1

When installing a composer package (eg. composer require foo/bar), how to save exact package version (eg. 1.0.0) in composer.json by default instead of a version range (^1.0)?

Eg. NPM has this functionality when using the --save-exact flag, eg. npm i --save-exact react, and it can also be set in config so it's the default. Does composer have a similar flag or config setting?

I do not want to manually specify package version on the CLI.

Improve this question

1 Answer 1

Reset to default
4

There is no such option in the require command. (docs).

If you do not specify a version, composer will choose a version for you, according to your stability setting and version availability.

Maybe (I don't know) the JS/node world is much more unstable, but in the PHP/packagist ecosystem using a version range like ^1.2 is generally safe enough.

The exact versions installed are listed in composer.lock, so the installation is reproducible anyway.

But you can always edit your composer.json manually after the fact to make the version constraints exact, and not a range.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Also, if you know the version in advance (e.g., you checked in Packagist site) you can always supply it in the command: composer require foo/bar:1.0.0. I sometimes do that when updating packages following the information from composer outdated.
@Álvaro, I didn't mention that because the OP already says: "I do not want to specify [the] package version on the CLI", which made the note a bit redundant. (Although it's implied in the "if you do not specify a version" line).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.