PHPackages                             nowo-tech/composer-update-helper - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. nowo-tech/composer-update-helper

ActiveComposer-plugin[Utility &amp; Helpers](/categories/utility)

nowo-tech/composer-update-helper
================================

Generates composer require commands from outdated dependencies. Works with any PHP project (Symfony, Laravel, Yii, CodeIgniter, etc.)

v2.0.29(5mo ago)12.9k—6.7%[2 PRs](https://github.com/nowo-tech/ComposerUpdateHelper/pulls)MITPHPPHP &gt;=7.4CI passing

Since Dec 11Pushed 3mo agoCompare

[ Source](https://github.com/nowo-tech/ComposerUpdateHelper)[ Packagist](https://packagist.org/packages/nowo-tech/composer-update-helper)[ Docs](https://github.com/nowo-tech/composer-update-helper)[ GitHub Sponsors](https://github.com/HecFranco)[ RSS](/packages/nowo-tech-composer-update-helper/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (10)Dependencies (4)Versions (45)Used By (0)

Composer Update Helper
======================

[](#composer-update-helper)

[![CI](https://github.com/nowo-tech/ComposerUpdateHelper/actions/workflows/ci.yml/badge.svg)](https://github.com/nowo-tech/ComposerUpdateHelper/actions/workflows/ci.yml) [![Packagist Version](https://camo.githubusercontent.com/ba733b6a522843b1b0474019d7ad6a6fadb3005ff83957fb42ecbdbb63420971/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722e7376673f7374796c653d666c6174)](https://packagist.org/packages/nowo-tech/composer-update-helper) [![Packagist Downloads](https://camo.githubusercontent.com/e26dc2f9676a0e3232ccf7558ac1356684cde83dd0b679cb7fc0b9858ca89d7f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722e737667)](https://packagist.org/packages/nowo-tech/composer-update-helper) [![License](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](LICENSE) [![PHP](https://camo.githubusercontent.com/8e58b490725ac49cc8e463c473173681b324c9d92d7854275a785db013ca3de7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312532422d3737374242343f6c6f676f3d706870)](https://php.net) [![Symfony](https://camo.githubusercontent.com/8fe7de83f11ab7ca74742794be56f9291632c8351a9ae5baea0bc1e9c4eb5a35/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f53796d666f6e792d3625323025374325323037253230253743253230382d3030303030303f6c6f676f3d73796d666f6e79)](https://symfony.com) [![GitHub stars](https://camo.githubusercontent.com/281ff22593c1497799d4568d1005c378380095f2ed355f0c3320a9b48b39323f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722e7376673f7374796c653d736f6369616c266c6162656c3d53746172)](https://github.com/nowo-tech/ComposerUpdateHelper) [![Coverage](https://camo.githubusercontent.com/cd0704b56f1d56def350b6d0164316307bb2f47834225fd85443b6fb0059bc73/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f7665726167652d3130302532352d627269676874677265656e)](#tests-and-coverage)

> ⭐ **Found this useful?** Install from [Packagist](https://packagist.org/packages/nowo-tech/composer-update-helper) and give the repo a [star on GitHub](https://github.com/nowo-tech/ComposerUpdateHelper) if it helps you.

Generates `composer require` commands from outdated dependencies. Works with any PHP project: **Symfony**, **Laravel**, **Yii**, **CodeIgniter**, **Slim**, **Laminas**, etc.

Features
--------

[](#features)

- ✅ Works with any PHP project
- ✅ Separates production and development dependencies
- ✅ Shows ignored packages with available versions
- ✅ **Force include packages**: Override ignore list to force specific packages to be included
- ✅ **Multi-framework support** with version constraints:
- **Symfony**: respects `extra.symfony.require`
- **Laravel**: respects `laravel/framework` + `illuminate/*` versions
- **Yii**: respects `yiisoft/yii2` version
- **CakePHP**: respects `cakephp/cakephp` version
- **Laminas**: respects `laminas/*` versions
- **CodeIgniter**: respects `codeigniter4/framework` version
- **Slim**: respects `slim/slim` version
- ✅ Compares versions to avoid unnecessary updates
- ✅ **Dependency compatibility checking**: Automatically detects and prevents dependency conflicts before suggesting updates
- ✅ **Transitive dependency suggestions**: When conflicts are detected, automatically suggests updating required transitive dependencies with ready-to-use commands
- ✅ **Conflict Impact Analysis**: Analyzes which packages would be affected by updating conflicting packages (optional with `--show-impact` flag)
- ✅ **Save impact analysis**: Save impact analysis to file with `--save-impact` flag
- ✅ Can execute commands directly with `--run` flag
- ✅ Automatic installation via Composer plugin
- ✅ **Release information and changelogs**: Shows GitHub release links and changelog previews for outdated packages
- ✅ **Progress indicators**: Shows loading messages during long-running operations (dependency checking, fallback search, etc.)
- ✅ **Help option**: Built-in `--help` flag for comprehensive usage information
- ✅ **Verbose and Debug modes**: `-v, --verbose` and `--debug` options for troubleshooting and detailed information
- ✅ **Multiple file extensions**: Supports both `.yaml` and `.yml` extensions for configuration files
- ✅ **Performance optimized**: Emojis and common elements are optimized for better performance
- ✅ **Lightweight architecture**: Script delegates complex logic to PHP in vendor, keeping the repo script lightweight and maintainable
- ⚠️ **Internationalization (i18n)** (DEVELOPMENT MODE): Multi-language support for output messages with automatic language detection

