PHPackages stolt/lean-package-validator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. stolt/lean-package-validator ActiveLibrary[CLI & Console](/categories/cli) stolt/lean-package-validator ============================ Library and CLI for validating if a project or package has and will have lean releases. v6.0.0(3w ago)186.1k8[6 issues](https://github.com/raphaelstolt/lean-package-validator/issues)20MITPHPPHP >=8.2CI passing Since Sep 4Pushed 3w ago2 watchersCompare [ Source](https://github.com/raphaelstolt/lean-package-validator)[ Packagist](https://packagist.org/packages/stolt/lean-package-validator)[ GitHub Sponsors](https://github.com/raphaelstolt)[ RSS](/packages/stolt-lean-package-validator/feed)WikiDiscussions main Synced 2w ago READMEChangelog (10)Dependencies (47)Versions (95)Used By (20) Lean package validator ====================== [](#lean-package-validator) [![Test Status](https://github.com/raphaelstolt/lean-package-validator/workflows/test/badge.svg)](https://github.com/raphaelstolt/lean-package-validator/workflows/test/badge.svg)[![Version](https://camo.githubusercontent.com/59c45f7d1eb13d67f1e7e919e6ccc30532620d1ccbd41374c4ba195b93e1c7d6/687474703a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73746f6c742f6c65616e2d7061636b6167652d76616c696461746f722e7376673f7374796c653d666c6174)](https://packagist.org/packages/stolt/lean-package-validator)[![PHP Version](https://camo.githubusercontent.com/bee070518258ca00da0973b812d6713d5b4a97a70b8a92b1043436deed97d5dd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d382e322b2d6666363962342e737667)](https://camo.githubusercontent.com/bee070518258ca00da0973b812d6713d5b4a97a70b8a92b1043436deed97d5dd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d382e322b2d6666363962342e737667)[![Boost ready](https://camo.githubusercontent.com/012197862d001cc4028582a19e6e4b92592053e13e2675e0f17f569f21de5020/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f626f6f73742d72656164792d707572706c652e7376673f7374796c653d666c6174)](./resources/boost/skills)[![Laravel 13 ready](https://camo.githubusercontent.com/e5f4a5bddcb1985ebc224b265bdc59c538b0c326f0768e4e264dbba09b13a25d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c5f31332d72656164792d6635343932372e7376673f7374796c653d666c6174)](https://camo.githubusercontent.com/e5f4a5bddcb1985ebc224b265bdc59c538b0c326f0768e4e264dbba09b13a25d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c5f31332d72656164792d6635343932372e7376673f7374796c653d666c6174)[![Downloads](https://camo.githubusercontent.com/a9341b4bd6d708e26ad5c1daaa4f9e41a76dac121f85890eb561c67d53b909ea/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73746f6c742f6c65616e2d7061636b6167652d76616c696461746f72)](https://camo.githubusercontent.com/a9341b4bd6d708e26ad5c1daaa4f9e41a76dac121f85890eb561c67d53b909ea/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73746f6c742f6c65616e2d7061636b6167652d76616c696461746f72)[![composer.lock available](https://camo.githubusercontent.com/dd7dcfa3249a3c6020f515ba344ffbd8e87e8ce4492c5aeb3531ce376f4241ff/68747470733a2f2f706f7365722e707567782e6f72672f73746f6c742f6c65616e2d7061636b6167652d76616c696461746f722f636f6d706f7365726c6f636b)](https://packagist.org/packages/stolt/lean-package-validator)[![PDS Skeleton](https://camo.githubusercontent.com/3c7140ee36205075ed977142f25c29eb1fb7809e9b86a865461fc21776ad1665/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7064732d736b656c65746f6e2d626c75652e7376673f7374796c653d666c6174)](https://github.com/php-pds/skeleton)[![llms.txt](https://camo.githubusercontent.com/78693a04424cf0fbf7cb08afbbcdbef4fbce3d6e1b9cd915d1c2d531b7a0789a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6c6d732e7478742d617661696c61626c652d626c75652e7376673f7374796c653d666c6174)](https://camo.githubusercontent.com/78693a04424cf0fbf7cb08afbbcdbef4fbce3d6e1b9cd915d1c2d531b7a0789a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6c6d732e7478742d617661696c61626c652d626c75652e7376673f7374796c653d666c6174)[![Lean dist package](https://camo.githubusercontent.com/9ef308bdbe7c45e8b0328885c82eb69788f8204f9483a16c8dff3b778346637a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c65616e2d646973742532307061636b6167652d3030666662362e7376673f7374796c653d666c6174)](https://github.com/raphaelstolt/lean-package-validator) [![Lean package