PHPackages nowo-tech/composer-update-helper - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. nowo-tech/composer-update-helper ActiveComposer-plugin nowo-tech/composer-update-helper ================================ Generates composer require commands from outdated dependencies. Works with any PHP project (Symfony, Laravel, Yii, CodeIgniter, etc.) v2.0.29(3mo ago)11.5k↓43.8%[1 PRs](https://github.com/nowo-tech/ComposerUpdateHelper/pulls)MITPHPPHP >=7.4CI passing Since Dec 11Pushed 3mo agoCompare [ Source](https://github.com/nowo-tech/ComposerUpdateHelper)[ Packagist](https://packagist.org/packages/nowo-tech/composer-update-helper)[ Docs](https://github.com/nowo-tech/composer-update-helper)[ GitHub Sponsors](https://github.com/HecFranco)[ RSS](/packages/nowo-tech-composer-update-helper/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (44)Used By (0) Composer Update Helper ====================== [](#composer-update-helper) [![CI](https://github.com/nowo-tech/ComposerUpdateHelper/actions/workflows/ci.yml/badge.svg)](https://github.com/nowo-tech/ComposerUpdateHelper/actions/workflows/ci.yml/badge.svg) [![Latest Stable Version](https://camo.githubusercontent.com/dcbe652493b8c44b2fe744c55cde0431c12860e243d71d7de4d91f51b55a3340/68747470733a2f2f706f7365722e707567782e6f72672f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722f76)](https://camo.githubusercontent.com/dcbe652493b8c44b2fe744c55cde0431c12860e243d71d7de4d91f51b55a3340/68747470733a2f2f706f7365722e707567782e6f72672f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722f76) [![License](https://camo.githubusercontent.com/8f5021de8c8aca031115a9a72d05ff5d726c8bcd4202f0bda4e646c0d3a7dd98/68747470733a2f2f706f7365722e707567782e6f72672f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722f6c6963656e7365)](https://camo.githubusercontent.com/8f5021de8c8aca031115a9a72d05ff5d726c8bcd4202f0bda4e646c0d3a7dd98/68747470733a2f2f706f7365722e707567782e6f72672f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722f6c6963656e7365) [![PHP Version Require](https://camo.githubusercontent.com/8770eea547a3b4599486a5cfa104cd41a7b66eba3dd6893f474ca5a4ef2202bf/68747470733a2f2f706f7365722e707567782e6f72672f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722f726571756972652f706870)](https://camo.githubusercontent.com/8770eea547a3b4599486a5cfa104cd41a7b66eba3dd6893f474ca5a4ef2202bf/68747470733a2f2f706f7365722e707567782e6f72672f6e6f776f2d746563682f636f6d706f7365722d7570646174652d68656c7065722f726571756972652f706870) [![GitHub stars](https://camo.githubusercontent.com/13eae67f02803486295b5c05617c1f64695bf256177a7255e0b1736c2d170501/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6f776f2d746563682f436f6d706f73657255706461746548656c7065722e7376673f7374796c653d736f6369616c266c6162656c3d53746172)](https://camo.githubusercontent.com/13eae67f02803486295b5c05617c1f64695bf256177a7255e0b1736c2d170501/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e6f776f2d746563682f436f6d706f73657255706461746548656c7065722e7376673f7374796c653d736f6369616c266c6162656c3d53746172) > ⭐ **Found this project useful?** Give it a star on GitHub! It helps us maintain and improve the project. Generates `composer require` commands from outdated dependencies. Works with any PHP project: **Symfony**, **Laravel**, **Yii**, **CodeIgniter**, **Slim**, **Laminas**, etc. Features -------- [](#features) - ✅ Works with any PHP project - ✅ Separates production and development dependencies - ✅ Shows ignored packages with available versions - ✅ **Force include packages**: Override ignore list to force specific packages to be included - ✅ **Multi-framework support** with version constraints: - **Symfony**: respects `extra.symfony.require` - **Laravel**: respects `laravel/framework` + `illuminate/*` versions - **Yii**: respects `yiisoft/yii2` version - **CakePHP**: respects `cakephp/cakephp` version - **Laminas**: respects `laminas/*` versions - **CodeIgniter**: respects `codeigniter4/framework` version - **Slim**: respects `slim/slim` version - ✅ Compares versions to avoid unnecessary updates - ✅ **Dependency compatibility checking**: Automatically detects and prevents dependency conflicts before suggesting updates - ✅ **Transitive dependency suggestions**: When conflicts are detected, automatically suggests updating required transitive dependencies with ready-to-use commands - ✅ **Conflict Impact Analysis**: Analyzes which packages would be affected by updating conflicting packages (optional with `--show-impact` flag) - ✅ **Save impact analysis**: Save impact analysis to file with `--save-impact` flag - ✅ Can execute commands directly with `--run` flag - ✅ Automatic installation via Composer plugin - ✅ **Release information and changelogs**: Shows GitHub release links and changelog previews for outdated packages - ✅ **Progress indicators**: Shows loading messages during long-running operations (dependency checking, fallback search, etc.) - ✅ **Help option**: Built-in `--help` flag for comprehensive usage information - ✅ **Verbose and Debug modes**: `-v, --verbose` and `--debug` options for troubleshooting