--TEST-- The locked version will not get overwritten by an install but fails on invalid packages --COMPOSER-- { "repositories": [ { "type": "package", "package": [ { "name": "foo/bar", "version": "1.0.0" }, { "name": "foo/baz", "version": "1.0.0" }, { "name": "foo/baz", "version": "2.0.0" } ] } ], "require": { "foo/bar": "2.0.0", "foo/baz": "2.0.0" } } --LOCK-- { "packages": [ { "name": "foo/bar", "version": "1.0.0" }, { "name": "foo/baz", "version": "2.0.0" } ], "packages-dev": [], "aliases": [], "minimum-stability": "stable", "stability-flags": [], "prefer-stable": false, "prefer-lowest": false } --INSTALLED-- [ { "name": "foo/bar", "version": "1.0.0" }, { "name": "foo/baz", "version": "1.0.0" } ] --RUN-- install --EXPECT-OUTPUT-- Installing dependencies from lock file (including require-dev) Verifying lock file contents can be installed on current platform. - Required package "foo/bar" is in the lock file as "1.0.0" but that does not satisfy your constraint "2.0.0". This usually happens when composer files are incorrectly merged or the composer.json file is manually edited. Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require --EXPECT-EXIT-CODE-- 4 --EXPECT--