PHPackages                             alsvanzelf/debby - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Mail & Notifications](/categories/mail)
4. /
5. alsvanzelf/debby

AbandonedArchivedLibrary[Mail & Notifications](/categories/mail)

alsvanzelf/debby
================

Debby checks your project dependencies and tells you when to update.

v0.10.1(9y ago)1661[11 issues](https://github.com/lode/debby/issues)MITPHPPHP >=5.5

Since Mar 11Pushed 5y agoCompare

[ Source](https://github.com/lode/debby)[ Packagist](https://packagist.org/packages/alsvanzelf/debby)[ Docs](https://github.com/lode/debby)[ RSS](/packages/alsvanzelf-debby/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (10)DependenciesVersions (16)Used By (0)

⚠️ ARCHIVED
===========

[](#️-archived)

This package is not maintained anymore. As an alternative you can use dependabot and github webhooks to get notifications.

---

Debby - stay on top of your dependencies
========================================

[](#debby---stay-on-top-of-your-dependencies)

Debby checks your Composer & npm dependencies and tells you when to update.

- always run the latest versions ![:shipit:](https://github.githubassets.com/images/icons/emoji/shipit.png ":shipit:")
- choose whether you find an update interesting
- be able to fix security issues promptly

In the end, you'll be more comfortable upgrading because updates can be often and small.

Super fast setup 🚀
------------------

[](#super-fast-setup-rocket)

```
composer require alsvanzelf/debby
crontab -l | { cat; echo "0 8 * * * php /www/vendor/alsvanzelf/debby/notify.php repo token"; } | crontab -
```

Replace `repo` with the path of your repository on GitHub (`organization/project`) and `token` with a [personal access token](https://github.com/settings/tokens). This runs Debby every day at 8 o'clock and create issues whenever updates are found.

Setup in a normal pace, with a bit more explanation
---------------------------------------------------

[](#setup-in-a-normal-pace-with-a-bit-more-explanation)

1. [Install Debby](/README.md#1-installation) via Composer
2. [Configure notifications](/README.md#2-configure-notifications) to GitHub, Trello, Slack, email
3. [Setup a cronjob](/README.md#3-fire-up) (there's other ways as well, see below)

Also check out [the questions Debby gets asked frequently](/README.md#faq). Or checkout 📘 [the documentation](https://github.com/lode/debby/wiki).

#### 1. Installation

[](#1-installation)

[Use Composer](http://getcomposer.org/) to install Debby herself. Use require to get the latest stable version:

```
composer require alsvanzelf/debby

```

#### 2. Configure notifications

[](#2-configure-notifications)

Debby can talk to [![GitHub issues](/channels/github.png)](/channels/github.png) GitHub issues, [![Trello](/channels/trello.png)](/channels/trello.png) Trello, [![Slack](/channels/slack.png)](/channels/slack.png) Slack, and [![Email](/channels/email.png)](/channels/email.png) email.

Pick the channel(s) that you want notifications on, make a `debby.json` configuration file with the access details for these channels, and place it in the root of your project.

I.e. for notifying to GitHub issues, use:

```
{
	"notify_github": {
		"repository": "example/project",
		"token": "personal access token"
	}
}
```

See the 📘 [wiki](https://github.com/lode/debby/wiki/Pick-your-channels) on the specific configuration.

#### 3. Fire up

[](#3-fire-up)

Setup a cronjob to run the built-in notify script passing it your configuration file.

Run `crontab -e` and add:

```
0 8 * * * php /var/www/vendor/alsvanzelf/debby/notify.php /var/www/debby.json
```

👍

Sit back and relax. Take a ☕ or 🍵 or 🍺

FAQ
---

[](#faq)

#### Can I run it without a cronjob?

[](#can-i-run-it-without-a-cronjob)

You can call Debby from php and do what every you want.

```
$options = [
	'notify_github' => [
		'repository' => 'example/project',
		'token'      => 'personal access token',
	],
];
$debby = new debby\debby($options);

$packages = $debby->check();
$debby->notify($packages);
```

See [example/custom.php](/example/custom.php) for a complete example.

