PHPackages smnandre/packapi - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. smnandre/packapi ActiveLibrary[Security](/categories/security) smnandre/packapi ================ PHP library for retrieving package metadata, download statistics, security advisories, and quality metrics from Composer, NPM, GitHub, jsDelivr, and OSV databases v1.0.0(8mo ago)41MITPHPPHP ^8.3CI passing Since Sep 7Pushed 8mo agoCompare [ Source](https://github.com/smnandre/packapi)[ Packagist](https://packagist.org/packages/smnandre/packapi)[ GitHub Sponsors](https://github.com/smnandre)[ RSS](/packages/smnandre-packapi/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (9)Versions (2)Used By (0) [![Pack API](.github/packapi.png)](.github/packapi.png) ======================================================= [](#) [![PHP Version](https://camo.githubusercontent.com/488af7b36f08cb05016756771bf805843799f2fe4d9bda26eed923e92440437a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e332b2d3741383539333f6c6f676f436f6c6f723d374138353933266c6162656c436f6c6f723d313631343036)](https://camo.githubusercontent.com/488af7b36f08cb05016756771bf805843799f2fe4d9bda26eed923e92440437a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e332b2d3741383539333f6c6f676f436f6c6f723d374138353933266c6162656c436f6c6f723d313631343036) [![CI](https://camo.githubusercontent.com/a2e94941daab406a97c7ea9dd35c33fffa400c22d5ae38055f1119eff71a731a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f736d6e616e6472652f7061636b6170692f43492e79616d6c3f6272616e63683d6d61696e266c6162656c3d5465737473266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933)](https://camo.githubusercontent.com/a2e94941daab406a97c7ea9dd35c33fffa400c22d5ae38055f1119eff71a731a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f736d6e616e6472652f7061636b6170692f43492e79616d6c3f6272616e63683d6d61696e266c6162656c3d5465737473266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933) [![Release](https://camo.githubusercontent.com/c483feb3b2cee5291a9983114c6c3828c43e540f48df12c60e9535f723731dd2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f736d6e616e6472652f7061636b6170693f6c6162656c3d537461626c65266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933)](https://camo.githubusercontent.com/c483feb3b2cee5291a9983114c6c3828c43e540f48df12c60e9535f723731dd2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f736d6e616e6472652f7061636b6170693f6c6162656c3d537461626c65266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933) [![GitHub Sponsors](https://camo.githubusercontent.com/4134ebc962daf509020643cc25eb1708252836310176278a083d400d3b5d2496/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73706f6e736f72732f736d6e616e6472653f6c6f676f3d67697468756273706f6e736f7273266c6f676f436f6c6f723d374138353933266c6162656c3d25323053706f6e736f72266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933)](https://github.com/sponsors/smnandre) [![License](https://camo.githubusercontent.com/0fbc8da36f8ba926be2af6a3e593517cc8a3bf50e1e967d594c106afbda47420/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f736d6e616e6472652f7061636b6170693f6c6162656c3d4c6963656e7365266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933)](https://camo.githubusercontent.com/0fbc8da36f8ba926be2af6a3e593517cc8a3bf50e1e967d594c106afbda47420/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f736d6e616e6472652f7061636b6170693f6c6162656c3d4c6963656e7365266c6162656c436f6c6f723d31363134303626636f6c6f723d374138353933) Get insights from **Composer**, **NPM**, **GitHub**, and more via a unified, strongly‑typed API. Features -------- [](#features) - **Multi‑ecosystem**: Composer, NPM, GitHub, jsDelivr, OSV, BundlePhobia - **Analyses**: Metadata, downloads, security, activity, quality - **Strong typing**: PHP 8.3+ with strict types - **Extensible**: Provider/factory architecture - **Well‑tested**: Extensive automated test suite - **Lean deps**: Symfony components and PSR interfaces - **HTTP/3 (QUIC)** support with graceful fallback Quick Start ----------- [](#quick-start) ### Installation [](#installation) ``` composer require smnandre/packapi ``` ### Basic Usage [](#basic-usage) ``` use PackApi\Bridge\Packagist\PackagistProviderFactory; use PackApi\Http\HttpClientFactory; use PackApi\Inspector\{MetadataInspector, DownloadStatsInspector}; use PackApi\Package\ComposerPackage; $http = new HttpClientFactory(); $packagist = new PackagistProviderFactory($http); $metadata = new MetadataInspector([ $packagist->createMetadataProvider(), ]); $downloads = new DownloadStatsInspector([ $packagist->createStatsProvider(), ]); $package = new ComposerPackage('symfony/console'); $meta = $metadata->getMetadata($package); $stats = $downloads->getStats($package); echo 'Package: '.($meta?->name ?? 'N/A')."\n"; echo 'Monthly downloads: '.($stats?->get('monthly')?->getCount() ?? 