Installation
------------

[](#installation)

```
composer require --dev nowo-tech/composer-update-helper
```

> 💡 **Tip**: We also recommend installing [Code Review Guardian](https://github.com/nowo-tech/CodeReviewGuardian) for a complete code quality workflow. See [Related Packages](#related-packages) section below.

After installation, two files will be copied to your project root:

- `generate-composer-require.sh` - The lightweight wrapper script (delegates complex logic to PHP in vendor)
- `generate-composer-require.yaml` - Configuration file for ignored and included packages (only created if doesn't exist)

**Note:** These files should be committed to your repository so they're available to all team members. The plugin will remove any old `.ignore.txt` entries from `.gitignore` if they exist.

**Auto-update:** The `generate-composer-require.sh` script is automatically updated when you run `composer update` if the content differs from the version in vendor. This ensures you always have the latest version of the script.

### Architecture

[](#architecture)

The script uses a lightweight architecture for better maintainability:

- **`generate-composer-require.sh`** (in your repo): A lightweight wrapper script (about **350** lines; size may change between releases) that handles:
- Command-line argument parsing
- Configuration file detection
- Executing `composer outdated`
- Calling the PHP processor
- Displaying formatted output from PHP
- Extracting and executing commands for `--run` flag
- **`process-updates.php`** (in vendor): Contains the heavy processing logic (about **900** lines; size may change between releases), including:
- Package processing and filtering
- Framework detection and version constraints
- Release information fetching
- Command generation
- **Output formatting** (emojis, sections, formatting, etc.)

The script automatically detects `process-updates.php` in `vendor/nowo-tech/composer-update-helper/bin/` and uses it. This architecture ensures:

- ✅ **Lightweight script in your repo**: Easy to read and understand
- ✅ **Complex logic in vendor**: Automatically updated with `composer update`
- ✅ **Better maintainability**: Clear separation of concerns
- ✅ **Automatic detection**: No configuration needed

Usage
-----

[](#usage)

### Basic Usage

[](#basic-usage)

```
# Show suggested update commands
./generate-composer-require.sh

# Execute commands directly
./generate-composer-require.sh --run

# Show release information
./generate-composer-require.sh --release-info

# Show full changelogs
./generate-composer-require.sh --release-detail

# Show impact analysis for conflicting packages
./generate-composer-require.sh --show-impact

# Save impact analysis to file
./generate-composer-require.sh --save-impact

# Verbose output
./generate-composer-require.sh --verbose

# Debug mode
./generate-composer-require.sh --debug

# Show help
./generate-composer-require.sh --help
```

Example output:

```
⏭️ Ignored packages (prod):
 - doctrine/doctrine-bundle:2.13.2

🔧 Suggested commands:
 composer require --with-all-dependencies vendor/package:1.2.3 another/package:4.5.6
 composer require --dev --with-all-dependencies phpstan/phpstan:2.0.0

```

> **Note:** By default, release information is **not shown** (no API calls are made). Use `--release-info` or `--release-detail` to enable it.

**Available options:**

- `--run` - Execute suggested commands automatically
- `--release-info` - Show release information (summary with links)
- `--release-detail` - Show full release changelog for each package (implies `--release-info`)
- `--no-release-info` - Skip release information section (default behavior)
- `--show-impact, --impact` - Show impact analysis for conflicting packages (disabled by default)
- `--save-impact` - Save impact analysis to `composer-update-impact.txt` file (implies `--show-impact`)
- `-v, --verbose` - Show verbose output (configuration files, packages, etc.)
- `--debug` - Show debug information (very detailed, includes file paths, parsing, etc.)
- `-h, --help` - Show help message

For detailed usage information, see [Usage Guide](docs/USAGE.md).

