Difference between composer.json and composer.lock

- Andrés Cruz

En español

In Laravel and any PHP project that uses composer to manage packages, we have two types of files, composer.json and composer.lock and in this post we will see what the difference is between them.

In composer.json you specify which packages should be installed and with what versions, that is, the packages that make up the project are found. For example:

   "require": {
       "artesaos/seotools": "^1.3",
       "laravel/framework": "^11.0",

This file is generated by composer and is used by it to download and install the project dependencies in Laravel or another.

In the previous example, we are indicating the Laravel/framework and Artesaos/seotools packages that must be installed with version 1.3 or higher and 11 or higher respectively. If you wanted an exact version, you would remove the ^ character.

In this file you will also find other rules such as name, project description and minimum versions, such as:

"php": "^8.2",

The composer.json is useful for much more, but this is the fundamental thing.

While composer.lock records the specific versions you are installing and is what composer reads when you run composer update, this file is automatically generated when you run the previous command.

Update project

Usually, when you want to update the project, you can delete this file and run the composer.json command again, with this the .lock is regenerated with new versions

Original article:


Andrés Cruz

Desarrollo con Laravel, Django, Flask, CodeIgniter, HTML5, CSS3, MySQL, JavaScript, Vue, Android, iOS, Flutter

Andrés Cruz en Udemy

Acepto recibir anuncios de interes sobre este Blog.