PHPackages                             gentics/composer-plugin-license-check - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. gentics/composer-plugin-license-check

ActiveComposer-plugin[Security](/categories/security)

gentics/composer-plugin-license-check
=====================================

Plugin for Composer to restrict installation of packages to valid licenses via whitelist.

1.1.0(5y ago)220.8k↓62.4%1[2 issues](https://github.com/gentics/composer-plugin-license-check/issues)MITPHPPHP &gt;=7.4CI failing

Since May 28Pushed 5y ago13 watchersCompare

[ Source](https://github.com/gentics/composer-plugin-license-check)[ Packagist](https://packagist.org/packages/gentics/composer-plugin-license-check)[ RSS](/packages/gentics-composer-plugin-license-check/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (1)Dependencies (3)Versions (5)Used By (0)

metasyntactical / composer-plugin-license-check
===============================================

[](#metasyntactical--composer-plugin-license-check)

This composer plugin allows to define a white- and/or blacklist of licenses packages which will be installed in a project will be validated against. If a forbidden license is found in a package the installation of the particular package will be failed.

Additionally a new composer command `check-licenses` is provided to list all packages in the dependencies including their license and if it is allowed to use.

How to install
--------------

[](#how-to-install)

Installation procedure follows the general installation process of packages with composer.

Run `composer require metasyntactical/composer-plugin-license-check` to add the package to the `composer.json` and install the package.

How to use
----------

[](#how-to-use)

The composer plugin reacts on extra variables in the extra-section of the composer.json.

```
{
  "extra": {
    "metasyntactical/composer-plugin-license-check": {
      "whitelist": [],
      "blacklist": []
    }
  }
}
```

Just specify the allowed (whitelist) or forbidden (blacklist) licenses as array. Use the license identifiers allowed/used in the version-property of the composer.json to be compatible with the general usage.

**Important Note**: This plugin is licensed under MIT license. Even if you forbid to use MIT licensed packages in your project the plugin itself is the only package it would not complain about (otherwise further checking would not work obviously).

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance0

Infrequent updates — may be unmaintained

Popularity30

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity66

Established project with proven stability

 Bus Factor1

Top contributor holds 80% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~469 days

Total

4

Last Release

1916d ago

Major Versions

v0.3.0 → 1.1.02021-04-06

PHP version history (3 changes)v0.1.0PHP &gt;=7.1.0,&lt;7.2.0

v0.2.0PHP &gt;=7.1.0,&lt;7.3.0

1.1.0PHP &gt;=7.4

### Community

Maintainers

![](https://www.gravatar.com/avatar/d88b8821b2345b9b7f50b7a789dd386ff31b6dcd810ebe3bc30c27bcbfe75a72?d=identicon)[gentics](/maintainers/gentics)

---

Top Contributors

[![dkreuer](https://avatars.githubusercontent.com/u/461576?v=4)](https://github.com/dkreuer "dkreuer (8 commits)")[![dinamic](https://avatars.githubusercontent.com/u/11616?v=4)](https://github.com/dinamic "dinamic (1 commits)")[![netwarex](https://avatars.githubusercontent.com/u/6048614?v=4)](https://github.com/netwarex "netwarex (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/gentics-composer-plugin-license-check/health.svg)

```
[![Health](https://phpackages.com/badges/gentics-composer-plugin-license-check/health.svg)](https://phpackages.com/packages/gentics-composer-plugin-license-check)
```

###  Alternatives

[phpro/grumphp

A composer plugin that enables source code quality checks.

4.3k16.7M1.0k](/packages/phpro-grumphp)[symfony/runtime

Enables decoupling PHP applications from global state

74798.8M1.0k](/packages/symfony-runtime)[drupal/core-composer-scaffold

A flexible Composer project scaffold builder.

5445.2M565](/packages/drupal-core-composer-scaffold)[drupal/core-vendor-hardening

Hardens the vendor directory for when it's in the docroot.

174.9M48](/packages/drupal-core-vendor-hardening)[drupal/core-project-message

Adds a message after Composer installation.

2124.7M203](/packages/drupal-core-project-message)[drupal-composer/drupal-paranoia

Composer Plugin for improving the security of composer-based Drupal projects by moving all PHP files out of docroot.

662.2M3](/packages/drupal-composer-drupal-paranoia)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