Configuration
-------------

[](#configuration)

The script searches for configuration files in the current directory (where `composer.json` is located). It supports both `.yaml` and `.yml` extensions, with `.yaml` taking priority.

Edit `generate-composer-require.yaml` to configure which packages to ignore or force include during updates, and set default values for command-line options:

```
# Composer Update Helper Configuration
# Configuration file for ignored and included packages during composer update suggestions

# Enable detailed dependency compatibility checking
# When enabled (true), the tool will check if proposed package versions are compatible
# with currently installed dependencies, preventing conflicts before they occur.
# When disabled (false), the tool will suggest all available updates without checking
# dependency compatibility (faster but may suggest incompatible updates).
# Default: true
check-dependencies: true

# Language for output messages
# Supported: many locales (see docs/CONFIGURATION.md — currently 31+ languages in i18n)
# If not set, will auto-detect from system (LANG, LC_ALL, LC_MESSAGES)
# Default: en (English)
# ⚠️ WARNING: i18n feature is currently in DEVELOPMENT MODE
#language: es

# Command-line options defaults (can be overridden via command-line arguments)
# Set your preferred defaults here, then override them when needed via command-line flags
show-release-info: false     # Show release information by default
show-release-detail: false    # Show full changelog by default
show-impact-analysis: false    # Show impact analysis by default
save-impact-to-file: false    # Save impact analysis to file by default
verbose: false          # Verbose output by default
debug: false           # Debug mode by default

# List of packages to ignore during update
# Ignored packages will still be displayed in the output with their available versions,
# but won't be included in the composer require commands.
ignore:
 - doctrine/orm
 - symfony/security-bundle
 - laravel/framework
 # - package/name # You can add inline comments

# List of packages to force include during update
# Included packages will be added to the composer require commands even if they are
# in the ignore list.
# The include section has priority over the ignore section.
include:
 - some/package
 - another/package
```

> 💡 **Tip**: Command-line arguments always override YAML configuration. For example, if you set `show-release-info: true` in YAML but run `./generate-composer-require.sh --no-release-info`, the release info will be disabled for that run.

For detailed configuration options including language settings, dependency checking, and backward compatibility, see [Configuration Guide](docs/CONFIGURATION.md).

For framework support details, see [Framework Support](docs/FRAMEWORKS.md).

Packagist Integration
---------------------

[](#packagist-integration)

Composer Update Helper fetches package information from Packagist to analyze dependencies and find compatible versions. Here's how it works:

### How It Works

[](#how-it-works)

The tool uses a two-tier approach for fetching package information:

1. **Primary Method**: Direct Packagist API calls (`https://packagist.org/packages/{package}.json`)

- Fast and efficient for most use cases
- Used for: package requirements, versions, abandoned status, maintainer info, alternative package search

2. **Fallback Method**: `composer show` command

- Automatically used when Packagist API is unavailable or returns incomplete data
- **Respects your project's repository configuration** in `composer.json`
- Supports mirrors, private repositories, and custom repository setups

### Improving Packagist Access

[](#improving-packagist-access)

#### Using Packagist Mirrors

[](#using-packagist-mirrors)

If you're experiencing slow API responses or rate limiting, you can configure a Packagist mirror in your `composer.json`:

```
{
  "repositories": [
    {
      "type": "composer",
      "url": "https://mirror.packagist.com",
      "only": ["packagist"]
    }
  ]
}
```

The fallback method (`composer show`) will automatically use your configured mirror.

#### Using Private Repositories

[](#using-private-repositories)

For private packages or internal repositories, simply configure them in your `composer.json`:

```
{
  "repositories": [
    {
      "type": "vcs",
      "url": "https://github.com/your-org/private-package"
    }
  ]
}
```

When the Packagist API doesn't have information about these packages, the tool automatically falls back to `composer show`, which respects your repository configuration.

#### Performance Considerations

[](#performance-considerations)

- **API Rate Limiting**: Packagist doesn't enforce strict rate limits, but excessive requests may be throttled. The tool includes proper user-agent headers and reasonable timeouts (5 seconds).
- **Offline Mode**: If you're working offline or behind a firewall, the tool will fall back to `composer show`, which uses Composer's local cache when available.
- **Caching**: Composer caches package metadata automatically. Running `composer update` periodically ensures your cache is fresh, improving fallback performance.

> 💡 **Tip**: If you're using a VPN or behind a corporate firewall, configuring a Packagist mirror or ensuring `composer show` works will provide the best experience.

Requirements
------------

[](#requirements)

- PHP `>=8.1 =8.1
