PHPackages pixovoid/packagist-version-checker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. pixovoid/packagist-version-checker ActiveLibrary[Utility & Helpers](/categories/utility) pixovoid/packagist-version-checker ================================== Laravel Artisan command to compare installed Composer package versions with Packagist and help update composer.json v1.0.3(5mo ago)081MITPHPPHP ^8.4 Since Dec 8Pushed 5mo agoCompare [ Source](https://github.com/PixoVoid/packagist-version-checker)[ Packagist](https://packagist.org/packages/pixovoid/packagist-version-checker)[ Docs](https://github.com/PixoVoid/packagist-version-checker)[ RSS](/packages/pixovoid-packagist-version-checker/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (6)Versions (5)Used By (0) Packagist Version Checker ========================= [](#packagist-version-checker) Artisan (Laravel) command to inspect Composer packages against Packagist and help update `composer.json`. Features -------- [](#features) - List installed packages and their installed versions - Show latest versions available on Packagist - Show which packages are outdated - Propose updates to `composer.json` and optionally run `composer update` Installation ------------ [](#installation) Require the package via Composer: ``` composer require pixovoid/packagist-version-checker ``` Quick setup for development --------------------------- [](#quick-setup-for-development) ``` composer install composer test ``` Usage examples -------------- [](#usage-examples) - Check a single package: ``` php artisan packagist:check vendor/name ``` - Check all requirements from `composer.json`: ``` php artisan packagist:check --composer ``` - Check installed packages (reads `composer.lock` / `vendor`): ``` php artisan packagist:check --installed ``` - Show only outdated packages: ``` php artisan packagist:check --installed --outdated ``` - Propose updates to `composer.json` (dry run): ``` php artisan packagist:check --composer --update --dry-run ``` - Apply updates to `composer.json` and run `composer update`: ``` php artisan packagist:check --composer --update --apply ``` Options ------- [](#options) - `--composer` : Read packages from local `composer.json` require/require-dev - `--installed`: Read installed packages from `composer.lock` or `vendor/composer` - `--outdated`: Show only packages that are outdated - `--include-prereleases`: Consider prerelease tags (use `Latest (any)` for outdated checks) - `--update`: Propose updates in `composer.json` - `--update-all`: Shortcut for `--composer --update` - `--apply`: After updating `composer.json`, run `composer update` to install new versions - `--dry-run`: Do not write changes to `composer.json` - `--no-dev`: Exclude `require-dev` when reading/updating Behaviour & notes --------------------- [](#behaviour--notes) - The command compares installed/required versions with the latest stable versions on Packagist and proposes constraints using a `^` heuristic. - Pre-release tags (for example `1.2.3-beta`) are treated conservatively and are not used to form constraints by default. - Use `--include-prereleases` to make the command consider prerelease tags when determining whether a package is "outdated" (it will compare against the `Latest (any)` column which may include prerelease tags). - Note: As of this release the `--include-prereleases` flag affects only the outdated detection and filtering. The `--update` proposal logic still forms `^` constraints by default. If you want updates proposed/applied based on prereleases too, enable that explicitly (I can add that behavior on request). - The tool creates a timestamped backup of `composer.json` before writing (e.g. `composer.json.bak.20251231235959`). - Network requests use a short timeout and a small retry/backoff strategy; Packagist responses are validated before use. Requirements ------------ [](#requirements) - PHP: `^8.4` Dependencies ------------ [](#dependencies) - Runtime: `illuminate/support` (as declared in `composer.json`) - Network and version handling: `symfony/http-client` (used for Packagist requests) - Semver comparisons: `composer/semver` (used when available for robust comparisons) Development & testing ------------------------- [](#development--testing) Install dependencies and run tests: ``` composer install composer test ``` To run the command locally while developing the package, register it in your application or run it from a Laravel app that includes this package via path repository. Security & disclaimer ------------------------- [](#security--disclaimer) - This package is provided "as is" without warranties. Use at your own risk. The author and contributors are not liable for damages resulting from its use. - Always review proposed `composer.json` changes and test them in a safe environment before applying to production. The command creates backups automatically. Support & Contributing -------------------------- [](#support--contributing) Report issues or feature requests on GitHub: Contributions are welcome. Please open pull requests against the `main` branch and follow the project's coding standards. License ------- [](#license) MIT — see the `LICENSE` file for details. **Implementation Notes** - **HttpClient DI:** The package binds `Symfony\Contracts\HttpClient\HttpClientInterface` in the service provider so the `CheckPackagist` command receives a client instance via constructor injection. This makes the command easy to test and lets applications provide custom HTTP client configuration. - **Streaming & Memory:** Packagist responses are read in a defensive way: the command checks the `Content-Length` header and streams responses in small chunks (with a hard safety limit of 1 MB) to avoid exhausting PHP memory. For environments that still encounter large compressed responses, the command temporarily raises `memory_limit` during execution as a pragmatic fallback. - **Atomic Writes:** When proposing and applying `composer.json` updates the command creates a timestamped backup and uses a temp file + exclusive lock + atomic `rename()` to avoid corrupting `composer.json` on failure. - **Semver policy:** The default behavior is conservative — pre-release tags are ignored when forming `^` constraints. Handling for `0.x` packages and configurable constraint policies are TODOs (see project TODO list). - **Testing:** Unit tests mock `HttpClientInterface` and exercise `fetchPackage()` logic. Reflection-based access was replaced with a small test subclass to avoid PHP 8.5 deprecation warnings. **Debugging & Troubleshooting** - If you see an OOM (out-of-memory) error when running the command against many or very large packages, try running with a higher memory limit: ``` php -d memory_limit=512M artisan packagist:check --installed --outdated ``` - For verbose diagnostic output use the `-v` flag. The command emits information about HTTP status, retry timing and when responses are skipped because they exceed the safety limit. **Publishing Notes** - Package name: `pixovoid/packagist-version-checker` (update `composer.json` author/description if required before publishing). - Recommended pre-publish checklist: run `composer test`, add a GitHub Actions workflow to run tests on push/PR, and consider running `phpstan` for static checks. ### Health Score 38 — LowBetter than 85% of packages Maintenance73 Regular maintenance activity Popularity9 Limited adoption so far Community6 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 153d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/85c00d33dd7878185683149b408bf67e5c454f94a7eb3801e533db03743ab3fe?d=identicon)[PixoVoid](/maintainers/PixoVoid) --- Top Contributors [![PixoVoid](https://avatars.githubusercontent.com/u/189660081?v=4)](https://github.com/PixoVoid "PixoVoid (12 commits)") --- Tags composerlaravelphpcomposerlaravelartisanversion-checkerpackagist ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/pixovoid-packagist-version-checker/health.svg) ``` [![Health](https://phpackages.com/badges/pixovoid-packagist-version-checker/health.svg)](https://phpackages.com/packages/pixovoid-packagist-version-checker) ``` ### Alternatives [cybercog/laravel-paket Composer personal web interface. Manage Laravel dependencies without switching to command line! 1753.3k](/packages/cybercog-laravel-paket)[msztorc/laravel-env Laravel env helper commands 7855.4k](/packages/msztorc-laravel-env)[talevskiigor/composer-bump Laravel artisan command to increment composer.json version. 1870.9k2](/packages/talevskiigor-composer-bump) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)