If you’re familiar with composer then, you will always find composer.lock in the root source of your project. This file contains the list of installed dependencies of your project.
composer.lock ensures everyone working on your project is running with the same dependencies versions. Now, we get the idea of why commit the composer.lock file to git.
It may confuse you that we are already using a specific version in composer.json. Yes, we do, but the dependencies also require other dependencies that are not bound by these constraints.
composer.lock also contains the hash of the composer.json.
💥 To get the same set of dependencies, we need to commit composer.lock.
🍺 Happy Coding!