Committing composer.lock for Dependency Analysis¶
This documentation refers to Scrutinizer's legacy PHP analysis. If you are still using this, consider
migrating to our new PHP analysis engine.
PHP Analyzer uses the composer.lock
file of your project to determine what dependencies your project
has, and which classes and types they define. This information is cached in a persistent store for subsequent runs.
Troubleshooting non-installable Dependencies¶
If your composer.lock
is not part of your repository, PHP Analyzer will install your vendors in order to generate
it. In some cases, like for example if you require a specific extension or a certain PHP which is not available in the
environment where PHP Analyzer runs, the install command can fail.
Unfortunately, the only options in such a case are:
- to commit the
composer.lock
file to your repository (see below for benefits) - or to disable PHP Analyzer
Benefits of Committing the composer.lock
file¶
Committing the composer.lock
file is generally a good practice for projects and can also be used for libraries
for several reasons:
- Your project is kept in a known good state
- All developers operate on the same code-base
- Tests do not suddenly fail because of changes in one of its dependencies.
Tip: Committing the
composer.lock
does not tie any user of your library to a specific version.