'N/A')."\n"; ``` For activity, content, quality, and OSV security, add the relevant provider factories (GitHub, jsDelivr, OSV) and pass them to the corresponding inspectors. Supported Package Types ----------------------- [](#supported-package-types) EcosystemPackage TypeMetadataDownloadsSecurityActivityContentBundle Size**Composer**`ComposerPackage`YesYesYesYesYesNo**NPM**`NpmPackage`YesYesYesYesYesYes**GitHub**Any with repo URLYesYesYesYesYesNoUsage Examples -------------- [](#usage-examples) ### Package Metadata Analysis [](#package-metadata-analysis) ``` use PackApi\Inspector\MetadataInspector; use PackApi\Bridge\Packagist\PackagistProviderFactory; use PackApi\Package\ComposerPackage; $factory = new PackagistProviderFactory($httpClient); $inspector = new MetadataInspector([ $factory->createMetadataProvider() ]); $package = new ComposerPackage('laravel/framework'); $metadata = $inspector->getMetadata($package); echo $metadata->getName() . "\n"; // laravel/framework echo $metadata->getDescription() . "\n"; // The Laravel Framework echo $metadata->getLicense() . "\n"; // MIT echo $metadata->getRepository() . "\n"; // https://github.com/laravel/framework ``` ### Download Statistics [](#download-statistics) ``` use PackApi\Inspector\DownloadStatsInspector; use PackApi\Package\NpmPackage; $inspector = new DownloadStatsInspector([ $npmFactory->createDownloadStatsProvider(), $packagistFactory->createStatsProvider() ]); $package = new NpmPackage('react'); $stats = $inspector->getStats($package); $monthly = $stats->get('monthly'); if ($monthly) { echo "Downloads this month: " . number_format($monthly->getCount()) . "\n"; $days = $monthly->getEnd()->diff($monthly->getStart())->days + 1; echo "Daily average: " . number_format($monthly->getCount() / $days) . "\n"; } ``` ### Security Advisory Scanning [](#security-advisory-scanning) ``` use PackApi\Inspector\SecurityInspector; use PackApi\Bridge\OSV\OSVProviderFactory; use PackApi\Bridge\GitHub\GitHubProviderFactory; $inspector = new SecurityInspector([ $osvFactory->createSecurityProvider(), // OSV Database $githubFactory->createSecurityProvider() // GitHub Security Advisories ]); $advisories = $inspector->getSecurityAdvisories($package); foreach ($advisories as $advisory) { echo "ALERT: {$advisory->getTitle()}\n"; echo " Severity: {$advisory->getSeverity()}\n"; echo " Link: {$advisory->getLink()}\n\n"; } ``` ### Project Activity Analysis [](#project-activity-analysis) ``` use PackApi\Inspector\ActivityInspector; $inspector = new ActivityInspector([ $githubFactory->createActivityProvider() ]); $activity = $inspector->getActivitySummary($package); echo "Last commit: " . $activity->getLastCommit()?->format('Y-m-d') . "\n"; echo "Contributors: " . $activity->getContributors() . "\n"; echo "Open issues: " . $activity->getOpenIssues() . "\n"; echo "Latest release: " . $activity->getLastRelease() . "\n"; ``` ### Package Content Analysis [](#package-content-analysis) ``` use PackApi\Inspector\ContentInspector; $inspector = new ContentInspector([ $jsDelivrFactory->createContentProvider(), $githubFactory->createContentProvider() ]); $content = $inspector->getContentOverview($package); echo "Files: " . $content->getFileCount() . "\n"; echo "Total size: " . number_format($content->getTotalSize()) . " bytes\n"; echo "Has README: " . ($content->hasReadme() ? 'Yes' : 'No') . "\n"; echo "Has tests: " . ($content->hasTests() ? 'Yes' : 'No') . "\n"; ``` ### Bundle Size Analysis (NPM) [](#bundle-size-analysis-npm) ``` use PackApi\Bridge\BundlePhobia\BundlePhobiaProviderFactory; $httpFactory = new HttpClientFactory(); $factory = new BundlePhobiaProviderFactory($httpFactory); $sizeProvider = $factory->createBundleSizeProvider(); $package = new NpmPackage('lodash'); $bundleSize = $sizeProvider->getBundleSize($package); if ($bundleSize) { echo "Bundle size: " . $bundleSize->getFormattedSize() . "\n"; echo "Gzipped: " . $bundleSize->getFormattedGzipSize() . "\n"; echo "Dependencies: " . $bundleSize->getDependencyCount() . "\n"; } ``` Configuration ------------- [](#configuration) ### HTTP/3 (QUIC) [](#http3-quic) PackApi supports HTTP/3 for improved performance: ``` use PackApi\Http\HttpClientFactory; $httpFactory = new HttpClientFactory(); $client = $httpFactory->createClient([ 'enable_quic' => true // Automatic fallback if not supported ]); ``` ### Caching [](#caching) Enable HTTP caching at the Symfony HTTP client level (e.g., `CachingHttpClient` with an HttpKernel `Store`). PackApi does not require a separate configuration object. ### Logging [](#logging) Pass a PSR‑3 logger to `HttpClientFactory` to log outgoing requests in examples and providers. ### GitHub Authentication [](#github-authentication) For higher GitHub rate limits, provide a token: ``` // Via environment variable $_ENV['GITHUB_TOKEN'] = 'ghp_your_token_here'; // Pass