Re-write composer.lock without performing upgrade/install - composer-php

I am curious if there is a way to have composer regenerate a new composer.lock without it actually going though the upgrade/install process? I just want to change the version in the lockfile for git without actually installing a local copy of the dependencies.

Related

Updating mirrors in composer.lock?

Is there a way to update the .lock file regarding mirrors, without updating versions?
I've started using toran, but it appears composer install is still using github for installing.
composer update updated some libraries, but many of the ones I'm using have not had a version change, and their entry in the .lock appears to be unchanged by the addition of a mirror.
To force Composer into reevaluating all of its install history for a project you should delete vendor/composer/installed.json, which is the internal cache file for what is installed and how. If you remove it and then composer install it will re-evaluate and reprocess the entire installation according to the settings in composer.json and the state in composer.lock.

Manually install Parse PHP SDK without Composer

I've got a client on a shared hosting environment (which I can't change) and I'm needing to install the Parse PHP SDK, but the host won't allow me to install the Composer package manager. Does anyone else know of a manual install method?
If you have wget/unzip available, just download latest release zip (bellow the release, this file).
Use unzip to unpack package and load it with PSR-4 autoloading (the composer's approach).
Composer isn't meant to be an installer, so you are not expected to run Composer on the production machine. What would happen if during your update process Github would be down? No new website version! And maybe also no old version.
Run Composer somewhere else, and then upload the result to the server, after you verified that everything went well.

Composer keeps trying to load repo from old path

I have several private repos stored on Github and made available on Packagist.
Due to some stability issue, these packages were later moved into private Bitbucket and added to our private Satis. (removed from Packagist)
The issue is that when we try to run 'composer update' on our machine it still tries to pull from Github paths.
I have tried everything including:
Deleted everything in the current folder to pull again
Clear cache with the new clear-cache command and also with rm -rf
Nothing worked.
Is this considered a bug? What do I have to do to make sure composer never tries to use the old repo path?
(I posted this on Composer issues as well but haven't got any solution there yet)

reload all packages using composer

Is it possible to reload all the packages installed using composer? I'm not sure if I made an accidental change to the source of on of the packages, and my app stopped working so I want to rule this out by reloading all the packages.
You can generally just wipe the vendor/ directory and then run composer install to get everything back from your last known state (stored in composer.lock). Some plugins/custom installers in some frameworks however drop packages outside the vendor dir, but as far as I know with Laravel you should be ok doing this.
I think php artisan dump-autoload should help.

Composer Best Practise?

I work in a team with ~15 developers and we've been asking ourselves: What is the best practise to work with composer?
Our composer.json has ~5 Packages. We use Bamboo as a Continous Integration system and Subversion.
Today, we run composer self-update / composer update and commit the vendor folder into the repository.
It feels kind of wrong to do that. What is the best practise?
You put the requirements (dev and normal) in the composer.json file
You run composer update to update all dependencies
This command creates a composer.lock file, which contains which versions of the dependencies is used.
Commit that file and exclude (ignore) the vendor/ directory
Whenever you want to install the dependencies, you run composer install. This will install all dependencies with the versions stored in the composer.lock file. This means that everyone have the same versions.
Once in a week, someone run composer update to update all dependencies and create a new composer.lock file with the updated versions.
This file gets committed
Everyone runs composer install (once a day or once in 2 days) and gets the new versions installed.

Resources