and detailed information - ✅ **Multiple file extensions**: Supports both `.yaml` and `.yml` extensions for configuration files - ✅ **Performance optimized**: Emojis and common elements are optimized for better performance - ✅ **Lightweight architecture**: Script delegates complex logic to PHP in vendor, keeping the repo script lightweight and maintainable - ⚠️ **Internationalization (i18n)** (DEVELOPMENT MODE): Multi-language support for output messages with automatic language detection Installation ------------ [](#installation) ``` composer require --dev nowo-tech/composer-update-helper ``` > 💡 **Tip**: We also recommend installing [Code Review Guardian](https://github.com/nowo-tech/CodeReviewGuardian) for a complete code quality workflow. See [Related Packages](#related-packages) section below. After installation, two files will be copied to your project root: - `generate-composer-require.sh` - The lightweight wrapper script (delegates complex logic to PHP in vendor) - `generate-composer-require.yaml` - Configuration file for ignored and included packages (only created if doesn't exist) **Note:** These files should be committed to your repository so they're available to all team members. The plugin will remove any old `.ignore.txt` entries from `.gitignore` if they exist. **Auto-update:** The `generate-composer-require.sh` script is automatically updated when you run `composer update` if the content differs from the version in vendor. This ensures you always have the latest version of the script. ### Architecture [](#architecture) The script uses a lightweight architecture for better maintainability: - **`generate-composer-require.sh`** (in your repo): A lightweight wrapper script (~283 lines) that handles: - Command-line argument parsing - Configuration file detection - Executing `composer outdated` - Calling the PHP processor - Displaying formatted output from PHP - Extracting and executing commands for `--run` flag - **`process-updates.php`** (in vendor): Contains all the complex logic (~643 lines) including: - Package processing and filtering - Framework detection and version constraints - Release information fetching - Command generation - **Output formatting** (emojis, sections, formatting, etc.) The script automatically detects `process-updates.php` in `vendor/nowo-tech/composer-update-helper/bin/` and uses it. This architecture ensures: - ✅ **Lightweight script in your repo**: Easy to read and understand - ✅ **Complex logic in vendor**: Automatically updated with `composer update` - ✅ **Better maintainability**: Clear separation of concerns - ✅ **Automatic detection**: No configuration needed Usage ----- [](#usage) ### Basic Usage [](#basic-usage) ``` # Show suggested update commands ./generate-composer-require.sh # Execute commands directly ./generate-composer-require.sh --run # Show release information ./generate-composer-require.sh --release-info # Show full changelogs ./generate-composer-require.sh --release-detail # Show impact analysis for conflicting packages ./generate-composer-require.sh --show-impact # Save impact analysis to file ./generate-composer-require.sh --save-impact # Verbose output ./generate-composer-require.sh --verbose # Debug mode ./generate-composer-require.sh --debug # Show help ./generate-composer-require.sh --help ``` Example output: ``` ⏭️ Ignored packages (prod): - doctrine/doctrine-bundle:2.13.2 🔧 Suggested commands: composer require --with-all-dependencies vendor/package:1.2.3 another/package:4.5.6 composer require --dev --with-all-dependencies phpstan/phpstan:2.0.0 ``` > **Note:** By default, release information is **not shown** (no API calls are made). Use `--release-info` or `--release-detail` to enable it. **Available options:** - `--run` - Execute suggested commands automatically - `--release-info` - Show release information (summary with links) - `--release-detail` - Show full release changelog for each package (implies `--release-info`) - `--no-release-info` - Skip release information section (default behavior) - `--show-impact, --impact` - Show impact analysis for conflicting packages (disabled by default) - `--save-impact` - Save impact analysis to `composer-update-impact.txt` file (implies `--show-impact`) - `-v, --verbose` - Show verbose output (configuration files, packages, etc.) - `--debug` - Show debug information (very detailed, includes file paths, parsing, etc.) - `-h, --help` - Show help message For detailed usage information, see [Usage Guide](docs/USAGE.md). Configuration ------------- [](#configuration) The script searches for configuration files in the current directory (where `composer.json` is located). It supports both `.yaml` and `.yml` extensions, with `.yaml` taking priority. Edit `generate-composer-require.yaml` to configure which packages to ignore or force include during updates, and set default values for command-line options: ``` # Composer Update Helper Configuration # Configuration file for ignored and included packages during composer update suggestions # Enable detailed dependency compatibility checking # When enabled (true), the