PHPackages mxr576/ddqg - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. mxr576/ddqg ActiveProject[Testing & Quality](/categories/testing) mxr576/ddqg =========== Drupal Dependency Quality Gate - aims to helps with running Drupal projects on secure and high quality Drupal dependencies 25.6k↓37.1%[6 issues](https://github.com/mxr576/ddqg/issues)1PHPCI passing Since Nov 19Pushed 1mo ago1 watchersCompare [ Source](https://github.com/mxr576/ddqg)[ Packagist](https://packagist.org/packages/mxr576/ddqg)[ RSS](/packages/mxr576-ddqg/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (7)Used By (1) Drupal Dependency Quality Gate (DDQG) ------------------------------------- [](#drupal-dependency-quality-gate-ddqg) This project aims to help run Drupal projects on secure and high-quality Drupal dependencies. **CHECK OUT** the [mxr576/ddqg-composer-audit](https://packagist.org/packages/mxr576/ddqg-composer-audit) package that extends `composer audit` command with advisories originating from the `^dev-no-[a-zA-Z]+-versions$` releases. Releases -------- [](#releases) Releases of this package that matches the `^dev-no-[a-zA-Z]+-versions$` regex ensure that your project doesn't have installed dependencies with known quality problems. [![Family Guy, Consuela says: No, no, no low quality dependencies](https://camo.githubusercontent.com/48b0ba3611e183eb309e75d41a7748a90c4be87b34c1522515d2ede75eae29eb/68747470733a2f2f692e696d67666c69702e636f6d2f37696a7270782e6a7067)](https://camo.githubusercontent.com/48b0ba3611e183eb309e75d41a7748a90c4be87b34c1522515d2ede75eae29eb/68747470733a2f2f692e696d67666c69702e636f6d2f37696a7270782e6a7067) ``` $ composer require --dev mxr576/ddqg:[dev-no-insecure-versions|dev-no-unsupported-versions|dev-non-d10-compatible-versions] ``` - `dev-no-insecure-versions`: Project releases (versions) affected by public security advisories (PSAs), only in currently *supported branches* of a project. - `dev-no-deprecated-versions`: - Projects flagged with [Obsolete](https://www.drupal.org/node/1066982) development status by maintainers - `dev-no-unsupported-versions`: This was inspired by [this thread](https://github.com/drupal-composer/drupal-security-advisories/issues/29)and it is a list of: - Projects flagged with [Unsupported](https://www.drupal.org/node/1066982) maintenance status by maintainers - Project releases (versions) from [unsupported branches](https://www.drupal.org/node/2212549) - Project releases that are not [covered by the Drupal Security Team](https://www.drupal.org/node/475848) - `dev-non-d10-compatible-versions` and `dev-non-d11-compatible-versions`: For Drupal 9/10 projects respectively, prevents installation of package versions that are not Drupal 10/11 compatible. It can make the Drupal 10/11 upgrade more painless. - **Warning**: This is only ~99% accurate because core compatibility information sometimes cannot be identified from the information available on [Update Status API](https://www.drupal.org/drupalorg/docs/apis/update-status-xml). compatible. See Github Actions logs for skipped projects/versions. - \[PLANNED\] An opinionated list of projects that should be avoided **Should you depend on both `dev-no-insecure-versions` and `dev-no-unsupported-versions` and at the same time?** YES, you should. The `dev-no-insecure-versions` only contains version ranges affected by a PSA if they are in a supported branch by maintainers. When a branch becomes unsupported, related version ranges disappear from this list. The reasoning behind this implementation is that if a branch is not supported by maintainers (neither covered Drupal Security Team) then your biggest problem is not depending on a version that has known PSA (which may or may not be leveraged on your project) but the fact that your project depends on an unsupported version. TODOs ----- [](#todos) - Ignore releases with Drupal 7 compatibility as there is no plan to support Drupal 7 ### Health Score 25 — LowBetter than 37% of packages Maintenance39 Infrequent updates — may be unmaintained Popularity26 Limited adoption so far Community9 Small or concentrated contributor base Maturity19 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/a39930748464d7f7a251984080a21ce132f6ae9b0d086b392eb22ee6aeba4278?d=identicon)[mxr576](/maintainers/mxr576) --- Top Contributors [![mxr576](https://avatars.githubusercontent.com/u/1755573?v=4)](https://github.com/mxr576 "mxr576 (59 commits)") ### Embed Badge ![Health badge](/badges/mxr576-ddqg/health.svg) ``` [![Health](https://phpackages.com/badges/mxr576-ddqg/health.svg)](https://phpackages.com/packages/mxr576-ddqg) ``` ### Alternatives [phpspec/prophecy Highly opinionated mocking framework for PHP 5.3+ 8.5k551.7M682](/packages/phpspec-prophecy)[brianium/paratest Parallel testing for PHP 2.5k118.8M754](/packages/brianium-paratest)[beberlei/assert Thin assertion library for input validation in business models. 2.4k96.9M570](/packages/beberlei-assert)[mikey179/vfsstream Virtual file system to mock the real file system in unit tests. 1.4k108.0M2.7k](/packages/mikey179-vfsstream)[orchestra/testbench Laravel Testing Helper for Packages Development 2.2k39.1M32.1k](/packages/orchestra-testbench)[phpspec/phpspec Specification-oriented BDD framework for PHP 7.1+ 1.9k36.7M3.1k](/packages/phpspec-phpspec) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)