PHPackages plan2net/typo3-update-check - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. plan2net/typo3-update-check ActiveComposer-plugin[Security](/categories/security) plan2net/typo3-update-check =========================== A Composer plugin that checks for TYPO3 updates and provides detailed information about breaking changes and security updates 1.1.0(5mo ago)204.5k↓25%GPL-2.0+PHPPHP >=8.1CI passing Since Jul 18Pushed 5mo ago2 watchersCompare [ Source](https://github.com/plan2net/typo3-update-check)[ Packagist](https://packagist.org/packages/plan2net/typo3-update-check)[ Docs](https://github.com/plan2net/typo3-update-check)[ RSS](/packages/plan2net-typo3-update-check/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (6)Versions (4)Used By (0) TYPO3 Update Check ================== [](#typo3-update-check) [![CI](https://github.com/plan2net/typo3-update-check/actions/workflows/ci.yml/badge.svg)](https://github.com/plan2net/typo3-update-check/actions/workflows/ci.yml)[![Latest Version](https://camo.githubusercontent.com/3e6ce5d996d6d186d9e6df1d41a1f5e0cd5ecf17eeb2e6a329e3d1c1ac3ab7c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f706c616e326e65742f7479706f332d7570646174652d636865636b3f696e636c7564655f70726572656c6561736573266c6162656c3d6c6174657374)](https://github.com/plan2net/typo3-update-check/releases)[![PHP Version](https://camo.githubusercontent.com/56cbbb2166a757dee95b018903c2b351501ada3bbb6a32a42edcb0e48b9ca657/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f706c616e326e65742f7479706f332d7570646174652d636865636b)](https://packagist.org/packages/plan2net/typo3-update-check)[![License](https://camo.githubusercontent.com/00cc3f3ccff97387d7811251881702d3a3ef999012db122780eca4b67396b25c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706c616e326e65742f7479706f332d7570646174652d636865636b)](https://github.com/plan2net/typo3-update-check/blob/main/LICENSE)[![Downloads](https://camo.githubusercontent.com/d987fcdf859382aa1e591c84a4bb111836aa2e3f8722a321e53c1226b613e0b2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f706c616e326e65742f7479706f332d7570646174652d636865636b)](https://packagist.org/packages/plan2net/typo3-update-check) A Composer plugin that intercepts TYPO3 core updates and displays breaking changes and security updates before proceeding. Purpose and motivation ---------------------- [](#purpose-and-motivation) When updating TYPO3, it's easy to overlook critical changes buried in release notes and announcements. Even minor version updates can introduce breaking changes or important security fixes that require immediate attention. Traditionally, developers need to manually check release announcements, security advisories, and changelogs—a time-consuming process that's often skipped under deadline pressure. This Composer plugin solves this problem by bringing important information directly to your terminal, exactly when and where you need it. During the update process, it automatically highlights breaking changes (⚠️) and security updates (⚡), ensuring you never miss critical changes that could impact your application's functionality or security. Installation ------------ [](#installation) ``` composer require --dev plan2net/typo3-update-check ``` **Note:** This plugin should only be installed as a development dependency since it's only useful during development when running `composer update`. Production deployments typically use `composer install` with locked versions. If you choose to install it in production environments, you do so at your own risk. How it works ------------ [](#how-it-works) The plugin automatically activates during `composer update` and: 1. **Detects TYPO3 core updates** - Monitors when `typo3/cms-core` is being updated 2. **Fetches release information** - Retrieves data from the TYPO3 API for all versions between current and target 3. **Analyzes security bulletins** - Fetches severity levels (Critical, High, Medium, Low) from security advisories 4. **Displays important changes** - Shows only versions with breaking changes or security updates, including severity summary 5. **Requests confirmation** - Prompts before proceeding with updates that contain breaking changes Example output -------------- [](#example-output) [![Demo](documentation/render.gif)](documentation/render.gif) [![Demo](documentation/plugin.png)](documentation/plugin.png) Non-interactive mode -------------------- [](#non-interactive-mode) In non-interactive environments (CI/CD), the plugin will display information but automatically proceed with the update. Manual check ------------ [](#manual-check) Once installed, you can manually check for breaking changes and security updates between any two versions: ``` composer typo3:check-updates 12.4.10 12.4.20 ``` This is useful for planning upgrades or reviewing changes without actually performing an update. [![Demo](documentation/command.png)](documentation/command.png) Security severity information ----------------------------- [](#security-severity-information) When security updates are detected, the plugin automatically fetches severity information from TYPO3 security bulletins and displays a summary: - **Severity levels**: Critical, High, Medium, Low This helps developers quickly assess the urgency of security updates without manually checking each bulletin. API availability ---------------- [](#api-availability) If the TYPO3 API is temporarily unavailable, the plugin will display an error message but allow the update to proceed. This ensures that temporary API issues don't block your development workflow. Caching ------- [](#caching) The plugin caches API responses to improve performance and reduce load on the TYPO3 API servers: - **Cache location**: Uses Composer's global cache directory (`~/.cache/composer` on Linux/macOS, `%LOCALAPPDATA%\Composer` on Windows) - **Cache duration**: - Release lists: 1 hour (automatically refreshed) - Release content: Permanent (version content never changes) - Security bulletins: Permanent (bulletin content never changes) - **Shared cache**: Works across all TYPO3 projects on the same machine - **Automatic cleanup**: Expired cache entries are automatically removed The caching system ensures fast subsequent runs while keeping release information up-to-date. Development ----------- [](#development) ### Setup [](#setup) ``` composer install ``` ### Testing [](#testing) ``` composer test ``` ### Code quality [](#code-quality) ``` composer analyse composer cs-fix ``` Requirements ------------ [](#requirements) - PHP 8.1+ - Composer 2.0+ License ------- [](#license) GPL-2.0+ ### Health Score 43 — FairBetter than 91% of packages Maintenance73 Regular maintenance activity Popularity31 Limited adoption so far Community9 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~75 days Total 3 Last Release 154d ago Major Versions 0.9.0 → 1.0.02025-10-26 ### Community Maintainers ![](https://www.gravatar.com/avatar/f4ea950f22b43e010ba4f0a6effb0928a6a1d11f64d36cec0d030b757bdfa85e?d=identicon)[wazum](/maintainers/wazum) ![](https://www.gravatar.com/avatar/fdc5d7c9be0f04c0d84c56db1e263fb7cb88c40564a7c293f1a2d4aa543f0115?d=identicon)[plan2net@packagist](/maintainers/plan2net@packagist) --- Top Contributors [![wazum](https://avatars.githubusercontent.com/u/146727?v=4)](https://github.com/wazum "wazum (19 commits)") --- Tags composerphptypo3securityupdatescomposer-plugintypo3 ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/plan2net-typo3-update-check/health.svg) ``` [![Health](https://phpackages.com/badges/plan2net-typo3-update-check/health.svg)](https://phpackages.com/packages/plan2net-typo3-update-check) ``` ### Alternatives [enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker)[akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[jorijn/laravel-security-checker Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you. 2021.8M1](/packages/jorijn-laravel-security-checker)[bringyourownideas/silverstripe-maintenance Toolset to help with the day by day maintenance work. 32221.8k4](/packages/bringyourownideas-silverstripe-maintenance)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[spooner-web/be_secure_pw You can set password conventions to force secure passwords for BE users. 10461.3k](/packages/spooner-web-be-secure-pw) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)