but in the json have half of the packages that are spelled out in the Lock
For the missing packets is in the dependencies of those packages that are in composer.json
:)
Example:I have in composer.set json
"symfony/var-dumper": "4.0.*"
, he's dependencies specified
"symfony/polyfill-mbstring": "~1.0",
this package is specified on my .lock, but it makes no sense to monitor these dependencies manually is harmful, dangerous and not necessary, all that need to opacity — composer will tighten:)