Download the PHP package satheez/laravel-package-doctor without Composer

On this page you can find all versions of the php package satheez/laravel-package-doctor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-package-doctor

# Laravel Package Doctor **Laravel-first dependency health and upgrade-risk analyzer for Composer projects.** [![Tests](https://github.com/satheez/laravel-package-doctor/actions/workflows/tests.yml/badge.svg)](https://github.com/satheez/laravel-package-doctor/actions/workflows/tests.yml) [![Latest Version on Packagist](https://img.shields.io/packagist/v/satheez/laravel-package-doctor.svg)](https://packagist.org/packages/satheez/laravel-package-doctor) [![Total Downloads](https://img.shields.io/packagist/dt/satheez/laravel-package-doctor.svg)](https://packagist.org/packages/satheez/laravel-package-doctor) [![PHP](https://img.shields.io/badge/PHP-8.2%2B-blue)](https://www.php.net) [![Laravel](https://img.shields.io/badge/Laravel-11%20%7C%2012%20%7C%2013-red)](https://laravel.com) [![License](https://img.shields.io/packagist/l/satheez/laravel-package-doctor.svg)](LICENSE.md)

Laravel Package Doctor answers the question Composer alone does not:

Are the packages in this project healthy, safe, maintained, compatible, and worth keeping?

It scans your Composer dependencies, checks for security advisories, abandoned packages, Laravel and PHP compatibility, upgrade risk, license concerns, and repository health. It combines those signals into a scored report with actionable recommendations — instead of a raw list of version numbers.


The Problem

Before upgrading Laravel — or when inheriting a project — you need answers to questions like:

Composer's built-in commands are powerful but narrow. They answer one question at a time. Package Doctor answers all of them together.


What Composer Gives You vs What Package Doctor Gives You

composer outdated tells you what changed:

Package Doctor tells you what it means:

For a genuinely problematic package:


Why This vs Other Tools

composer outdated composer audit Dependabot / Renovate Roave + Enlightn Laravel Package Doctor
Detect outdated versions ✓ (PRs)
Security advisories ✓ (alerts)
Abandoned packages ✓ (partial)
Repository archived
Laravel version compatibility
PHP version compatibility
Constraint-blocked upgrades
License risk classification
Health score (0–100)
Actionable recommendations
CI exit codes n/a
Works offline
Laravel Artisan command

Use Dependabot / Renovate to automate routine version bumps. Use composer audit and Roave security-advisories as hard security gates. Use Package Doctor when you need to understand what your dependencies mean — before a Laravel upgrade, when inheriting a codebase, or when you want a scored risk report with recommendations instead of a list of raw diffs.

These tools are complementary. Package Doctor composes the data composer outdated, composer audit, and composer licenses produce into one coherent, scored decision layer.


Features

Scan

Detect

Score and Recommend

Output


Installation

Laravel auto-discovers the service provider. No manual registration needed.

Optional: Publish the config to customise scoring thresholds, CI gates, or package ignores:


Quick Start

Normal terminal runs show live scan progress while Composer, Packagist, and GitHub metadata are collected. Progress output is suppressed for JSON, CSV, CI, and non-interactive output so scripts can safely parse the final report.

Example output:

Output is illustrative. Actual formatting depends on your terminal width and installed packages.


Common Commands

Command Description
php artisan package:doctor Scan direct + dev dependencies (no transitive)
php artisan package:doctor --all Scan full dependency tree including transitive packages
php artisan package:doctor --direct Direct dependencies only (great before a Laravel upgrade)
php artisan package:doctor --score-below=70 Show only Watch, Risky, or Critical packages
php artisan package:doctor --no-dev --ci Production packages, gate on CI
php artisan package:doctor --json Machine-readable JSON output
php artisan package:doctor --format=csv Spreadsheet-friendly CSV output
php artisan package:doctor --format=json --output=package-health.json Write a JSON report file
php artisan package:doctor --format=csv --output=package-health.csv Write a CSV report file
php artisan package:doctor --offline Skip external API calls

All available options → docs/usage.md


Health Score

Each package starts at 100. Issues subtract points. Score is clamped to [0, 100].

