stelgenhof
commented
5 years ago For projects/applications the composer.lock file definitely should be committed to version control. However for libraries (such as this one), it is slightly different.
Since Yasumi doesn't have any package dependencies (except for the development ones), it is not needed to have the lock file committed. In addition, the required development packages have a fixed minor version (i.e. 1.7) which only would cause different issues on a patch level.
See also a discussion about this topic here: https://stackoverflow.com/a/24247443/6212210
Cheers! Sacha
mogi86
Currently composer.lock is not committed to git. In that case, there is a possibility that the package version will be different depending on the user's environment. Therefore, it is better for composer.lock to be committed to git.