[FIXED] What does the "minimumum-stability" key do when present in a package's composer.json?

Issue

I frequently come across a composer.json for a specific package that has a minimum-stability key included. An example is reproduced below:

{
  "name": "drupal/modulename",
  "type": "drupal-module",
  "description": "Example.",
  "license": "GPL-2.0-or-later",
  "minimum-stability": "dev",
}

I understand what this key does when it is present in the site's root composer.json (i.e. it will then disallow installation of packages with a lower stability than stipulated).

But what does "minimum-stability": "dev" do when it is present in a in a package's composer.json?

In the above example, there are no requirements. Will it do anything if there are other packages required?

I am only familiar with the Drupal ecosystem, where I've seen this a lot. I don't think this is significant, since using composer to manage dependencies is used a lot by other PHP frameworks as well.

Solution

It does nothing when present in a non-root composer.json.

The docs say:

minimum-stability (root-only)

For packages, it would only have any effect if you were installing the package as as the root project (e.g. by using git clone and then composer install, as opposed to installing it on an existing project with composer require).

Answered By - yivi