PHPackages                             narrowspark/automatic - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. narrowspark/automatic

AbandonedArchivedComposer-plugin[Security](/categories/security)

narrowspark/automatic
=====================

Composer plugin for automate the most common tasks of applications.

0.13.1(6y ago)124821[7 issues](https://github.com/narrowspark/automatic/issues)[26 PRs](https://github.com/narrowspark/automatic/pulls)MITPHPPHP ^7.2

Since May 7Pushed 3y ago1 watchersCompare

[ Source](https://github.com/narrowspark/automatic)[ Packagist](https://packagist.org/packages/narrowspark/automatic)[ Docs](http://github.com/narrowspark/automatic)[ RSS](/packages/narrowspark-automatic/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)Dependencies (10)Versions (65)Used By (0)

Narrowspark Automatic
=====================

[](#narrowspark-automatic)

 [![](https://camo.githubusercontent.com/618f3275c5f430ee1f70dc2e7b396bb5e82ca547a7693abfd95c04f40b34f67f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6e6172726f77737061726b2f6175746f6d617469632e7376673f7374796c653d666c61742d737175617265)](https://github.com/narrowspark/automatic/releases) [![](https://camo.githubusercontent.com/a4fe7000eff0deee11fb18648b92bea8bc241cb65e3842d640c073f5c459d4d4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253545372e332e302d3838393242462e7376673f7374796c653d666c61742d737175617265)](https://php.net/) [![](https://camo.githubusercontent.com/480e443bc4f5dddd81f5b7eaa8a97211efd6d2aa940017fc2d5db4dd28395f1f/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f6e6172726f77737061726b2f6175746f6d617469632f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://codecov.io/gh/narrowspark/automatic) [![](https://camo.githubusercontent.com/e43e27acff50e6ee0656e0a112d484ff55f844ff10e79b3d17641033ea51d18f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7374796c652d6c6576656c253230372d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265266c6162656c3d7068707374616e)](#) [![](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](http://opensource.org/licenses/MIT)

Narrowspark Automatic automates the most common tasks of applications, like installing and removing bundles or providers, copying files, boosting dependencies downloads, creating skeletons and other Composer dependencies based configurations.

How Does Narrowspark Automatic Work
-----------------------------------

[](#how-does-narrowspark-automatic-work)

Narrowspark Automatic is a Composer plugin that modifies the behavior of the `require`, `update`, `create project`, and `remove` commands. When installing or removing dependencies in an Automatic extended app, your Application can perform tasks before and after the execution of Composer tasks.

Consider the following example:

```
cd your-project
composer require viserio/console
```

If you execute this command in your Application that doesn’t support Narrowspark Automatic, this command will execute in the normal composer require behavior.

> **Note** The `automatic.json` and composer.json extra key `automatic` are used to configure Narrowspark Automatic with configurators, script executors, custom-configurators, and more.

When Narrowspark Automatic is installed in your Application, it will check if a `automatic.json` file or a composer.json extra key with `automatic` exists. In the above example, Automatic decided which automated tasks need to be run after the installation.

> **Note** Narrowspark Automatic keeps tracks of the configuration, in a `automatic.lock` file, which must be committed to your code repository.

Using Narrowspark Automatic in New Applications
-----------------------------------------------

[](#using-narrowspark-automatic-in-new-applications)

Include Narrowspark Automatic as a required dependency to your app with this command: `composer require narrospark/automatic`.

Using Narrowspark Automatic for Skeleton Application
----------------------------------------------------

[](#using-narrowspark-automatic-for-skeleton-application)

Narrowspark Automatic supports skeleton generation. For example this is your `composer.json` file:

```
{
    "type": "project",
    "license": "MIT",
    "require": {
        "php": "^7.2",
        "ext-mbstring": "*",
        "narrowspark/automatic": "^0.3.5",
        "narrowspark/skeleton-generators": "^0.1.0"
    },
    "extra": {
        "app-dir": "app",
        "config-dir": "config",
        "database-dir": "database",
        "public-dir": "public",
        "resources-dir": "resources",
        "routes-dir": "routes",
        "storage-dir": "storage",
        "tests-dir": "tests"
    },
    "autoload": {
        "psr-4": {
            "App\\": "app/"
        },
        "exclude-from-classmap": [
            "tests/"
        ]
    },
    "autoload-dev": {
        "psr-4": {
            "App\\Tests\\": "tests/"
        }
    },
    "minimum-stability": "dev",
    "prefer-stable": true
}
```

Automatic search all packages for the package type: `automatic-skeleton`. If packages are found with this type, all skeletons will be saved in the `automatic.lock` for the runtime.

This means you can execute the following command: `composer create-project your/project` to create an Automatic extended app, Automatic will ask which skeleton can be generated for your app.

Read the [skeleton documentation](docs/SKELETON.md) to learn everything about how to create skeletons for your own app.

