PHPackages                             pb30/phpstan-composer-analysis - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing &amp; Quality](/categories/testing)
4. /
5. pb30/phpstan-composer-analysis

ActivePhpstan-extension[Testing &amp; Quality](/categories/testing)

pb30/phpstan-composer-analysis
==============================

v1.1.0(7mo ago)17124.3k—2.5%1[2 issues](https://github.com/pb30/phpstan-composer-analysis/issues)[1 PRs](https://github.com/pb30/phpstan-composer-analysis/pulls)2MITPHPPHP ~8.1|~8.2|~8.3|~8.4|~8.5CI passing

Since May 10Pushed 2w ago1 watchersCompare

[ Source](https://github.com/pb30/phpstan-composer-analysis)[ Packagist](https://packagist.org/packages/pb30/phpstan-composer-analysis)[ RSS](/packages/pb30-phpstan-composer-analysis/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (10)Dependencies (3)Versions (21)Used By (2)

 PHPStan Wrapper for Composer Dependency Analysis
--------------------------------------------------

[](#----phpstan-wrapper-for-composer-dependency-analysis)

 [![Latest Version on Packagist](https://camo.githubusercontent.com/f3ea87c69e8345c96d18fd16e919e712a0074c44ff4eca2241ffae292d21cb37/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706233302f7068707374616e2d636f6d706f7365722d616e616c797369732e737667)](https://packagist.org/packages/pb30/phpstan-composer-analysis) [![static analysis](https://github.com/pb30/phpstan-composer-analysis/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/pb30/phpstan-composer-analysis/actions/workflows/static-analysis.yml) [![MIT Licensed](https://camo.githubusercontent.com/074b89bca64d3edc93a1db6c7e3b1636b874540ba91d66367c0e5e354c56d0ea/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e737667)](LICENSE.md)

This is a PHPStan Extension for [shipmonk/composer-dependency-analyser](https://github.com/shipmonk-rnd/composer-dependency-analyser).

This allows you to use `composer-dependency-analyser` without adding additional steps in your CI pipeline.

Installation
------------

[](#installation)

1. `composer require --dev pb30/phpstan-composer-analysis`
2. Add the following to your `phpstan.neon` includes: `- vendor/pb30/phpstan-composer-analysis/extension.neon`

Usage
-----

[](#usage)

Composer dependency issues are reported as standard PHPStan errors.

You can ignore any errors or false positives using the [standard PHPStan `ignoreErrors` configuration](https://phpstan.org/user-guide/ignoring-errors#ignoring-in-configuration-file) or through the settings below..

```
 ------ ---------------------------------------------------------------------
  Line   app/DateHelpers.php
 ------ ---------------------------------------------------------------------
  17     Shadow dependency detected: nesbot/carbon using Carbon\CarbonPeriod
         💡 Class is used, but is not specified in composer.json
 ------ ---------------------------------------------------------------------

 ------ -------------------------------------------------------------------------
  Line   app/MyHelper.php
 ------ -------------------------------------------------------------------------
  19     Dev dependency used in production: fakerphp/faker using Faker\Generator
         💡 This should probably be moved to "require" section in composer.json
 ------ -------------------------------------------------------------------------

 ------ ---------------------------------------------------------------------------------
  Line   composer.json
 ------ ---------------------------------------------------------------------------------
  -1     Prod dependency used only in dev paths: spatie/once
         💡 This should probably be moved to "require-dev" section in composer.json
  -1     Unused dependency detected: predis/predis
         💡 This is are listed in composer.json, but no usage was found in scanned paths
 ------ ---------------------------------------------------------------------------------

```

Configuration
-------------

[](#configuration)

Several settings for `composer-dependency-analyser` can be configured in `phpstan.neon`:

```
parameters:
    composerAnalysis:
        additionalProdPaths:
            - config
            - routes
        additionalDevPaths:
            - database/seeders
        ignoreAllShadowDeps: false
        ignoreAllDevDepsInProd: false
        ignoreAllProdDepsInDev: false
        ignoreAllUnusedDeps: false
        disableExtensionsAnalysis: false
        ignoreSpecificUnusedDeps:
            - laravel/tinker
```

###  Health Score

55

—

FairBetter than 97% of packages

Maintenance80

Actively maintained with recent releases

Popularity41

Moderate usage in the ecosystem

Community16

Small or concentrated contributor base

Maturity68

Established project with proven stability

 Bus Factor1

Top contributor holds 52.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~40 days

Recently: every ~82 days

Total

15

Last Release

218d ago

Major Versions

v0.12.0 → v1.0.02025-06-06

PHP version history (3 changes)v0.1PHP ~8.1|~8.2|~8.3

v0.11.0PHP ~8.1|~8.2|~8.3|~8.4

v1.1.0PHP ~8.1|~8.2|~8.3|~8.4|~8.5

### Community

Maintainers

![](https://www.gravatar.com/avatar/2a96933403bfe8ae103a42c6cece2b4342eb597ed4d753c8cc10c6e674e43f71?d=identicon)[pb30](/maintainers/pb30)

---

Top Contributors

[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (63 commits)")[![pb30](https://avatars.githubusercontent.com/u/259602?v=4)](https://github.com/pb30 "pb30 (50 commits)")[![staabm](https://avatars.githubusercontent.com/u/120441?v=4)](https://github.com/staabm "staabm (7 commits)")[![clxmstaab](https://avatars.githubusercontent.com/u/47448731?v=4)](https://github.com/clxmstaab "clxmstaab (1 commits)")

---

Tags

devstatic analysis

###  Code Quality

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/pb30-phpstan-composer-analysis/health.svg)

```
[![Health](https://phpackages.com/badges/pb30-phpstan-composer-analysis/health.svg)](https://phpackages.com/packages/pb30-phpstan-composer-analysis)
```

###  Alternatives

[larastan/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

6.5k55.4M8.4k](/packages/larastan-larastan)[phpstan/phpstan-symfony

Symfony Framework extensions and rules for PHPStan

79475.7M2.2k](/packages/phpstan-phpstan-symfony)[phpstan/phpstan-doctrine

Doctrine extensions for PHPStan

67272.8M1.4k](/packages/phpstan-phpstan-doctrine)[shipmonk/dead-code-detector

Dead code detector to find unused PHP code via PHPStan extension. Can automatically remove dead PHP code. Supports libraries like Symfony, Doctrine, PHPUnit etc. Detects dead cycles. Can detect dead code that is tested.

4853.5M91](/packages/shipmonk-dead-code-detector)[spaze/phpstan-disallowed-calls

PHPStan rules to detect disallowed method &amp; function calls, constant, namespace, attribute, property &amp; superglobal usages, with powerful rules to re-allow a call or a usage in places where it should be allowed.

33422.6M550](/packages/spaze-phpstan-disallowed-calls)[staabm/phpstan-dba

2942.6M2](/packages/staabm-phpstan-dba)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
