Why merge packages and packages-dev?

[dwenzel]

Why are packages from packages and packages-dev section of composer.lock being merged?

This prevents from reflecting the actual status of installed packages when the composer install command was called with --no-dev parameter.

I'd suggest to implement a method which respects the stability of packages or reflects the actual installation state by adding a flag.

(Unfortunatly the PackageVersions\Installer class is final and the method in question (getVersions()) private.

[Ocramius]

Versions::getVersion() is designed to list installed dependencies, but just tell you the version of a well-known package you want to inspect.

Examples:

• render the version of a CLI application
• hash the current version into generated code
• slam cache identifiers based on deployed application version

All of these work fine with a known package name.

The require-dev is map merged in by design, as "whether a package is installed or not" is not what this API is designed for.