PHPackages typisttech/wp-org-closed-plugin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. typisttech/wp-org-closed-plugin ActiveComposer-plugin[Security](/categories/security) typisttech/wp-org-closed-plugin =============================== Composer plugin to mark packages as abandoned if closed on WordPress.org v0.3.0(5mo ago)519↓100%1[6 PRs](https://github.com/typisttech/wp-org-closed-plugin/pulls)MITPHPPHP ^8.3CI passing Since Oct 25Pushed 1mo agoCompare [ Source](https://github.com/typisttech/wp-org-closed-plugin)[ Packagist](https://packagist.org/packages/typisttech/wp-org-closed-plugin)[ Docs](https://github.com/typisttech/wp-org-closed-plugin)[ Fund](https://typist.tech/donation/)[ GitHub Sponsors](https://github.com/tangrufus)[ RSS](/packages/typisttech-wp-org-closed-plugin/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (9)Versions (11)Used By (0) WP Org Closed Plugin ==================== [](#wp-org-closed-plugin) [![Packagist Version](https://camo.githubusercontent.com/0948829134caa878700f39fb7974014b5309cd2a507c7d386d77288b93da5cb3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f747970697374746563682f77702d6f72672d636c6f7365642d706c7567696e)](https://packagist.org/packages/typisttech/wp-org-closed-plugin)[![Test](https://github.com/typisttech/wp-org-closed-plugin/actions/workflows/test.yml/badge.svg)](https://github.com/typisttech/wp-org-closed-plugin/actions/workflows/test.yml)[![codecov](https://camo.githubusercontent.com/b97cd46a8179ad47300a65bb1814f1570ad2733e7e0230ae0bc2859956682a9f/68747470733a2f2f636f6465636f762e696f2f67682f747970697374746563682f77702d6f72672d636c6f7365642d706c7567696e2f67726170682f62616467652e7376673f746f6b656e3d4e435848483939304359)](https://codecov.io/gh/typisttech/wp-org-closed-plugin)[![License](https://camo.githubusercontent.com/160ffbd8d3f79632a51ac438e5208b0586112263041f718b0c9a20fc514f77a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f747970697374746563682f77702d6f72672d636c6f7365642d706c7567696e2e737667)](https://github.com/typisttech/wp-org-closed-plugin/blob/master/LICENSE)[![Follow @TangRufus on X](https://camo.githubusercontent.com/7415ea9d2391e64fc2a35887d01d58c13cac70988c9ecc62b57bc7fee6104de5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f466f6c6c6f772d54616e6752756675732d3135323032423f6c6f676f3d78266c6f676f436f6c6f723d7768697465)](https://x.com/tangrufus)[![Follow @TangRufus.com on Bluesky](https://camo.githubusercontent.com/6d838460816d5ab6e0e1f911a11f2731f12f3538761d12b8638f32861fcf2e1a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f426c7565736b792d54616e6752756675732e636f6d2d626c75653f6c6f676f3d626c7565736b79)](https://bsky.app/profile/tangrufus.com)[![Sponsor @TangRufus via GitHub](https://camo.githubusercontent.com/49753abc8cb53b971b0e46dec52e9ed32eaebf73be15ce3963306559a3ec7ccb/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f53706f6e736f722d54616e6752756675732d4541344141413f6c6f676f3d67697468756273706f6e736f7273)](https://github.com/sponsors/tangrufus)[![Hire Typist Tech](https://camo.githubusercontent.com/13f50b9bd2301613833b4f0ac55700b2f1c297c0fff7ba45a2a98b6c938a18db/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f486972652d547970697374253230546563682d373738383939)](https://typist.tech/contact/) **Composer plugin to mark packages as abandoned if closed on WordPress.org** Built with ♥ by [Typist Tech](https://typist.tech/) --- Usage ----- [](#usage) Once [installed](#installation), use `composer` as usual. ``` $ composer audit No security vulnerability advisories found. Found 1 abandoned package: +------------------------------------+-----------------------+ | Abandoned Package | Suggested Replacement | +------------------------------------+-----------------------+ | wpackagist-plugin/my-closed-plugin | none | +------------------------------------+-----------------------+ ``` ``` $ composer show wpackagist-plugin/my-closed-plugin # ... names : wpackagist-plugin/my-closed-plugin Attention: This package is abandoned and no longer maintained. # ... ``` ``` # The following commands show the same abandonment warning. $ composer require $ composer install $ composer update # ... Package wpackagist-plugin/my-closed-plugin is abandoned because https://wordpress.org/plugins/my-closed-plugin has been closed, you should avoid using it. No replacement was suggested. - Installing wpackagist-plugin/my-closed-plugin (1.2.3): Extracting archive # ... ``` --- Tip **Hire Tang Rufus!** I am looking for my next role, freelance or full-time. If you find this tool useful, I can build you more weird stuff like this. Let's talk if you are hiring PHP / Ruby / Go developers. Contact me at --- Why --- [](#why) When a plugin is closed on WordPress.org, [WPackagist](https://wpackagist.org/) not always remove it from its database immediately. As a result, some closed plugins remain available for installation via WPackagist. Moreover, even if a plugin is closed, its existing versions are still downloadable from WordPress.org and the subversion repository. ``` { "repositories": [ { "type": "package", "package": { "name": "my-plugin/my-closed-plugin", "version": "1.0", "source": { "type": "svn", "url": "https://plugins.svn.wordpress.org/my-closed-plugin/", "reference": "tags/1.0" } } }, { "type": "package", "package": { "name": "your-plugin/your-closed-plugin", "version": "1.0", "dist": { "type": "zip", "url": "https://downloads.wordpress.org/plugin/your-closed-plugin.1.0.zip" } } } ] } ``` To catch these closed plugins, `WP Org Closed Plugin` queries [WordPress.org API](https://codex.wordpress.org/WordPress.org_API#Plugins) to check whether a plugin is closed and mark them as abandoned in Composer. What to do when a plugin is