PHPackages pb30/phpstan-composer-analysis - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. pb30/phpstan-composer-analysis ActivePhpstan-extension[Testing & Quality](/categories/testing) pb30/phpstan-composer-analysis ============================== v1.1.0(5mo ago)1791.4k↑30.8%1[2 issues](https://github.com/pb30/phpstan-composer-analysis/issues)[1 PRs](https://github.com/pb30/phpstan-composer-analysis/pulls)2MITPHPPHP ~8.1|~8.2|~8.3|~8.4|~8.5CI passing Since May 10Pushed 5mo ago1 watchersCompare [ Source](https://github.com/pb30/phpstan-composer-analysis)[ Packagist](https://packagist.org/packages/pb30/phpstan-composer-analysis)[ RSS](/packages/pb30-phpstan-composer-analysis/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (3)Versions (21)Used By (2) PHPStan Wrapper for Composer Dependency Analysis -------------------------------------------------- [](#----phpstan-wrapper-for-composer-dependency-analysis) [![Latest Version on Packagist](https://camo.githubusercontent.com/f3ea87c69e8345c96d18fd16e919e712a0074c44ff4eca2241ffae292d21cb37/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706233302f7068707374616e2d636f6d706f7365722d616e616c797369732e737667)](https://packagist.org/packages/pb30/phpstan-composer-analysis) [![static analysis](https://github.com/pb30/phpstan-composer-analysis/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/pb30/phpstan-composer-analysis/actions/workflows/static-analysis.yml) [![MIT Licensed](https://camo.githubusercontent.com/074b89bca64d3edc93a1db6c7e3b1636b874540ba91d66367c0e5e354c56d0ea/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e737667)](LICENSE.md) This is a PHPStan Extension for [shipmonk/composer-dependency-analyser](https://github.com/shipmonk-rnd/composer-dependency-analyser). This allows you to use `composer-dependency-analyser` without adding additional steps in your CI pipeline. Installation ------------ [](#installation) 1. `composer require --dev pb30/phpstan-composer-analysis` 2. Add the following to your `phpstan.neon` includes: `- vendor/pb30/phpstan-composer-analysis/extension.neon` Usage ----- [](#usage) Composer dependency issues are reported as standard PHPStan errors. You can ignore any errors or false positives using the [standard PHPStan `ignoreErrors` configuration](https://phpstan.org/user-guide/ignoring-errors#ignoring-in-configuration-file) or through the settings below.. ``` ------ --------------------------------------------------------------------- Line app/DateHelpers.php ------ --------------------------------------------------------------------- 17 Shadow dependency detected: nesbot/carbon using Carbon\CarbonPeriod 💡 Class is used, but is not specified in composer.json ------ --------------------------------------------------------------------- ------ ------------------------------------------------------------------------- Line app/MyHelper.php ------ ------------------------------------------------------------------------- 19 Dev dependency used in production: fakerphp/faker using Faker\Generator 💡 This should probably be moved to "require" section in composer.json ------ ------------------------------------------------------------------------- ------ --------------------------------------------------------------------------------- Line composer.json ------ --------------------------------------------------------------------------------- -1 Prod dependency used only in dev paths: spatie/once 💡 This should probably be moved to "require-dev" section in composer.json -1 Unused dependency detected: predis/predis 💡 This is are listed in composer.json, but no usage was found in scanned paths ------ --------------------------------------------------------------------------------- ``` Configuration ------------- [](#configuration) Several settings for `composer-dependency-analyser` can be configured in `phpstan.neon`: ``` parameters: composerAnalysis: additionalProdPaths: - config - routes additionalDevPaths: - database/seeders ignoreAllShadowDeps: false ignoreAllDevDepsInProd: false ignoreAllProdDepsInDev: false ignoreAllUnusedDeps: false disableExtensionsAnalysis: false ignoreSpecificUnusedDeps: - laravel/tinker ``` ### Health Score 52 — FairBetter than 96% of packages Maintenance68 Regular maintenance activity Popularity41 Moderate usage in the ecosystem Community16 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 52.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~40 days Recently: every ~82 days Total 15 Last Release 172d ago Major Versions v0.12.0 → v1.0.02025-06-06 PHP version history (3 changes)v0.1PHP ~8.1|~8.2|~8.3 v0.11.0PHP ~8.1|~8.2|~8.3|~8.4 v1.1.0PHP ~8.1|~8.2|~8.3|~8.4|~8.5 ### Community Maintainers ![](https://www.gravatar.com/avatar/2a96933403bfe8ae103a42c6cece2b4342eb597ed4d753c8cc10c6e674e43f71?d=identicon)[pb30](/maintainers/pb30) --- Top Contributors [![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (62 commits)")[![pb30](https://avatars.githubusercontent.com/u/259602?v=4)](https://github.com/pb30 "pb30 (49 commits)")[![staabm](https://avatars.githubusercontent.com/u/120441?v=4)](https://github.com/staabm "staabm (7 commits)")[![clxmstaab](https://avatars.githubusercontent.com/u/47448731?v=4)](https://github.com/clxmstaab "clxmstaab (1 commits)") --- Tags devstatic analysis ### Code Quality Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/pb30-phpstan-composer-analysis/health.svg) ``` [![Health](https://phpackages.com/badges/pb30-phpstan-composer-analysis/health.svg)](https://phpackages.com/packages/pb30-phpstan-composer-analysis) ``` ### Alternatives [phpstan/phpstan PHPStan - PHP Static Analysis Tool 13.9k341.8M29.6k](/packages/phpstan-phpstan)[larastan/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 6.4k43.5M5.2k](/packages/larastan-larastan)[phpstan/phpstan-symfony Symfony Framework extensions and rules for PHPStan 78768.9M1.5k](/packages/phpstan-phpstan-symfony)[phpstan/phpstan-doctrine Doctrine extensions for PHPStan 66766.6M1.1k](/packages/phpstan-phpstan-doctrine)[spaze/phpstan-disallowed-calls PHPStan rules to detect disallowed method & function calls, constant, namespace, attribute, property & superglobal usages, with powerful rules to re-allow a call or a usage in places where it should be allowed. 33320.0M375](/packages/spaze-phpstan-disallowed-calls)[staabm/phpstan-dba 2912.3M2](/packages/staabm-phpstan-dba) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)