Narrowspark Automatic tasks are defined in a `automatic.json` file or in the composer extra key `automatic` and can contain any number of other files and directories. For example, this is the `automatic.json` for `viserio/console`:

```
{
    "configurators": {
        "providers": {
            "Viserio\\Component\\Console\\Provider\\ConsoleServiceProvider": ["global"],
            "Viserio\\Component\\Console\\Provider\\LazilyCommandsServiceProvider": ["global"]
        },
        "proxies": {
            "Viserio\\Component\\Console\\Proxy\\Console": ["global"]
        }
    },
    "script-extenders": [
        "Viserio\\Component\\Console\\Automatic\\CerebroScriptExtender"
    ]
}
```

The `providers` and `proxies` option tells Narrowspark Automatic in which environments this `provider`, `proxy` can be turn on automatically (all in this case).

The `script-extenders` option adds a new script executor to the Narrowspark Automatic `auto-scripts`. Now you can run `viserio console` commands in the `auto-scripts` section of your `composer.json` app file.

The instructions defined in this `automatic.json` file are also used by Narrowspark Automatic when uninstalling dependencies (for example `composer remove viserio/console`) to undo all changes. This means that Automatic can remove the Console Provider and Proxy from the app and remove the script executor from Narrowspark Automatic.

Read the [configuration documentation](docs/CONFIGURATORS.md) to learn everything about how to create configuration for your own packages.

Automatic extends Composer
--------------------------

[](#automatic-extends-composer)

Narrowspark Automatic adds a parallel downloader with the feature to skip old dependencies tags for a download boost.

With the below example you can see how to add a skip tag to Narrowspark Automatic, with this it will skip all tags of `cakephp` that are older then `3.5`.

```
{
    "extra": {
        "automatic": {
            "require": {
                "cakephp/cakephp": ">=3.5"
            }
        }
    }
}
```

You can skip `auto discovery` for packages with this Narrowspark Automatic key `dont-discover` in your composer.json extra `automatic` section. Use the package name to skip the `auto discovery`, like in this example:

```
{
    "extra" : {
        "dont-discover": [
            "viserio/console"
        ]
    }
}
```

Auto discovery will now be skipped for `viserio/console`.

Automatic Security Audit
------------------------

[](#automatic-security-audit)

Narrowspark Automatic shows you on every `composer install` and `composer update` known security vulnerabilities for your installed dependencies based on [FriendsOfPHP/security-advisories](https://github.com/FriendsOfPHP/security-advisories) database.

If you like to change the default HTTP `timeout = 20` for the downloader, add `audit` to your composer.json `extra` section, like in this example:

```
{
    "extra" : {
        "audit": {
            "timeout": "30"
        }
    }
}
```

Testing
-------

[](#testing)

You need to run:

```
$ php vendor/bin/phpunit
```

Versioning
----------

[](#versioning)

This library follows semantic versioning, and additions to the code ruleset are performed in major releases.

Changelog
---------

[](#changelog)

Please have a look at [`CHANGELOG.md`](CHANGELOG.md).

Contributing
------------

[](#contributing)

Please have a look at [`CONTRIBUTING.md`](.github/CONTRIBUTING.md).

Code of Conduct
---------------

[](#code-of-conduct)

Please have a look at [`CODE_OF_CONDUCT.md`](.github/CODE_OF_CONDUCT.md).

Credits
-------

[](#credits)

- [Daniel Bannert](https://github.com/prisis)
- [All Contributors](https://github.com/narrowspark/automatic/graphs/contributors)
- Narrowspark Automatic has been inspired by [symfony/flex](https://github.com/symfony/flex)

License
-------

[](#license)

This package is licensed using the MIT License.

Please have a look at [`LICENSE.md`](LICENSE.md).

###  Health Score

28

—

LowBetter than 52% of packages

Maintenance8

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 92.7% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~19 days

Recently: every ~127 days

Total

38

Last Release

2251d ago

Major Versions

0.13.1 → 1.0.x-dev2020-05-01

PHP version history (3 changes)v0.1.0PHP ^7.2

0.9.0PHP ^7.1

1.0.x-devPHP ^7.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/6816093?v=4)[DANMEDOC33](/maintainers/dani33)[@dani33](https://github.com/dani33)

---

Top Contributors

[![prisis](https://avatars.githubusercontent.com/u/2716058?v=4)](https://github.com/prisis "prisis (229 commits)")[![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (18 commits)")

---

Tags

automaticcomposer-installercomposer-pluginconfiguratordiscoverynarrowsparknarrowspark-automaticphpphp73php74script-executorskeletonscomposersecuritydiscoveryAuditSkeletonautomaticcomposer-pluginnarrowsparkviserioconfiguratorsprefetcher

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/narrowspark-automatic/health.svg)

```
[![Health](https://phpackages.com/badges/narrowspark-automatic/health.svg)](https://phpackages.com/packages/narrowspark-automatic)
```

###  Alternatives

[jorijn/laravel-security-checker

Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

2031.9M1](/packages/jorijn-laravel-security-checker)[dgtlss/warden

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

9056.1k](/packages/dgtlss-warden)[plan2net/typo3-update-check

A Composer plugin that checks for TYPO3 updates and provides detailed information about breaking changes and security updates

206.1k](/packages/plan2net-typo3-update-check)[mxr576/ddqg-composer-audit

Drupal Dependency Quality Gate Composer Audit plugin

1060.6k3](/packages/mxr576-ddqg-composer-audit)[bringyourownideas/silverstripe-composer-security-checker

Provides information if your SilverStripe application uses dependencies with known vulnerabilities.

10103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
