PHPackages szemul/dependency-validator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. szemul/dependency-validator ActiveLibrary[Utility & Helpers](/categories/utility) szemul/dependency-validator =========================== Validates the composer dependencies of the given project 0.0.1(3y ago)01.5kMITPHPPHP >=8.1 Since Nov 1Pushed 3y ago2 watchersCompare [ Source](https://github.com/szemul/dependency-validator)[ Packagist](https://packagist.org/packages/szemul/dependency-validator)[ RSS](/packages/szemul-dependency-validator/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)DependenciesVersions (2)Used By (0) Composer dependency validator ============================= [](#composer-dependency-validator) Purpose ------- [](#purpose) A simple tool what can be used to check if all the used packages are required explicitly in the composer.json file. Reason ------ [](#reason) Trying to explain the problem by an example: There is a library called **libraryA** what uses another library **libraryB**, and there is an application called **applicationA** what uses **libraryA** and **libraryB** as well. When a developer upgrades the **libraryB** package in **libraryA** via composer, he doesn't have to bump the major version of **libraryA**. After **libraryA** is updated in **applicationA** the **libraryB** package will be updated as well automatically what can break the functionality of the application. The solution ------------ [](#the-solution) To avoid the situation explained above, all the used packages should be required explicitly in the application's composer.json, both **libraryA** and **libraryB**. This tool helps to identify the packages to require. Usage ----- [](#usage) Simply call `vendor/bin/dependency-validator` from the root of the project. Config ------ [](#config) A configuration can be defined in the root of the project. The filename has to be `dependency-validator.json`. Can contain the following settings: ### excludedNamespaces [](#excludednamespaces) Contains an array of strings with the namespaces what should be excluded from the validation process. ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity17 Limited adoption so far Community8 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1294d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9e74721923742f5c04b8ccd5796e0a0e0e744fd004fbaae3c7813b27e125ae70?d=identicon)[szeber](/maintainers/szeber) --- Top Contributors [![emulgeator](https://avatars.githubusercontent.com/u/1370980?v=4)](https://github.com/emulgeator "emulgeator (1 commits)") ### Embed Badge ![Health badge](/badges/szemul-dependency-validator/health.svg) ``` [![Health](https://phpackages.com/badges/szemul-dependency-validator/health.svg)](https://phpackages.com/packages/szemul-dependency-validator) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)