composer.lock：它是如何工作的？ [英] composer.lock: how does it work?

问题描述

我想了解这一部分： http://getcomposer.org/doc/02- libraries.md＃lock-file

此锁文件不会对依赖它的其他项目产生任何影响。它只对主项目

有效果。这意味着如果项目P依赖于库A，图书馆B v1.3，项目P不关心图书馆B的版本，并可能会安装B 1.4，那么呢？

解决方案

Composer依赖项定义在 composer .json 。当第一次运行composer install或运行composer update时，将创建一个名为 composer.lock 的锁文件。 p>

引用的文档只涉及锁定文件。如果您的项目P依赖于库A，A依赖于B v1.3。***，那么如果A包含锁文件说有人运行composer更新导致B v1.3.2正在安装，然后安装A在您的项目P可能仍然安装1.3.3，因为 composer.json 不是 .lock ！）定义了依赖于1.3。*。

锁定文件始终包含完全版本号，并且有助于将您测试的版本与同事或发布应用程序时通信。对于库， composer.json 中的依赖关系信息就是重要的。

I'm trying to understand this part: http://getcomposer.org/doc/02-libraries.md#lock-file

this lock file will not have any effect on other projects that depend on it. It only has an effect on the main project"

Does that mean that if project P depends on library A, and library A depends on library B v1.3, project P won't care about the version of library B, and will possibly install B 1.4 instead? What's the point then?

Or does it mean the opposite, as one would expect from a dependency manager?

解决方案

Composer dependencies are defined in composer.json. When running composer install for the first time, or when running composer update a lock file called composer.lock will be created.

The quoted documentation refers to the lock file only. If your project P depends on library A and A depends on B v1.3.***, then if A contains a lock file saying someone ran "composer update" resulting in B v1.3.2 being installed, then installing A in your project P might still install 1.3.3, as the composer.json (not .lock!) defined the dependency to be on 1.3.*.

Lock files always contain exact version numbers, and are useful to communicate the version you tested with to colleagues or when publishing an application. For libraries the dependency information in composer.json is all that matters.

这篇关于composer.lock：它是如何工作的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！