If you’re familiar with composer then, you will always find composer.lock in the root source of your project. This file contains the list of installed dependencies of your project.

File path for composer.lock

composer.lock ensures everyone working on your project is running with the same dependencies versions. Now, we get the idea of why commit the composer.lock file to git.

It may confuse you that we are already using a specific version in composer.json. Yes, we do, but the dependencies also require other dependencies that are not bound by these constraints.

Image for composer.lock file

composer.lock also contains the hash of the composer.json.

💥 To get the same set of dependencies, we need to commit composer.lock.

🍺 Happy Coding!