validator logo](lpv-logo.png "lpv: the lean package validator")](lpv-logo.png) The lean package validator, or its abbreviation **lpv**, is a utility tool that `validates` a project/micro-package for its `leanness`. A project/micro-package is considered `lean` when its common repository artefacts won't be included in release assets. It can also [create](https://github.com/raphaelstolt/lean-package-validator?tab=readme-ov-file#create-command), [update](https://github.com/raphaelstolt/lean-package-validator?tab=readme-ov-file#update-command), and [reformat](https://github.com/raphaelstolt/lean-package-validator?tab=readme-ov-file#reformat-command) the `leanness` enforcing export-ignore entries of a `.gitattributes`file. Installation ------------ [](#installation) The lean package validator CLI can be installed globally through Composer. ``` composer global require stolt/lean-package-validator ``` Make sure that the path to your global vendor binaries directory is in your `$PATH`. You can determine the location of your global vendor binaries directory via `composer global config bin-dir --absolute`. This way the `lean-package-validator`executable can be located. Since the default name of the CLI is quite a mouthful, an alias which can be placed in `~/.aliases`, `~/.zshrc` or the like might come in handy. The alias shown next assumes that `$COMPOSER_HOME` is `~/.config/composer` and not `~/.composer`. ``` alias lpv='~/.config/composer/vendor/bin/lean-package-validator $@' ``` The lean package validator also can be installed locally to a project which allows further utilisation via [Composer scripts](https://getcomposer.org/doc/articles/scripts.md). ``` composer require --dev stolt/lean-package-validator ``` Tip As of release `v1.9.0` it's also possible to install and use the lean package validator via a PHAR [file](https://github.com/raphaelstolt/lean-package-validator/releases/tag/v1.9.0). Therefor download a released version e.g. v3.3.1 and move it to `/usr/local/bin` as shown next. ``` wget --quiet https://github.com/raphaelstolt/lean-package-validator/releases/download/v3.3.1/lean-package-validator.phar mv lean-package-validator.phar /usr/local/bin/lean-package-validator ``` The lean package validator also can be installed globally via [Homebrew](https://brew.sh/) on macOS systems: ``` brew tap raphaelstolt/lean-package-validator brew install lean-package-validator ``` Usage ----- [](#usage) Run the lean package validator CLI within or against a project/micro-package directory, and it will validate the [export-ignore](https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#Exporting-Your-Repository) directives present in a `.gitattributes` file against a set of common repository artefacts. It can handle **classic** export-ignore directives as well as **negated** export-ignore directives. Classic export-ignore directives are defined as follows: ``` .aiassistant/ export-ignore .editorconfig export-ignore ... LICENSE.md export-ignore llms.txt export-ignore mago.toml export-ignore peck.json export-ignore phpstan.neon.dist export-ignore phpunit.xml.dist export-ignore README.md export-ignore tests/ export-ignore ``` While negated export-ignore directives are defined as follows: ``` * export-ignore composer.json -export-ignore bin/ -export-ignore bin/lean-package-validator -export-ignore resources/ -export-ignore resources/** -export-ignore src/ -export-ignore src/** -export-ignore ``` Run the following command to validate a project/micro-package. ``` lean-package-validator validate [] ``` If no `.gitattributes` file is present it will suggest [creating](https://github.com/raphaelstolt/lean-package-validator?tab=readme-ov-file#create-command) one. ### Available options [](#available-options) The `--enforce-strict-order` option will enforce a strict order comparison of export-ignores in the `.gitattributes`file and fail validation if the order differs. Per **default** the order comparison is done in a non-strict fashion. ``` lean-package-validator validate --enforce-strict-order [] ``` The `--glob-pattern` option allows you to overwrite the default pattern used to match common repository artefacts. The number of patterns in the grouping braces is expected to be `>1`. As shown next, this utility could thereby also be used for projects (i.e. Python) outside the PHP ecosystem. ``` lean-package-validator validate --glob-pattern '{.