No lock file found. Updating dependencies instead of installing from lock file - composer-php

when I initialize a new project with composer I have this error in the terminal:
No lock file found. Updating dependencies instead of installing from
lock file. Use composer update over composer install if you do not
have a lock file.
Can someone explain to me?

composer update and composer install are similar in that they both download your dependencies, but are different in an important way.
The update command will retrieve the latest versions of all of your dependencies that meet your version constraints in your composer.json file. Next, it has to discover the exact versions to install of your dependencies, your dependencies’ dependencies, their dependencies, and so on all the way to the bottom. If it can’t find a set of versions that satisfy all constraints, the command exits with an error explaining what it can’t resolve and why. If all dependencies can be resolved, they will be downloaded into the vendor directory. Finally, a composer.lock file will be generated that has the exact versions and commits that were installed.
If a lock file is present and you run composer install, composer doesn’t have to do the dependency resolution because they’ve already been resolved. It downloads the exact version of each package from the lock file.
The message you received is telling you that your dependencies haven’t been resolved yet (by the update command), but running install will act like an update if there is no composer.lock file.

Related

composer require conflict with symfony/yaml [duplicate]

I did a lot of research on the web, but did not find a documentation of the composer error log. In the discussions I found, nobody had an explanation that was consistent with the error log. For example:
[Support] Need explanation for "Conclusion: don't install ..."
Why composer says "Conclusion: don't install" when (seemingly) no obstacles are present?
I know, what composer does and can resolve issues on my own, but I often have to consult packagist.org for this. Despite being quite (and unnecessarily) verbose, the composer log only gives me some hints. It does not really point out the concrete problems.
Does anyone know of a complete documentation or how to explain the reasoning behind the logs, maybe taking the above ones as an example?
Documentation of Composer can be found at getcomposer.org/doc, especially Troubleshooting section. Usually the dependency problems comes from misconfiguration of your composer.json and understanding Composer logs comes with experience or learning on trial and error. Documenting every possible errors out of hundreds can become quickly outdated. If you believe some specific error isn't clear enough, you can always raise a new suggestion at the Composer's GitHub page.
As suggested in linked GitHub issue, "Conclusion: don't install" message it could be related to requirements defined in minimum-stability. Another linked question could be related to Composer's bug as reported at GH-7215.
Errors
Here is a small guide explaining the common Composer's errors:
Can only install one of: org/package[x.y.z, X.Y.Z].
If you see this messages, that could be the main cause of the dependency issue. It basically means that based on the Composer's dependency calculation both of these versions are required, but only one major version can be installed (you cannot have both x.y.z and X.Y.Z, unless you split your configuration for different folders). To see why these packages are required, use the composer why/depends command and adjust the dependencies accordingly.
See: How to resolve a "Can only install one of:" conflict? & How to solve two packages requirements conflicts when running composer install?
Installation request for org/package2 (locked at vX.Y.Z)
This message means that there was an installation request for org/package, however, it is locked at X.Y.Z. If the requested version is not compatible with the locked version (like a different major version), you cannot install both. This message often comes along with already mentioned "Can only install one" one. So, whenever you see "locked at", that means Composer reads your installed package version from the composer.lock file. To troubleshoot, you can use composer why/depends command to find why the package was requested and adjust the compatibility, otherwise, you may try to remove composer.lock file and start from scratch (ideally from the empty folder).
See: Installation failed for laravel/lumen-installer: guzzlehttp/guzzle locked at 6.3.0
org/package1 vx.y.z conflicts with org/package2[vX.Y.Z].
It is a similar issue as above where two packages are conflicting and you need to solve the dependency manually. Reading the whole context of the message may give you some more clues. Checking the dependency tree may also help (composer show -t).
conflict with your requirements or minimum-stability
This message means as it reads, so you should check the required version and/or your minimum-stability settings.
This can be caused by a package being marked as non-stable and your requirements being "stable only. See: But these conflict with your requirements or minimum-stability
Or because of conflicts with other installed packages. See: How to identify what is preventing Composer from installing latest version of a package?.
For any other errors, check out the official Composer's Troubleshooting page.
Troubleshooting
Here are more suggestions how to troubleshoot the Composer dependency issues in general:
Add -v/-vv/-vvv parameter to your command for more verbose output.
Run composer diagnose to check for common errors to help debugging problems.
If you seeing "locked at x.y.z" messages, it relates to packages locked in your composer.lock.
Test your composer.json on the empty folder.
Keep your composer.json to minimum.
Run composer show -t to see your current dependency tree.
Run composer show -a org/package x.y.z to check the details about the package.
Feel free to ask a new question at Stack Overflow.
To fully debug Composer's dependency problem, you can:
Analyse or modify the source code (e.g. DependencyResolver/Problem.php).
Run Composer under XDebug, either by the breakpoint or generating a full or partial trace file.
Useful threads explaining common errors:
How to resolve a "Can only install one of:" conflict?
composer.json fails to resolve installable set of package
Discover latest versions of Composer packages when dependencies are locked
When trying to install php-jwt facing trouble with auth0
Reference - Composer error "Your PHP version does not satisfy requirements" after upgrading PHP
How to identify what is preventing Composer from installing latest version of a package?
Error:
somevendor/somepackage[v1.0.0, ..., v1.9.1] require composer-plugin-api ~[X.X]
This means that that somevendor/somepacakge requires that a specific version range of Composer to be installed.
Run composer -v and compare it to the version constraint in the error message (shown as ~X.X in the example above, but that could be something like ^1.0, or ^2.2, etc).
If your version does not match the constraint, see if you can either:
upgrade or downgrade your composer version to match the composer constraint in the error message
upgrade somevendor/somepackage so that it can work with your Composer version.