Issue Score Impact
Security advisory found −30
Package abandoned −30
Repository archived −25
Laravel incompatible −20
PHP incompatible −20
Constraint blocks latest major −15
No release in 18 months −15
Risky license (GPL/AGPL) −15
Major upgrade available −10
No release in 12 months −8
Low downloads −5
Missing documentation −5
Unknown repository −3
Score Status Meaning
90–100 Healthy Safe and well-maintained
70–89 Watch Minor concerns worth monitoring
40–69 Risky Needs review before upgrades
0–39 Critical Investigate, update, or replace soon

All scoring is configurable. See docs/scoring.md.


CI/CD Integration

Exit Code Meaning
0 All checks passed
1 Risky packages found, or project score below minimum
2 Critical packages found
3 Runtime error

Full CI recipes for GitHub Actions, GitLab CI, and Bitbucket Pipelines → docs/ci.md


Configuration Snapshot

The most-tuned settings after publishing config/package-doctor.php:

Full config reference → docs/configuration.md

Ignored packages remain visible in the report with an Ignored status and the configured reason. They are excluded from the project score so known, reviewed exceptions do not inflate or reduce the health score.


Offline Mode

Skip all external API calls for restricted CI environments or air-gapped machines:

Offline mode still runs composer outdated, composer audit, and composer licenses, and reads your lock file. Packagist and GitHub checks are skipped.

GitHub Rate Limits

Large projects can exhaust GitHub's unauthenticated API limit because repository and release metadata are fetched per package. Add a token for a higher limit:

If GitHub reports a rate limit during a scan, Package Doctor skips further uncached GitHub calls for the rest of that run, keeps using cached metadata, and includes a single warning in the final report. Keep caching enabled, use --direct for focused scans, or set PACKAGE_DOCTOR_GITHUB_ENABLED=false when GitHub metadata is not needed.

Tip — avoiding rate limits: By default, Package Doctor scans your direct and dev dependencies only (no transitive packages). Laravel apps can have hundreds of transitive dependencies, so use --all deliberately when you need full tree coverage.

Trend History

Each scan writes the latest summary to storage/app/package-doctor-history.json when Laravel's storage directory is available. If not, it writes .package-doctor-history.json in the project base path. The next scan uses that file to show the previous project score and a trend indicator beside the current score.


Practical Use Cases

Before a Laravel upgrade

Identify every direct dependency that hasn't declared support for your target Laravel version.

Gate a production deployment

Fail the deploy pipeline if any production package is Critical.

Audit an inherited project

Get a picture of every dependency — including transitive packages — in a project you're taking over.

Weekly health check

Run on a schedule in CI. Store the JSON as an artifact or push it to a dashboard.

Clean up your dependency list

Focus only on packages that need attention without scrolling through the full list.


What This Does Not Do


Roadmap

Version Highlights
v1.0 CLI command, full scoring, console + JSON output, CI mode, offline mode
v1.1 Configurable scoring rules, package ignore reasons, improved recommendations
v1.2 Suggested replacement packages, changelog URL detection, package trend report
v2.0 Laravel Pulse card, Filament dashboard, Slack/Telegram alerts, historical reports

Documentation

Document Description
Installation Requirements, install steps, GitHub token
Usage Every CLI flag with examples
Configuration Full config/package-doctor.php reference
Checks Reference Every issue code and score impact
Scoring How the health score is calculated
Output Console and JSON output format
CI/CD Integration GitHub Actions, GitLab CI, Bitbucket Pipelines
Comparison Package Doctor vs Composer, Dependabot, and other tools
Architecture Source layout and service flow
FAQ Common questions

Contributing

See CONTRIBUTING.md for development setup, testing conventions, and pull request guidelines.

Security

See SECURITY.md for the vulnerability reporting policy.

License

MIT — see LICENSE.md.


All versions of laravel-package-doctor with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2
illuminate/support Version ^11.0|^12.0|^13.0
illuminate/console Version ^11.0|^12.0|^13.0
illuminate/contracts Version ^11.0|^12.0|^13.0
guzzlehttp/guzzle Version ^7.8
composer/semver Version ^3.4
symfony/process Version ^7.0|^8.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package satheez/laravel-package-doctor contains the following files

Loading the files please wait ...