How to test if composer.lock is up to date?

Question

During development (multiple people in the team) sometimes composer install returns:

Warning: The lock file is not up to date with the latest change

Answer 1

For composer < 1.3.0

Extending from @Domster, the solution in pure bash:

COMPOSER_IN_SYNC=$(expr "`cat composer.lock | grep '"hash":' | cut -d'"' -f4`" = "`md5sum composer.json | cut -d ' ' -f 1`")

$COMPOSER_IN_SYNC will be 0 or 1 respectively.

Answer 2

on newer versions (I suppose 1.3+) you can run the following:

$ composer validate --no-check-all --no-check-publish

Which might output something like this (with a catchable error exit code):

./composer.json is valid for simple usage with composer but has
strict errors that make it unable to be published as a package:
See https://getcomposer.org/doc/04-schema.md for details on the 
schema
The lock file is not up to date with the latest changes in composer.json, it is recommended that you run `composer update`.

Answer 3

You can run

composer install --dry-run

--dry-run Outputs the operations but will not execute anything (implicitly enables --verbose).

This won't change anything but will show the warning if not up to date. But it will still have to check the servers for new versions of your installed packages, so if you have many installed this might still take more than milli seconds. Anyway it's faster.

Answer 4

For composer < 1.3.0

Yes, there is a way to check for this very quickly.

The "out-of-date" check is based on a hash of the composer.json contents, stored in the composer.lock. There's no salt, and it's a straight-forward hash of the contents, so it's very, very easy to do.

<?php

$lock = json_decode(file_get_contents('composer.lock'))->hash;
$json = md5(file_get_contents('composer.json'));

if ($lock !== $json) {
    echo "Lock file out of date\n";
    exit(1);
}

echo "Lock file up to date\n";
exit(0);