#### I don't want to run Debby in production

[](#i-dont-want-to-run-debby-in-production)

You don't trust her? She's open source you know. Anyway, Debby runs just fine in a testing environment. No hard feelings. ❤️ Just take into account that Debby will run just as fine while bisecting on old commits and notify you for updates since then. Also be-aware that Debby caches earlier notified packages, which might cause trouble when switching branches backwards.

#### Debby can not determine manage paths?

[](#debby-can-not-determine-manage-paths)

*or*

#### Can I have composer.json outside the project root?

[](#can-i-have-composerjson-outside-the-project-root)

*or*

#### I don't want to check \[Composer|npm|...\]

[](#i-dont-want-to-check-composernpm)

By default, Debby checks all package managers it can find. In some situations this doesn't work. I.e.:

- Debby is not installed via Composer herself.
- The package manager json files are at custom locations.
- You have a package manager which you *don't* want to have checked.
- You use files which look like they are from package managers (i.e. a package.json when you don't use npm).

Then you'll need to adjust configuration to specify which managers you want to check, and where to find them.

I.e. for checking Composer, add the following to your `debby.json`:

```
"check_composer": {
	"path": "/path/to/composerjson/"
}
```

See the 📘 [wiki](https://github.com/lode/debby/wiki/Point-at-your-managers) on the specific configuration.

#### Why does Debby tell me to update above the composer constraint?

[](#why-does-debby-tell-me-to-update-above-the-composer-constraint)

Debby will tell you about an update i.e. `2.0` when you require `^1.5`. If you would run `composer update` yourself, that update won't show up. However, new releases might contain security updates also affecting your older version. For now, Debby defaults to telling you all these updates. You're welcome to help making Debby smarter in this, i.e. checking for security updates.

Contribute
----------

[](#contribute)

Pull Requests or issues are welcome!

License
-------

[](#license)

[MIT](/LICENSE)

👧
=

[](#girl)

By the way, Debby will tell when she needs an update herself. You don't need to do anything. ✨

###  Health Score

21

—

LowBetter than 18% of packages

Maintenance0

Infrequent updates — may be unmaintained

Popularity11

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~14 days

Recently: every ~46 days

Total

15

Last Release

3559d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/bfe07388f3ca4b0ac7725bc717893340bd7f168e44dd7ae64ee3d58874e16fde?d=identicon)[lode](/maintainers/lode)

---

Top Contributors

[![lode](https://avatars.githubusercontent.com/u/511245?v=4)](https://github.com/lode "lode (73 commits)")

---

Tags

composerdependency-analysisnotificationsnpmupdatecomposerdependency

### Embed Badge

![Health badge](/badges/alsvanzelf-debby/health.svg)

```
[![Health](https://phpackages.com/badges/alsvanzelf-debby/health.svg)](https://phpackages.com/packages/alsvanzelf-debby)
```

###  Alternatives

[maglnet/composer-require-checker

CLI tool to analyze composer dependencies and verify that no unknown symbols are used in the sources of a package

1.0k11.8M796](/packages/maglnet-composer-require-checker)[bamarni/composer-bin-plugin

No conflicts for your bin dependencies

52923.6M1.0k](/packages/bamarni-composer-bin-plugin)[typisttech/imposter-plugin

Composer plugin that wraps all composer vendor packages inside your own namespace. Intended for WordPress plugins.

155258.5k2](/packages/typisttech-imposter-plugin)[typisttech/imposter

Wrapping all composer vendor packages inside your own namespace. Intended for WordPress plugins.

110294.9k1](/packages/typisttech-imposter)[joshdifabio/composed

Easily parse your project's Composer configuration, and those of its dependencies, at runtime.

53275.0k7](/packages/joshdifabio-composed)[cybercog/laravel-paket

Composer personal web interface. Manage Laravel dependencies without switching to command line!

1763.3k](/packages/cybercog-laravel-paket)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)