tool will check if proposed package versions are compatible # with currently installed dependencies, preventing conflicts before they occur. # When disabled (false), the tool will suggest all available updates without checking # dependency compatibility (faster but may suggest incompatible updates). # Default: true check-dependencies: true # Language for output messages # Supported: en (English), es (Spanish), pt (Portuguese), it (Italian), fr (French), de (German), pl (Polish), ru (Russian), ro (Romanian), el (Greek), da (Danish) # If not set, will auto-detect from system (LANG, LC_ALL, LC_MESSAGES) # Default: en (English) # ⚠️ WARNING: i18n feature is currently in DEVELOPMENT MODE #language: es # Command-line options defaults (can be overridden via command-line arguments) # Set your preferred defaults here, then override them when needed via command-line flags show-release-info: false # Show release information by default show-release-detail: false # Show full changelog by default show-impact-analysis: false # Show impact analysis by default save-impact-to-file: false # Save impact analysis to file by default verbose: false # Verbose output by default debug: false # Debug mode by default # List of packages to ignore during update # Ignored packages will still be displayed in the output with their available versions, # but won't be included in the composer require commands. ignore: - doctrine/orm - symfony/security-bundle - laravel/framework # - package/name # You can add inline comments # List of packages to force include during update # Included packages will be added to the composer require commands even if they are # in the ignore list. # The include section has priority over the ignore section. include: - some/package - another/package ``` > 💡 **Tip**: Command-line arguments always override YAML configuration. For example, if you set `show-release-info: true` in YAML but run `./generate-composer-require.sh --no-release-info`, the release info will be disabled for that run. For detailed configuration options including language settings, dependency checking, and backward compatibility, see [Configuration Guide](docs/CONFIGURATION.md). For framework support details, see [Framework Support](docs/FRAMEWORKS.md). Packagist Integration --------------------- [](#packagist-integration) Composer Update Helper fetches package information from Packagist to analyze dependencies and find compatible versions. Here's how it works: ### How It Works [](#how-it-works) The tool uses a two-tier approach for fetching package information: 1. **Primary Method**: Direct Packagist API calls (`https://packagist.org/packages/{package}.json`) - Fast and efficient for most use cases - Used for: package requirements, versions, abandoned status, maintainer info, alternative package search 2. **Fallback Method**: `composer show` command - Automatically used when Packagist API is unavailable or returns incomplete data - **Respects your project's repository configuration** in `composer.json` - Supports mirrors, private repositories, and custom repository setups ### Improving Packagist Access [](#improving-packagist-access) #### Using Packagist Mirrors [](#using-packagist-mirrors) If you're experiencing slow API responses or rate limiting, you can configure a Packagist mirror in your `composer.json`: ``` { "repositories": [ { "type": "composer", "url": "https://mirror.packagist.com", "only": ["packagist"] } ] } ``` The fallback method (`composer show`) will automatically use your configured mirror. #### Using Private Repositories [](#using-private-repositories) For private packages or internal repositories, simply configure them in your `composer.json`: ``` { "repositories": [ { "type": "vcs", "url": "https://github.com/your-org/private-package" } ] } ``` When the Packagist API doesn't have information about these packages, the tool automatically falls back to `composer show`, which respects your repository configuration. #### Performance Considerations [](#performance-considerations) - **API Rate Limiting**: Packagist doesn't enforce strict rate limits, but excessive requests may be throttled. The tool includes proper user-agent headers and reasonable timeouts (5 seconds). - **Offline Mode**: If you're working offline or behind a firewall, the tool will fall back to `composer show`, which uses Composer's local cache when available. - **Caching**: Composer caches package metadata automatically. Running `composer update` periodically ensures your cache is fresh, improving fallback performance. > 💡 **Tip**: If you're using a VPN or behind a corporate firewall, configuring a Packagist mirror or ensuring `composer show` works will provide the best experience. Requirements ------------ [](#requirements) - PHP >= 7.4 - Composer 2.x Documentation ------------- [](#documentation) All documentation is available in the [`docs/`](docs/) directory: ### User Guides [](#user-guides) - **[Usage Guide](docs/USAGE.md)** - Complete usage instructions and options - **[Configuration Guide](docs/CONFIGURATION.md)** - Configuration options and settings - **[Framework Support](docs/FRAMEWORKS.md)** - Framework version constraints and support - **[Update Cases and Scenarios](docs/UPDATE_CASES.md)** - Comprehensive guide to all supported update scenarios and use cases ### Project Documentation [](#project-documentation) - **[CHANGELOG.md](docs/CHANGELOG.md)** - Version history and all notable changes - **[UPGRADING.md](docs/UPGRADING.md)** - Upgrade instructions and migration notes - **[Testing Documentation](docs/TESTING.md)** - Comprehensive testing guide including tests for new features - **[Implementation Roadmap](docs/IMPLEMENTATION_ROADMAP.md)** - Action plan for implementing not-yet-supported features, ordered by complexity and feasibility - **[Development Guide](docs/DEVELOPMENT.md)** - Development setup, testing, and CI/CD - **[CONTRIBUTING.md](docs/CONTRIBUTING.md)** - Guidelines for contributing to the project - **[BRANCHING.md](docs/BRANCHING.md)** - Branching strategy and workflow - **[I18N\_STRATEGY.md](docs/I18N_STRATEGY.md)** - Internationalization (i18n) implementation strategy Contributing ------------ [](#contributing) Please see [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) for details. For branching strategy, see [docs/BRANCHING.md](docs/BRANCHING.md). Changelog --------- [](#changelog) Please see [docs/CHANGELOG.md](docs/CHANGELOG.md) for version history. Upgrading --------- [](#upgrading) Please see [docs/UPGRADING.md](docs/UPGRADING.md) for upgrade instructions and migration notes. Related Packages ---------------- [](#related-packages) ### Code Review Guardian [](#code-review-guardian) Looking for a complete code review solution? We highly recommend **[Code Review Guardian](https://github.com/nowo-tech/CodeReviewGuardian)** - a provider-agnostic code review guardian that works perfectly with Composer Update Helper: - ✅ **Provider-agnostic**: Works with GitHub, GitLab, Bitbucket, and any Git provider - ✅ **Multi-framework support**: Automatic framework detection (Symfony, Laravel, etc.) - ✅ **Code quality checks**: PHP-CS-Fixer, PHPStan, PHPUnit, Security checks - ✅ **Easy integration**: Simple YAML configuration - ✅ **Framework-specific configs**: Optimized configurations for each framework **Installation:** ``` composer require --dev nowo-tech/code-review-guardian ``` **Why use both together?** Together with Composer Update Helper, you get a complete development workflow: 1. **Composer Update Helper** → Keeps your dependencies up to date - Automatically detects outdated packages - Generates update commands - Respects framework version constraints 2. **Code Review Guardian** → Ensures code quality in your pull requests - Runs code quality checks automatically - Validates code style and standards - Prevents merging low-quality code **Perfect combination for maintaining high-quality PHP projects!** 🚀 Author ------ [](#author) Created by [Héctor Franco Aceituno](https://github.com/HecFranco) at [Nowo.tech](https://nowo.tech) License ------- [](#license) The MIT License (MIT). Please see [LICENSE](LICENSE) for more information. ### Health Score 42 — FairBetter than 90% of packages Maintenance78 Regular maintenance activity Popularity22 Limited adoption so far Community9 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 84.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 41 Last Release 117d ago Major Versions v1.3.4 → v2.0.02025-12-26 ### Community Maintainers ![](https://www.gravatar.com/avatar/e7947bfc3f2ce9574a18a2c60f3d95b5d1b0740e65dc929332c92f1df21f75ab?d=identicon)[HecFranco](/maintainers/HecFranco) --- Top Contributors [![HecFranco](https://avatars.githubusercontent.com/u/24323276?v=4)](https://github.com/HecFranco "HecFranco (122 commits)")[![actions-user](https://avatars.githubusercontent.com/u/65916846?v=4)](https://github.com/actions-user "actions-user (18 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)") --- Tags phpcomposersymfonylaravelcodeigniteryiidependenciesrequireupdateoutdated ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/nowo-tech-composer-update-helper/health.svg) ``` [![Health](https://phpackages.com/badges/nowo-tech-composer-update-helper/health.svg)](https://phpackages.com/packages/nowo-tech-composer-update-helper) ``` ### Alternatives [dragon-code/support Support package is a collection of helpers and tools for any project. 238.7M101](/packages/dragon-code-support)[phpmv/php-mv-ui A JQuery and UI library for php and php MVC frameworks 3319.7k3](/packages/phpmv-php-mv-ui)[event4u/data-helpers Framework-agnostic PHP library for data mapping, DTOs and utilities. Includes DataMapper, SimpleDto/LiteDto, DataAccessor/Mutator/Filter and helper classes (MathHelper, EnvHelper, etc.). Works with Laravel, Symfony/Doctrine or standalone PHP. 1421.5k](/packages/event4u-data-helpers)[hafael/azure-mailer-driver Supercharge your Laravel or Symfony app with Microsoft Azure Communication Services (ACS)! Effortlessly add email, chat, voice, video, and telephony-over-IP for next-level communication. 🚀 14109.2k](/packages/hafael-azure-mailer-driver) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)