closed? ----------------------------------- [](#what-to-do-when-a-plugin-is-closed) It depends on [why the plugin is closed](https://developer.wordpress.org/plugins/wordpress-org/alerts-and-warnings/#reasons-why-plugins-are-closed). For security concerns, stop using the plugin immediately. For [plugin exodus](https://wptavern.com/developers-remove-plugins-from-wordpress-org-repository-after-acf-controversy), install the plugin via the new repository suggested by the plugin author. For other reasons, do your own research. Caveats ------- [](#caveats) ### No longer maintained [](#no-longer-maintained) Composer hardcodes the message no longer maintained for abandoned packages. Plugins closed on WordPress.org may be [closed for various reasons](https://developer.wordpress.org/plugins/wordpress-org/alerts-and-warnings/#reasons-why-plugins-are-closed) - some are permanent, some are temporary. The message no longer maintained may not be accurate in some cases. You should check the plugin's WordPress.org page for more details. ### No replacement was suggested [](#no-replacement-was-suggested) There is no way to suggest a replacement when closing a plugin on WordPress.org. You should do your own research to find suitable replacements. ### Locked File [](#locked-file) Since plugin closure might be temporary, `WP Org Closed Plugin` does not modify `composer.lock`. Thus, `$ composer audit --locked` will not report closed plugins. ``` $ composer audit --locked # ... Skipped checking for closed plugins because of --locked. # ... ``` You should run `composer audit` without `--locked` to check for closed plugins. ### Cache [](#cache) WordPress.org API responses are cached for 10 minutes. If you must clear the cache, delete the `/wp-org-closed-plugin` directory. ``` rm -rf $(composer config cache-dir)/wp-org-closed-plugin ``` ### Why `allow_self_signed` when connecting to `https://api.wordpress.org`? [](#why-allow_self_signed-when-connecting-to-httpsapiwordpressorg) Important **Help Wanted!** Please send pull requests if you know how to get around the error: ``` $ curl --http3-only 'https://api.wordpress.org/plugins/info/1.2/?action=plugin_information&slug=better-delete-revision' curl: (56) ngtcp2_conn_writev_stream returned error: ERR_DRAINING ``` It is a hack to disallow HTTP/3, forcing `HttpDownloader` to use `RemoteFilesystem` instead of `CurlDownloader`. I suspect api.wordpress.org does not properly support HTTP/3: ``` $ curl --http1.1 'https://api.wordpress.org/plugins/info/1.2/?action=plugin_information&slug=better-delete-revision' ...json response $ curl --http2 'https://api.wordpress.org/plugins/info/1.2/?action=plugin_information&slug=better-delete-revision' ...json response $ curl --http3-only 'https://api.wordpress.org/plugins/info/1.2/?action=plugin_information&slug=better-delete-revision' ...sometimes json response ...but most of the time ERR_DRAINING curl: (56) ngtcp2_conn_writev_stream returned error: ERR_DRAINING ``` See: - [composer/composer#12363](https://github.com/composer/composer/pull/12363) - - [\#22](https://github.com/typisttech/wp-org-closed-plugin/pull/22) Tip **Hire Tang Rufus!** There is no need to understand any of these quirks. Let me handle them for you. I am seeking my next job, freelance or full-time. If you are hiring PHP / Ruby / Go developers, contact me at Installation ------------ [](#installation) ``` composer config allow-plugins.typisttech/wp-org-closed-plugin true composer require typisttech/wp-org-closed-plugin ``` Credits ------- [](#credits) [`WP Org Closed Plugin`](https://github.com/typisttech/wp-org-closed-plugin) is a [Typist Tech](https://typist.tech) project and maintained by [Tang Rufus](https://x.com/TangRufus), freelance developer [for hire](https://typist.tech/contact/). Full list of contributors can be found [on GitHub](https://github.com/typisttech/wp-org-closed-plugin/graphs/contributors). Copyright and License --------------------- [](#copyright-and-license) This project is a [free software](https://www.gnu.org/philosophy/free-sw.en.html) distributed under the terms of the MIT license. For the full license, see [LICENSE](./LICENSE). Contribute ---------- [](#contribute) Feedbacks / bug reports / pull requests are welcome. ### Health Score 39 — LowBetter than 86% of packages Maintenance80 Actively maintained with recent releases Popularity13 Limited adoption so far Community10 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 58.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~10 days Total 3 Last Release 179d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c1b05c8ed4ea3f68173555264d0226d5faeb7f315ed9df91890c351ef576ce72?d=identicon)[TangRufus](/maintainers/TangRufus) --- Top Contributors [![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (24 commits)")[![tangrufus](https://avatars.githubusercontent.com/u/2259834?v=4)](https://github.com/tangrufus "tangrufus (16 commits)")[![tastendruck[bot]](https://avatars.githubusercontent.com/u/25708257?v=4)](https://github.com/tastendruck[bot] "tastendruck[bot] (1 commits)") --- Tags composer-pluginsecurity-auditwordpress-orgwordpresssecurityAuditabandoned ### Code Quality TestsPest Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/typisttech-wp-org-closed-plugin/health.svg) ``` [![Health](https://phpackages.com/badges/typisttech-wp-org-closed-plugin/health.svg)](https://phpackages.com/packages/typisttech-wp-org-closed-plugin) ``` ### Alternatives [brain/nonces OOP package for WordPress to deal with nonces. 26227.1k1](/packages/brain-nonces)[mxr576/ddqg-composer-audit Drupal Dependency Quality Gate Composer Audit plugin 1056.7k2](/packages/mxr576-ddqg-composer-audit) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)