dongyoudi1342 2016-09-10 18:02
浏览 462


I want to create my own package manager, and currently reviewing existing solutions.

I'm playing with PHP's Composer now, and it was quite surprising that it has two files:

  • composer.json for project configuration, and non-pinned dependencies

  • composer.lock for exact pinned dependencies

I do understand why one needs to pin dependencies, .lock information by itself seems logical to me.

What I do not understand is why project metadata was split into two files.

Can anyone explain, why it was designed this way? Why deps could not be pinned right in the composer.json?

UPD. Turns out, Rust's Cargo has the same two file configuration in place, and has a nice explanation of the meaning of the .lock file:

  • 写回答



      相关推荐 更多相似问题


      • ¥15 ABAQUS简单的带传动系统运转不了
      • ¥15 关于git actions自动部署的问题
      • ¥25 小程序 view wx:for 循环太多时,如何在循环结束执行某个事件?
      • ¥15 曲率模态差matlab程序计算
      • ¥15 大概算是比较简单的坐标系旋转问题
      • ¥15 关于#python#的问题:安装完gym环境后
      • ¥15 关于稳像云台姿态控制中相机姿态误差表征
      • ¥15 求sm16306s驱动例程
      • ¥15 本地生活媒体平台口碑选品怎么获得权限
      • ¥15 R语言 回归树/袋装树/随机森林预测