PHPackages spiriitlabs/composer-update-report - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. spiriitlabs/composer-update-report ActiveComposer-plugin[Utility & Helpers](/categories/utility) spiriitlabs/composer-update-report ================================== Composer plugin that generates a Markdown report after each composer update v1.0.1(3w ago)036↓100%MITPHPPHP ^8.1CI passing Since May 13Pushed 6d agoCompare [ Source](https://github.com/SpiriitLabs/composer-update-report)[ Packagist](https://packagist.org/packages/spiriitlabs/composer-update-report)[ RSS](/packages/spiriitlabs-composer-update-report/feed)WikiDiscussions main Synced 1w ago READMEChangelog (3)Dependencies (5)Versions (3)Used By (0) composer-update-report ====================== [](#composer-update-report) A Composer plugin that automatically generates a Markdown report after each `composer update`, by comparing the current `composer.lock` with the version recorded in Git. It is **framework-agnostic**: updated packages are grouped automatically by their Composer vendor (`drupal/*`, `symfony/*`, `laravel/*`, …), so the report highlights whatever stack your project uses — Drupal, Symfony, Laravel or any other — without any configuration. Requirements ------------ [](#requirements) - PHP >= 8.1 - Composer >= 2.0 - The project must be versioned with **Git** (the plugin reads `composer.lock` from `HEAD`) Installation ------------ [](#installation) ``` composer require --dev spiriitlabs/composer-update-report ``` > The plugin activates automatically upon installation — no additional configuration is required. How it works ------------ [](#how-it-works) On each `composer update`, the plugin: 1. Reads `composer.lock` from `HEAD` (state before the update) 2. Compares it with the current `composer.lock` (state after the update) 3. Groups updated packages by Composer vendor 4. Generates a `composer-update-YYYY-MM-DD.md` file at the project root If no version changes are detected, no file is created. ### Same-day updates are merged [](#same-day-updates-are-merged) If you run several `composer update` during the same day, the reports are **merged** into a single `composer-update-YYYY-MM-DD.md` rather than overwritten or appended. The first run of the day records the starting state of `composer.lock` (from Git `HEAD`) into a hidden baseline file (`.composer-update-YYYY-MM-DD.base.json`). Every subsequent run recomputes the diff against that baseline, so the report always reflects **all the updates of the day** as one consolidated summary — even if `composer.lock` was committed between two updates. The baseline file is per-day and can be safely ignored/deleted (it is git-ignored by default). Report contents --------------- [](#report-contents) The report is structured into sections: SectionContents**Updates (per vendor)**One subsection per Composer vendor (`drupal`, `symfony`, …), most active first**New packages**Packages absent from the previous `composer.lock`**Removed packages**Packages present in the previous `composer.lock` but now removedUpdated packages are grouped automatically by their vendor prefix (the part before `/`). Vendors are ordered by the number of updated packages (descending), so the framework that changed the most appears first. Well-known vendors get a curated icon and label (Drupal, Symfony, Laravel, API Platform, Doctrine, Twig, League, PHPUnit, PHPStan); any other vendor falls back to a generic icon and its capitalised name. Packages with no `vendor/` prefix are gathered under **Autres librairies**. Within a vendor, packages that share the same before/after version are merged into a single line (typical of Symfony components released in lockstep). ### Example generated report [](#example-generated-report) ``` # Update summary — 30/04/2026 Based on the `composer.lock` diff, here is a summary of all updated packages. ### 🚀 Major and minor updates #### 🎵 Symfony * Updated from `6.4.6` to `6.4.8`: * `symfony/console`, `symfony/http-kernel`, `symfony/routing` #### 🔵 Drupal * `drupal/core` : `10.2.5` ➝ `10.3.0` * `drupal/pathauto` : `1.11.0` ➝ `1.12.0` #### 📦 Autres librairies * `monolog` : `2.9.0` ➝ `3.0.0` ### ✅ New packages * `drupal/gin` : `3.0.0` ### ❌ Removed packages * `drupal/obsolete_module` : `1.0.0` ``` Configuration ------------- [](#configuration) By default the report is generated at the project root. You can change the output directory by adding the following to your `composer.json`: ``` { "extra": { "composer-update-report": { "output-dir": "reports/composer" } } } ``` The directory is created automatically if it does not exist. The path is relative to the project root. Notes ----- [](#notes) - The report includes both `require` and `require-dev` packages. - Packages sharing the same before/after version (within a vendor) are grouped into a single line for readability. - The generated file is not committed automatically; it is intended to be copied into a ticket, a PR, or a tracking tool. - If `composer.lock` does not yet exist in `HEAD` (first commit, empty repository), the plugin prints a warning and generates nothing. License ------- [](#license) MIT — see [LICENSE](LICENSE) ### Health Score 41 — FairBetter than 87% of packages Maintenance97 Actively maintained with recent releases Popularity11 Limited adoption so far Community6 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 27d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/108736513?v=4)[Spiriit](/maintainers/SpiriitLabs)[@SpiriitLabs](https://github.com/SpiriitLabs) --- Top Contributors [![lotimopa](https://avatars.githubusercontent.com/u/267104737?v=4)](https://github.com/lotimopa "lotimopa (9 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/spiriitlabs-composer-update-report/health.svg) ``` [![Health](https://phpackages.com/badges/spiriitlabs-composer-update-report/health.svg)](https://phpackages.com/packages/spiriitlabs-composer-update-report) ``` ### Alternatives [symfony/runtime Enables decoupling PHP applications from global state 74694.9M933](/packages/symfony-runtime)[ergebnis/composer-normalize Provides a composer plugin for normalizing composer.json. 1.1k40.0M2.6k](/packages/ergebnis-composer-normalize)[drupal/core-composer-scaffold A flexible Composer project scaffold builder. 5344.1M525](/packages/drupal-core-composer-scaffold)[drupal/core-project-message Adds a message after Composer installation. 2124.0M192](/packages/drupal-core-project-message)[sandersander/composer-link Adds ability to link local packages for development with composer 98441.4k](/packages/sandersander-composer-link)[phpro/grumphp-shim GrumPHP Phar distribution 284.6M333](/packages/phpro-grumphp-shim) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)