Download the PHP package shipmonk/composer-dependency-analyser without Composer
On this page you can find all versions of the php package shipmonk/composer-dependency-analyser. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Table of contents
Download shipmonk/composer-dependency-analyser
More information about shipmonk/composer-dependency-analyser
Files in shipmonk/composer-dependency-analyser
Download shipmonk/composer-dependency-analyser
More information about shipmonk/composer-dependency-analyser
Files in shipmonk/composer-dependency-analyser
Vendor shipmonk
Package composer-dependency-analyser
Short Description Fast detection of composer dependency issues (dead dependencies, shadow dependencies, misplaced dependencies)
License MIT
Package composer-dependency-analyser
Short Description Fast detection of composer dependency issues (dead dependencies, shadow dependencies, misplaced dependencies)
License MIT
FAQ
After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.
Example:
Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories.
In this case some credentials are needed to access such packages.
Please use the auth.json textarea to insert credentials, if a package is coming from a private repository.
You can look here for more information.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?
Informations about the package composer-dependency-analyser
Composer dependency analyser
- πͺ Powerful: Detects unused, shadow and misplaced composer dependencies
- β‘ Performant: Scans 15 000 files in 2s!
- βοΈ Configurable: Fine-grained ignores via PHP config
- πΈοΈ Lightweight: No composer dependencies
- π° Easy-to-use: No config needed for first try
- β¨ Compatible: PHP 7.2 - 8.4
Comparison:
| Project | Dead dependency |
Shadow dependency |
Misplaced in require |
Misplaced in require-dev |
Time* |
|---|---|---|---|---|---|
| maglnet/ composer-require-checker |
β | β | β | β | 124 secs |
| icanhazstring/ composer-unused |
β | β | β | β | 72 secs |
| shipmonk/ composer-dependency-analyser |
β | β | β | β | 2 secs |
*Time measured on codebase with ~15 000 files
Installation:
Note that this package itself has zero composer dependencies.
Usage:
Example output:
Detected issues:
This tool reads your composer.json and scans all paths listed in autoload & autoload-dev sections while analysing you dependencies (both packages and PHP extensions).
Shadowed dependencies
- Those are dependencies of your dependencies, which are not listed in
composer.json - Your code can break when your direct dependency gets updated to newer version which does not require that shadowed dependency anymore
- You should list all those packages within your dependencies
Unused dependencies
- Any non-dev dependency is expected to have at least single usage within the scanned paths
- To avoid false positives here, you might need to adjust scanned paths or ignore some packages by
--config
Dev dependencies in production code
- For libraries, this is risky as your users might not have those installed
- For applications, it can break once you run it with
composer install --no-dev - You should move those from
require-devtorequire
Prod dependencies used only in dev paths
- For libraries, this miscategorization can lead to uselessly required dependencies for your users
- You should move those from
requiretorequire-dev
Unknown classes
- Any class that cannot be autoloaded gets reported as we cannot say if that one is shadowed or not
Unknown functions
- Any function that is used, but not defined during runtime gets reported as we cannot say if that one is shadowed or not
Cli options:
--composer-json path/to/composer.jsonfor custom path to composer.json--dump-usages symfony/consoleto show usages of certain package(s),*placeholder is supported--config path/to/config.phpfor custom path to config file--versiondisplay version--helpdisplay usage & cli options--verboseto see more example classes & usages--show-all-usagesto see all usages--formatto use different output format, available are:console(default),junit--disable-ext-analysisto disable php extensions analysis (e.g.ext-xml)--ignore-unknown-classesto globally ignore unknown classes--ignore-unknown-functionsto globally ignore unknown functions--ignore-shadow-depsto globally ignore shadow dependencies--ignore-unused-depsto globally ignore unused dependencies--ignore-dev-in-prod-depsto globally ignore dev dependencies in prod code--ignore-prod-only-in-dev-depsto globally ignore prod dependencies used only in dev paths
Configuration:
When a file named composer-dependency-analyser.php is located in cwd, it gets loaded automatically.
The file must return ShipMonk\ComposerDependencyAnalyser\Config\Configuration object.
You can use custom path and filename via --config cli option.
Here is example of what you can do:
All paths are expected to exist. If you need some glob functionality, you can do it in your config file and pass the expanded list to e.g. ignoreErrorsOnPaths.
Detecting classes from non-php files:
Some classes might be used only in your DIC config files. Here is a simple way to extract those:
Similar approach should help you to avoid false positives in unused dependencies. Another approach for DIC-only usages is to scan the generated php file, but that gave us worse results.
Scanning codebase located elsewhere:
- This can be done by pointing
--composer-jsontocomposer.jsonof the other codebase
Disable colored output:
- Set
NO_COLORenvironment variable to disable colored output:
Recommendations:
- For precise
ext-*analysis, your enabled extensions of your php runtime should be superset of those used in the scanned project
Contributing:
- Check your code by
composer check - Autofix coding-style by
composer fix:cs - All functionality must be tested
Supported PHP versions
- Runtime requires PHP 7.2 - 8.4
- Scanned codebase should use PHP >= 5.3
All versions of composer-dependency-analyser with dependencies
PHP Build Version
Package Version
Requires
php Version
^7.2 || ^8.0
ext-json Version *
ext-tokenizer Version *
ext-json Version *
ext-tokenizer Version *
The package shipmonk/composer-dependency-analyser contains the following files
Loading the files please wait ....