PHPackages shipmonk/composer-dependency-analyser - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. shipmonk/composer-dependency-analyser ActiveLibrary[Utility & Helpers](/categories/utility) shipmonk/composer-dependency-analyser ===================================== Fast detection of composer dependency issues (dead dependencies, shadow dependencies, misplaced dependencies) 1.8.4(5mo ago)6156.7Mβ€”9%14[17 issues](https://github.com/shipmonk-rnd/composer-dependency-analyser/issues)[3 PRs](https://github.com/shipmonk-rnd/composer-dependency-analyser/pulls)20MITPHPPHP ^7.2 || ^8.0CI passing Since Jan 17Pushed 4d ago4 watchersCompare [ Source](https://github.com/shipmonk-rnd/composer-dependency-analyser)[ Packagist](https://packagist.org/packages/shipmonk/composer-dependency-analyser)[ RSS](/packages/shipmonk-composer-dependency-analyser/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (9)Versions (26)Used By (20) Composer dependency analyser ============================ [](#composer-dependency-analyser) - πŸ’ͺ **Powerful:** Detects unused, shadow and misplaced composer dependencies - ⚑ **Performant:** Scans 15 000 files in 2s! - βš™οΈ **Configurable:** Fine-grained ignores via PHP config - πŸ•ΈοΈ **Lightweight:** No composer dependencies - 🍰 **Easy-to-use:** No config needed for first try - ✨ **Compatible:** PHP 7.2 - 8.5 Comparison: ----------- [](#comparison) ProjectDead dependencyShadow dependencyMisplaced in `require`Misplaced in `require-dev`Time\*maglnet/ **composer-require-checker**βŒβœ…βŒβŒ124 secsicanhazstring/ **composer-unused**βœ…βŒβŒβŒ72 secsshipmonk/ **composer-dependency-analyser**βœ…βœ…βœ…βœ…**2 secs**\*Time measured on codebase with ~15 000 files Installation: ------------- [](#installation) ``` composer require --dev shipmonk/composer-dependency-analyser ``` *Note that this package itself has **zero composer dependencies.*** Usage: ------ [](#usage) ``` vendor/bin/composer-dependency-analyser ``` Example output: ``` Found shadow dependencies! (those are used, but not listed as dependency in composer.json) β€’ nette/utils e.g. Nette\Utils\Strings in app/Controller/ProductController.php:24 (+ 6 more) Found unused dependencies! (those are listed in composer.json, but no usage was found in scanned paths) β€’ nette/utils (scanned 13970 files in 2.297 s) ``` Detected issues: ---------------- [](#detected-issues) This tool reads your `composer.json` and scans all paths listed in `autoload` & `autoload-dev` sections while analysing you dependencies (both **packages and PHP extensions**). ### Shadowed dependencies [](#shadowed-dependencies) - Those are dependencies of your dependencies, which are not listed in `composer.json` - Your code can break when your direct dependency gets updated to newer version which does not require that shadowed dependency anymore - You should list all those packages within your dependencies ### Unused dependencies [](#unused-dependencies) - Any non-dev dependency is expected to have at least single usage within the scanned paths - To avoid false positives here, you might need to adjust scanned paths or ignore some packages by `--config` ### Dev dependencies in production code [](#dev-dependencies-in-production-code) - For libraries, this is risky as your users might not have those installed - For applications, it can break once you run it with `composer install --no-dev` - You should move those from `require-dev` to `require` ### Prod dependencies used only in dev paths [](#prod-dependencies-used-only-in-dev-paths) - For libraries, this miscategorization can lead to uselessly required dependencies for your users - You should move those from `require` to `require-dev` ### Unknown classes [](#unknown-classes) - Any class that cannot be autoloaded gets reported as we cannot say if that one is shadowed or not ### Unknown functions [](#unknown-functions) - Any function that is used, but not defined during runtime gets reported as we cannot say if that one is shadowed or not Cli options: ------------ [](#cli-options) - `--composer-json path/to/composer.json` for custom path to composer.json - `--dump-usages symfony/console` to show usages of certain package(s), `*` placeholder is supported - `--config path/to/config.php` for custom path to config file - `--version` display version - `--help` display usage & cli options - `--verbose` to see more example classes & usages - `--show-all-usages` to see all usages - `--format` to use different output format, available are: `console` (default), `junit` - `--disable-ext-analysis` to disable php extensions analysis (e.g. `ext-xml`) - `--ignore-unknown-classes` to globally ignore unknown classes - `--ignore-unknown-functions` to globally ignore unknown functions - `--ignore-shadow-deps` to globally ignore shadow dependencies - `--ignore-unused-deps` to globally ignore unused dependencies - `--ignore-dev-in-prod-deps` to globally ignore dev dependencies in prod code - `--ignore-prod-only-in-dev-deps` to globally ignore prod dependencies used only in dev paths Configuration: -------------- [](#configuration) When a file named `composer-dependency-analyser.php` is located in cwd, it gets loaded automatically. The file must return `ShipMonk\ComposerDependencyAnalyser\Config\Configuration` object. You can use custom path and filename via `--config` cli option. Here is example of what you can do: ```