*,*.rst,*.py[cod],dist/}' [] ``` The default pattern is defined in the PHP preset [file](./src/Presets/PhpPreset.php). The `--glob-pattern-file` option allows you to load patterns, which should be used to match the common repository artefacts, from a given file. You can put a `.lpv` file in the repository which will be used per default and overwrite the default pattern. The structure of such a glob pattern file can be taken from the [example](example/.lpv) directory or be created via `lean-package-validator init`. ``` lean-package-validator validate --glob-pattern-file /path/to/glob-pattern-file [] ``` The `--keep-license` option will allow a license file in the release/dist archive file which is per default omitted. ``` lean-package-validator validate --keep-license [] ``` The `--keep-readme` option will allow a README file in the release/dist archive file which is per default omitted. ``` lean-package-validator validate --keep-readme [] ``` The `--keep-glob-pattern` option allows keeping matching files in the release/dist archive file which are per default omitted. ``` lean-package-validator validate --keep-glob-pattern '{LICENSE.*,README.*,docs*}' [] ``` The `--sort-from-directories-to-files|-s` option will order the export-ignores from directories to files for better readability. ``` lean-package-validator validate --sort-from-directories-to-files [] ``` The `--enforce-alignment` option will enforce a strict alignment of export-ignores in the `.gitattributes` file and fail validation if they aren't aligned. Per **default**, no alignment is enforced. The `--preset=[]` option will use a predefined set of glob pattern. Available presets are `PHP`, `Python`, `Rust`, `JavaScript`, and `Go`. With `PHP` being the default. The `--validate-git-archive` option will validate that no common repository artefacts slip into the release/dist archive file. It will do so by creating a `temporary` archive from the current Git `HEAD` and inspecting its content. With a set `--keep-license` option a license file becomes mandatory and will fail the archive validation if not present. ``` lean-package-validator validate --validate-git-archive [] ``` The `--diff` option will show a visual diff between the actual and expected `.gitattributes` content. ``` lean-package-validator validate --diff [] The present .gitattributes file is considered invalid. Would expect the following .gitattributes file content: --- Original +++ Expected @@ -7,9 +7,8 @@ .github/ export-ignore .gitignore export-ignore .gitmessage export-ignore .php-cs-fixer.php export-ignore -.phpunit.result.cache export-ignore +.idea/ export-ignore bin/application-version export-ignore bin/lean-package-validator.phar export-ignore bin/release-version export-ignore ``` The `--report-stale-export-ignores` option extends the validation to look for export-ignore statements referencing non-existent repository artefacts. In combination with the `--diff` option these will be shown in the output. The `--stdin-input` option allows the validate command to read from `STDIN`, so that the following piped output can be used for validation. It currently only does a strict comparison. ``` cat .gitattributes | lean-package-validator validate --stdin-input ``` ### Additional commands [](#additional-commands) #### Create command [](#create-command) The `create` command will create a `.gitattributes` file in the given directory. Via the `--force` option it is possible to overwrite an existing `.gitattributes` file. To define the flavour of the export-ignore directives to use in the creation process, the `--flavour` option can be used, with the default being `classic`. #### Update command [](#update-command) The `update` command will update a present `.gitattributes` file in the given directory. Like the above-mentioned `create`command it provides a `--dry-run` option to see what the `.gitattributes` content would look like. #### Reformat command [](#reformat-command) The `reformat` command will reformat a present `.gitattributes` file in the given directory. This command provides a `--dry-run` option to see what the `.gitattributes` content would look like. It is possible to influence the reformatting by providing the `--sort-alphabetically` and `--sort-from-directories-to-files`options. Via the `--group` option it is possible to group the export-ignores and non-export-ignores entries of the given `.gitattributes` file. #### Configuration init command [](#configuration-init-command) The `init` command will create an initial `.lpv` file with the default patterns used to match common repository artefacts. ``` lean-package-validator init [] ``` The `--overwrite|-o` option overwrites an existing `.lpv` file. Also, see the [refresh](https://github.com/raphaelstolt/lean-package-validator?tab=readme-ov-file#configuration-refresh-command) command. The `--preset` option allows choosing from a predefined set of glob pattern. Available presets are `PHP`, `Python`, `Rust`, `JavaScript`, and `Go`. With `PHP` being the default. The `--dry-run` option will show the content of the `.lpv` file that would be created. #### Configuration refresh command [](#configuration-refresh-command) The `refresh` command updates an existing `.lpv` file by adding missing preset patterns while keeping any manual modifications already present in the file. ``` lean-package-validator refresh [] ``` The command expects a present `.lpv` file in the target directory and will fail if none is existent. The `--preset` option allows choosing from a predefined set of glob pattern. Available presets are `PHP`, `Python`, `Rust`, `JavaScript`, and `Go`. With `PHP` being the default. The `--dry-run` option shows the refreshed `.lpv` content without writing any changes to disk. Existing lines are **preserved**, so custom entries remain untouched while missing preset entries are appended. #### Tree command [](#tree-command) The `tree` command of the lean package validator allows you to inspect the **flat** `source` and `dist package` structure of the given project/micro-package. It is **not** intended for validation use. ``` lean-package-validator tree --src [] Package: stolt/lean-package-validator . ├── .aiassistant/ ├── .github/ ├── .idea/ ├── .phpunit.cache/ ├── bin/ ├── coverage-reports/ ├── example/ ├── resources/ ├── src/ ├── tests/ ├── vendor/ ├── .editorconfig ├── .gitattributes ├── .gitignore ├── .gitmessage ├── .php-cs-fixer.php ├── CHANGELOG.md ├── LICENSE.md ├── README.md ├── box.json.dist ├── composer.json ├── composer.lock ├── llms.txt ├── lpv-logo.png ├── peck.json ├── phpstan.neon.dist └── phpunit.xml.dist 11 directories, 16 files ``` ``` lean-package-validator tree --dist-package [] Package: stolt/lean-package-validator . ├── bin/ ├── resources/ ├── src/ └── composer.json 3 directories, 1 file ``` Utilisation via Composer scripts, cpx, or it's dedicated GitHub Action ---------------------------------------------------------------------- [](#utilisation-via-composer-scripts-cpx-or-its-dedicated-github-action) To avoid that changes coming from contributions or own modifications slip into release/dist archives, it might be helpful to use a guarding [Composer script](https://getcomposer.org/doc/articles/scripts.md), which will be available at everyone's fingertips. By adding the following to the project/micro-package its `composer.json` the `.gitattributes` file can now be easily validated via `composer validate-gitattributes`. ``` { "scripts": { "validate-gitattributes": "lean-package-validator validate" }, } ``` Another option to use the lean package validator is via [cpx](https://cpx.dev/). ``` cpx stolt/lean-package-validator validate ``` For using a dedicated GitHub Action, have a look at the documentation over [here](https://github.com/raphaelstolt/lean-package-validator-action). ### Included AI skills [](#included-ai-skills) This project [includes](./resources/boost/skills) three AI skills focused on managing the `.gitattributes` file for a package: - **validate**: check whether the current `.gitattributes` content matches the expected export-ignore rules. - **create**: generate a `.gitattributes` file when it is missing. - **update**: reconcile an existing `.gitattributes` file with expected export-ignore rules. ### Agentic-friendly output [](#agentic-friendly-output) All commands auto-detect agentic runs, which switches the output from human-readable text to a structured JSON object. This is useful when integrating the tool into AI workflows or automation pipelines where machine-readable output is preferred. ``` export COPILOT_MODEL=1 