals:As composers’ version locking shows every package other than
firebase/php-jwtmust not be installed and is/will be removed, it shows that you have a mismatch between your expectation and what you actually configured composer to do. See the--dry-runoption to verify your changes before applying them to validate your expectations beforehand then you can spare yourself the trouble.Now I wrote that this is "as configured". That is because you shared your configuration:
The only package that is required is
firebase/php-jwt. Where have all the others gone? Well, you haven’t shared in your question so I can only guess and I’d say you edited thecomposer.jsonfile and while doing so, you have removed the actual requirements of the project.Restore the original
composer.jsonandcomposer.lockfiles as well as thevendorfolder from backup to recover the project requirements and dependencies.And don’t just blindly apply changes to those files. If you’re offline just copy the two composer files and the according vendor folder and you’re set.
If you can’t live being offline and not able to run most of the composer commands for some reason, read the following:
And additionally from my own offline experience, you don’t have to disable the (default) packagist repository as composer realizes when there is no network and falls back to the cache.
Copy over the (primed) composer cache from the online machine where you get the updates from, it is pretty portable. Study the composer manual if you need dedicated tweaking like overriding the default size limit.