the token to GitHubProviderFactory when creating providers // $github = new GitHubProviderFactory($httpFactory, $_ENV['GITHUB_TOKEN'] ?? null); ``` Architecture ------------ [](#architecture) PackApi uses a clean, extensible architecture: ### Core Components [](#core-components) - **Packages**: Represent different package types (`ComposerPackage`, `NpmPackage`) - **Inspectors**: Analyze specific aspects (metadata, downloads, security, etc.) - **Providers**: Fetch data from external sources (Packagist, GitHub, NPM, etc.) - **Models**: Strongly-typed value objects for results - **Builder**: Fluent API for configuration ### Provider Pattern [](#provider-pattern) Each inspector accepts one or more providers from the corresponding factory. Providers are tried in order until one succeeds. ``` $security = new SecurityInspector([ $osvFactory->createSecurityProvider(), $githubFactory->createSecurityProvider(), $packagistFactory->createSecurityProvider(), ]); $advisories = $security->getSecurityAdvisories($package); ``` Testing ------- [](#testing) PackApi has comprehensive test coverage: ``` # Run tests composer test # Run with coverage composer test-coverage # Check code style composer cs # Fix code style composer cs-fix ``` Examples -------- [](#examples) Run the sample scripts in `examples/` to try PackApi quickly: - `examples/metadata-analysis.php`: print package metadata - `examples/download-stats-analysis.php`: print download periods - `examples/content-analysis.php`: analyze files and flags - `examples/activity-analysis.php`: summarize repo activity (set `GITHUB_TOKEN` for richer data) - `examples/security-analysis.php`: list security advisories (OSV/GitHub) - `examples/bundlephobia-size.php`: show NPM bundle sizes - `examples/all-analysis.php`: run a combined analysis with sensible fallbacks Usage: ``` php examples/metadata-analysis.php php examples/all-analysis.php ``` ### Adding New Providers [](#adding-new-providers) ``` // 1. Implement the provider interface class MyCustomProvider implements MetadataProviderInterface { public function supports(Package $package): bool { /* ... */ } public function getMetadata(Package $package): ?Metadata { /* ... */ } } // 2. Create a factory class MyCustomProviderFactory { public function createMetadataProvider(): MyCustomProvider { return new MyCustomProvider($this->httpClient); } } // 3. Use in inspector $inspector = new MetadataInspector([ new MyCustomProvider($httpClient) ]); ``` Requirements ------------ [](#requirements) - **PHP 8.3+** (uses modern PHP features) - **ext-json** (for API responses) - **ext-curl** (for HTTP requests) - **ext-mbstring** (for string handling) ### Optional [](#optional) - **ext-curl with HTTP/3** (for QUIC support) - **Redis/Memcached** (for distributed caching) --- Contributing ------------ [](#contributing) Contributions are welcome! Please start by creating an issue to discuss your changes. --- Credits ------- [](#credits) Created and maintained by [Simon André](https://github.com/smnandre). Tip This library is developed and maintained by a single developer in their free time. To ensure continued maintenance and improvements, consider [sponsoring development](https://github.com/sponsors/smnandre). --- License ------- [](#license) MIT License - see [LICENSE](LICENSE) file for details. ### Health Score 32 — LowBetter than 72% of packages Maintenance60 Regular maintenance activity Popularity5 Limited adoption so far Community6 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 253d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/a8951d49b371d210280a58ce48969a07d1f49924810f8a1fab3a9343eb46fdc9?d=identicon)[simonandre](/maintainers/simonandre) --- Top Contributors [![smnandre](https://avatars.githubusercontent.com/u/1359581?v=4)](https://github.com/smnandre "smnandre (10 commits)") --- Tags composerdownloadsjsdelivermetadatanpmnpm-packagepackagepackage-metadatapackagistsecurityphpcomposersymfonymetadatagithubapi clientvulnerability scannersecurity advisoriespackagistnpmdependency-analysisjsDelivrosvbundlephobiapackage-analysisdownload-statisticsquality-metricsmulti-ecosystem ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/smnandre-packapi/health.svg) ``` [![Health](https://phpackages.com/badges/smnandre-packapi/health.svg)](https://phpackages.com/packages/smnandre-packapi) ``` ### Alternatives [enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[contao/core-bundle Contao Open Source CMS 1231.6M2.4k](/packages/contao-core-bundle)[shopware/core Shopware platform is the core for all Shopware ecommerce products. 595.2M386](/packages/shopware-core)[lorddashme/php-simple-captcha A simple captcha package that fit to any type of web application built on php. 102.9k](/packages/lorddashme-php-simple-captcha) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)