Remove a package using composer (without updating other packages)

I've currently installed a package "watson/sitemap". Now, I want to remove it without using "composer update" since it will update other packages which I don't want.
Any help would be much appreciated.
UPDATE: Composer 2 is now out, and it seems to be smart enough to handle the recursion. You need only remove the offending package.
I recently needed to do this. Here's a real-world example. This is pretty hacky. You could script this by using Composer's PHP classes or by parsing the composer.lock file, but this is a manual process you can follow.
1. Remove the unwanted package(s)
composer remove --no-update illuminate/mail
composer update illuminate/mail
2. Look for orphaned dependencies
composer show -N | xargs -n 1 composer why | grep "There is no installed package"
Output (something like this):
There is no installed package depending on "erusev/parsedown"
There is no installed package depending on "swiftmailer/swiftmailer"
There is no installed package depending on "tijsverkoyen/css-to-inline-styles"
3. Remove orphaned dependencies
composer update erusev/parsedown swiftmailer/swiftmailer tijsverkoyen/css-to-inline-styles
4. Rinse, repeat
Repeat steps 2 and 3 until you've found all the orphans.
Clarification: If you use the --no-update flag, you won't upgrade packages... however (as of writing, early 2020) it also does not remove orphaned dependencies. You're not telling it not to "upgrade". You're telling it not to update any of the installed (composer.lock) dependencies. Big difference. This is why you have to find them and manually "update" them out of your project.
Right way:
composer remove watson/sitemap --no-update
From CLI Docs:
The remove command removes packages from the composer.json file from
the current directory.
php composer.phar remove vendor/package vendor/package2
After removing the requirements, the modified requirements will be
uninstalled.
Hack way:
Remove the entry from composer.json then run
composer update watson/sitemap
This will remove a package totally from composer.lock and /vendor
I'm not sure this is possible. To restate your question. You have watson/sitemap in your composer.json, you've executed a composer update to download the package and it's dependencies. Now you want to remove the package but leave dependent packages in place?
I'm not sure there's a good way to do this, you'll have to run composer update at some point, which will just download it again. If my interpretation is correct, maybe your solution is to just add the other packages that you need that you don't want removed when you get rid of watson/sitemap, possibly sloppy/paste it's dependencies into your composer.json file?
I use
composer remove package-name --no-update-with-dependencies
Works imho

fuelphp No composer autoloader found

I got error message when install fuelphp
No composer autoloader found. Please run composer to install the FuelPHP framework dependencies first!
Also i my composer is updated.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Generating autoload files
I am using PHP7 with a Vagrant environment.
Any idea about this error ?
It is not able to find installation of fuelphp. Most common issue is that index.php("public" or "public_html" folder) does not have the fuelphp's app, core and packages path set properly.
change DIR.'../ to DIR.'/../../(goes back one folder level)
There should be three of them.

Installing only new packages from composer.json

I'm trying to make composer update only newly added packages to composer.json i.e when I manually add a package dependency to the composer.json file, it should update the composer.lock file only for the new package; the rest of the packages should be at the same version as before. I tried running composer update --lock but I don't think it does what I'm trying to achieve and it took a lot of time to finish. I checked the commands on composer's documentation but can't find one to achieve my wish. Any advice or workaround will be appreciated.
Note: I'm using Laravel Forge, so there is a 2 minutes deployment limit.
In order to install only new packages with composer you should run
composer install
Because composer update will install your new packages but will update and all the other already installed packages.
You can specify the name of the package as an argument to the update command. This will perform a partial update: composer update the-package/you-want-to-update
I think your question is related to your (guessed) current workflow: To add a new package you edit the composer.json file and then run composer update - wishing to only add/update that new file.
If that is true, here is the solution:
composer require new/package will add the newest possible version (taking into account the currently installed packages) of the new package. Benefits: Only one command line, and no fiddling with JSON content.
If you already know which version you want, you could also run composer require new/package:^2.1.25#beta (or whatever version and stability level you want - this example is exaggerating a bit). If this version is incompatible with existing packages, nothing will get installed, everything will get rolled back, and you get an error message.

Composer - restore deleted file?

I use composer to manage packages. But I delete one of files from package (I use composer status -v to check this).
Is it possible to restore changed/deleted files to it base (installed) state via composer (composer install doing nothing in my case) ?
Thanks.
ps. It's look like there no way to restore separate file from repo, after his been changed/deleted. Of course, it's possible to delete entire vendor dir, and reinstall some package totally.
I edit dependant package source code all the time and run into the issue of my local being out of sync with the remove source.
When things get really sideways and nothing works: delete the package providers dir inside the ./vendor (exp: ./vendor/author-name). Then composer will see the package is missing when running composer install. It will re-download the version specified in composer.lock.
If you want the latest version of all the packages when re-installing; composer update is what you want.
I also recommend using -o -vvv to generate the AuoLoader file and provide verbose output.

Resources