composerlock

composerlock, more commonly written as composer.lock, is a lock file used by Composer, the dependency manager for PHP. It records the exact versions of all packages installed for a project, including transitive dependencies, at the time of dependency resolution. Its main purpose is to ensure that future installs reproduce the same dependency graph across different environments, avoiding version drift.

The file is in JSON format and typically contains sections such as packages and packages-dev. Each listed

Generation and usage: If a project has a composer.json describing dependencies, running composer install will install

Relation to composer.json and vendor: composer.json declares version constraints for dependencies, while composer.lock records the resolved

Notes: Some references use the term composerlock as shorthand, but the official file name is composer.lock.