lean-package-validator validate [] ``` ``` { "command": "validate", "status": "success", "message": "The .gitattributes file is considered valid.", "valid": true } ``` Each response always includes `command`, `status` (`success` or `failure`), and `message` fields. Commands also include additional context-specific fields: CommandAdditional fields on success`validate``valid`, `warnings` (if any), `expected_gitattributes_content` (on failure), `archive_valid`, `unexpected_artifacts``create``gitattributes_file_path``update``gitattributes_file_path``init``lpv_file_path``refresh``lpv_file_path``tree``package`, `tree`### Spreading the word [](#spreading-the-word) You can add the following custom, static [Shields.io](http://shields.io) badge to your repo's `README.md` to mark the package as lean and spread the word for this tool. It is also *welcome* to keep the added headers to the modified `.gitattributes` files. [![Lean dist package](https://camo.githubusercontent.com/9ef308bdbe7c45e8b0328885c82eb69788f8204f9483a16c8dff3b778346637a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c65616e2d646973742532307061636b6167652d3030666662362e7376673f7374796c653d666c6174)](https://github.com/raphaelstolt/lean-package-validator) ### Running tests [](#running-tests) ``` composer lpv:test ``` ### License [](#license) This library and its CLI are licensed under the MIT license. Please see [LICENSE.md](LICENSE.md) for more details. ### Changelog [](#changelog) Please see [CHANGELOG.md](CHANGELOG.md) for more details. ### Contributing [](#contributing) Please see [CONTRIBUTING.md](.github/CONTRIBUTING.md) for more details. ### Health Score 65 — FairBetter than 99% of packages Maintenance89 Actively maintained with recent releases Popularity36 Limited adoption so far Community28 Small or concentrated contributor base Maturity92 Battle-tested with a long release history Bus Factor1 Top contributor holds 99.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~40 days Recently: every ~5 days Total 90 Last Release 22d ago Major Versions v1.9.0 → v2.0.02019-01-02 v2.0.2 → v3.0.02022-04-28 v3.3.2 → v4.0.02024-04-26 v4.7.1 → v5.0.02025-09-17 v5.9.1 → v6.0.02026-06-01 PHP version history (6 changes)v1.0.0PHP >=5.6 v2.0.0PHP >=7.1 v3.0.0PHP >=7.4 v3.0.1PHP >=8.0 v3.3.0PHP >=8.1 v5.6.0PHP >=8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/132faf5713fa951f4263fad02858a62e55c5d832ad775b33e49ba0cda2f2a028?d=identicon)[Raphael Stolt](/maintainers/Raphael%20Stolt) --- Top Contributors [![raphaelstolt](https://avatars.githubusercontent.com/u/48225?v=4)](https://github.com/raphaelstolt "raphaelstolt (508 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![sanmai](https://avatars.githubusercontent.com/u/139488?v=4)](https://github.com/sanmai "sanmai (1 commits)")[![sasezaki](https://avatars.githubusercontent.com/u/42755?v=4)](https://github.com/sasezaki "sasezaki (1 commits)") --- Tags ai-skillscarbon-footprintdatensparsamkeitgit-utilitiesgitattributesgitattributes-creatorgitattributes-generatorgitattributes-templatesgitattributes-validatorlean-dist-releasespackage-artifactspackage-managementrepository-managementrepository-utilitiesclivalidationdevpackagereleaseproject.gitattributesleandistlpv ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/stolt-lean-package-validator/health.svg) ``` [![Health](https://phpackages.com/badges/stolt-lean-package-validator/health.svg)](https://phpackages.com/packages/stolt-lean-package-validator) ``` ### Alternatives [drupal/core Drupal is an open source content management platform powering millions of websites and applications. 19564.8M1.6k](/packages/drupal-core)[dereuromark/cakephp-ide-helper CakePHP IdeHelper Plugin to improve auto-completion 1882.3M40](/packages/dereuromark-cakephp-ide-helper)[rector/rector-src Instant Upgrade and Automated Refactoring of any PHP code 136400.8k14](/packages/rector-rector-src)[friendsoftypo3/content-blocks TYPO3 CMS Content Blocks - Content Types API | Define reusable components via YAML 101466.4k45](/packages/friendsoftypo3-content-blocks)[jolicode/castor A lightweight and modern task runner. Automate everything. In PHP. 54642.4k4](/packages/jolicode-castor)[testo/testo A lightweight PHP testing framework. 1923.4k32](/packages/testo-testo) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)