XUtils

Composer Require Checker

CLI tool to analyze composer dependencies and verify that no unknown symbols are used in the sources of a package.

PHP
https://github.com/maglnet/ComposerRequireChecker

ComposerRequireChecker

A CLI tool to analyze composer dependencies and verify that no unknown symbols are used in the sources of a package. This will prevent you from using “soft” dependencies that are not defined within your composer.json require section.

PHP ^7.4 current version Build Status

PHAR file [preferred]

Please check the releases for available phar files. Download the latest release and and run it like this:

php composer-require-checker.phar check /path/to/your/project/composer.json

PHIVE

If you already use PHIVE to install and manage your project’s tooling, then you should be able to simply install ComposerRequireChecker like this:

phive install composer-require-checker

Configuration

Composer require checker is configured to whitelist some symbols per default. Have a look at the config file example to see which configuration options are available.

You can now adjust this file, as needed, and tell composer-require-checker to use it for it’s configuration.

Note that you’ll have to copy it’s contents if you want to add something on top. This tool intentionally only reads one configuration file. If you pass only your new settings, you’ll get error reports about the PHP core extensions and internal symbols like true or false being undefined.

bin/composer-require-checker check --config-file=path/to/config.json /path/to/your/project/composer.json

Scan Additional Files

To scan files, that are not part of your autoload definition you may add glob patterns to the config file’s scan-files section. Copy the default file and add to your copy.

The following example would also scan the file bin/console and all files with .php extension within your bin/ folder:

"scan-files" : ["bin/console", "bin/*.php"]

If you don’t like copying the tool’s default settings, consider adding these paths to the Composer autoloading section of your project instead.

Dealing with custom installer plugins

Composer require checker only fetches it’s knowledge of where files are from your project’s composer.json. It does not use Composer itself to understand custom directory structures.

If your project requires to use any install plugins to put files in directories that are not vendor/ or defined via the vendor-dir config setting in composer.json, composer require checker will fail to detect the required code correctly.

As a workaround, you can install your dependencies without plugins just for the scan:

  1. Clone your repo
  2. composer install --no-plugins will put all code into the vendor folder
  3. composer-require-checker check your code
  4. composer install dependencies once again in the correct location

Credits

This package was initially designed by Marco Pivetta and Matthias Glaub.
And of course all Contributors.

Articles

  • coming soon...