During development (multiple people in the team) sometimes composer install
returns:
Warning: The lock file is not up to date with the latest change
For composer < 1.3.0
Extending from @Domster, the solution in pure bash:
COMPOSER_IN_SYNC=$(expr "`cat composer.lock | grep '"hash":' | cut -d'"' -f4`" = "`md5sum composer.json | cut -d ' ' -f 1`")
$COMPOSER_IN_SYNC
will be 0
or 1
respectively.
on newer versions (I suppose 1.3+) you can run the following:
$ composer validate --no-check-all --no-check-publish
Which might output something like this (with a catchable error exit code):
./composer.json is valid for simple usage with composer but has
strict errors that make it unable to be published as a package:
See https://getcomposer.org/doc/04-schema.md for details on the
schema
The lock file is not up to date with the latest changes in composer.json, it is recommended that you run `composer update`.
You can run
composer install --dry-run
--dry-run Outputs the operations but will not execute anything (implicitly enables --verbose).
This won't change anything but will show the warning if not up to date. But it will still have to check the servers for new versions of your installed packages, so if you have many installed this might still take more than milli seconds. Anyway it's faster.
For composer < 1.3.0
Yes, there is a way to check for this very quickly.
The "out-of-date" check is based on a hash of the composer.json
contents, stored in the composer.lock
. There's no salt, and it's a straight-forward hash of the contents, so it's very, very easy to do.
<?php
$lock = json_decode(file_get_contents('composer.lock'))->hash;
$json = md5(file_get_contents('composer.json'));
if ($lock !== $json) {
echo "Lock file out of date\n";
exit(1);
}
echo "Lock file up to date\n";
exit(0);