Introduction to the role of composer.lock file

The following column of composertutorial will introduce to you the function of composer.lock file. I hope it will be helpful to friends in need!

Basic use of Composer

Used in the project composer.json

To use composer in a project, you need to have a composer.json file. This file is mainly used to declare the mutual relationships between packages and other element tags.

require keyword

The first thing to do in composer.json is to use the require keyword. You will tell composer which packages your project needs

The code is as follows:

{
    "require": {
        "monolog/monolog": "1.0.*"
    }
}

As you can see, the require object will map the name of the package (monolog/monolog) and the version of the package is 1.0.*

The naming of the package

Basically, the naming of the package is the main name/project name (monolog/monolog). The main name must be unique, but the name of the project, which is our package, can have the same name, for example: igorw/json, and seldaek /json

Package version

The version of monolog we need to use is 1.0.*, which means that as long as the version is the 1.0 branch, such as 1.0.0, 1.0.2 or 1.0 .99

Two ways of version definition:

1. Standard version: Define a guaranteed version package file, such as: 1.0.2

2. A certain range of versions: Use comparison symbols to define the range of valid versions. Valid symbols include >, >=, <,<=, !=

3. Wildcard characters: Special The matching symbol *, for example, 1.0.* is equivalent to >=1.0, <1.1 version is enough

4. The next important version: The best explanation of the ~ symbol is that ~1.2 is equivalent Compared with >1.2,<2.0, but ~1.2.3 is equivalent to >=1.2.3,<1.3 version.

Installation package

Run in the project file path

The code is as follows:

$ composer install

In this way, it will automatically download the monolog/monolog file to your vendor below the directory.

The next thing that needs to be explained is

composer.lock - lock file

After installing all required packages, composer will generate A standard package version file is in the composer.lock file. This will lock versions of all packages.

Use composer.lock (of course together with composer.json) to control the version of your project

This is very important. When we use the install command to process it, it will first Determine whether the composer.lock file exists. If it exists, the corresponding version will be downloaded (not based on the configuration in composer.json), which means that anyone who downloads the project will get the same version.

If composer.lock does not exist, composer will read the required package and relative version through composer.json, and then create the composer.lock file

This way you can After the package has a new version, you will not be automatically updated. To upgrade to the new version, just use the update command. This way you can get the latest version of the package and also update your composer.lock file.

$ php composer.phar update
或者
$ composer update

Packagist (This should be composer. It feels a bit like a python package, although it is not as powerful. Haha, with this standard, it will definitely be easy for everyone to develop websites in the future, and you can learn from many people’s codes. , and more convenient!)

Packagist is the main warehouse of composer. You can check it out. The basis of the composer warehouse is the source code of the package. You can obtain it at will. The purpose of Packagist is to build a library that can be used by anyone. A repository can be used, which means any require package in your file.

About automatic loading

In order to conveniently load package files, Composer automatically generates a file vendor/autoload.php, which you can conveniently use wherever you need to use it

require 'vendor/autoload.php';

This means that you can use third-party code very conveniently. If your project needs to use monlog, you can use it directly. They have been automatically loaded!

The code is as follows:

$log = new Monolog\Logger('name');
$log->pushHandler(new Monolog\Handler\StreamHandler('app.log', Monolog\Logger::WARNING));
$log->addWarning('Foo');

Of course you can also load your own code in composer.json:

The code is as follows:

{
    "autoload": {
        "psr-0": {"Acme": "src/"}
    }
}

composer will register psr-0 as the Acme namespace

You can define a mapping to the file directory through the namespace. The src directory is your root directory and vendor is the directory at the same level. For example, a file: src/Acme/Foo.php contains Acme\ Foo class

After you add autoload, you must reinstall to generate the vendor/autoload.php file

When we reference this file, an autoloader class will be returned. , so you can put the returned value into a variable, and then add more namespaces. This is very convenient in a development environment, for example:

The code is as follows:

$loader = require 'vendor/autoload.php';
$loader->add('Acme\Test', __DIR__);

The role of the composer.lock file

The install command reads the composer.json file from the current directory, processes the dependencies, and installs it into the vendor directory.

code show as below:

composer install

如果当前目录下存在 composer.lock 文件，它会从此文件读取依赖版本，而不是根据 composer.json 文件去获取依赖。这确保了该库的每个使用者都能得到相同的依赖版本。

如果没有 composer.lock 文件，composer 将在处理完依赖关系后创建它。

为了获取依赖的最新版本，并且升级 composer.lock 文件，你应该使用 update 命令。

代码如下:

composer update

这将解决项目的所有依赖，并将确切的版本号写入 composer.lock。

如果你只是想更新几个包，你可以像这样分别列出它们：

代码如下:

composer update vendor/package vendor/package2

你还可以使用通配符进行批量更新：

代码如下:

composer update vendor/*

The above is the detailed content of Introduction to the role of composer.lock file. For more information, please follow other related articles on the PHP Chinese website!