About Weave Code

What Weave Code Does

When you build a Laravel app, you often need to add features from scratch — authentication, file uploads, search, payments, and more. Instead of reinventing the wheel, developers rely on packages: pre-built, open-source libraries that do the heavy lifting.

The problem? Thousands of packages exist. How do you know which one is popular, well-maintained, and secure? Weave Code pulls together information from across the web — download counts, community ratings, security advisories, and maintenance activity — so you can see at a glance which packages are worth using.

What Is the Score?

The Score (0–100) gauges package quality and ecosystem standing. It blends popularity, activity, recency, contribution opportunity, Laravel News visibility, and dependent count. Higher scores indicate packages that are popular, actively maintained, and well-integrated into the ecosystem.

Component weights:

• Popularity (40%) — Stars (25%) and forks (15%), normalized over typical ranges (0–5000 stars, 0–500 forks).
• Activity (25%) — Open issues + PRs (10%) and release count (15%), normalized over 0–100 and 0–50 respectively.
• Recency (20%) — How recent the last release was; newer is better, with full credit within a year.
• Opportunity (10%) — Moderate open issue backlog (1–50) as a signal of contribution potential.
• Laravel News (10%) — Mentions in Laravel News/Daily, capped at 5 mentions for full credit.
• Dependents (4%) — Number of packages that depend on this one, normalized over 0–1000.

Each component uses normalize(x, lo, hi) = clamp((x - lo)/(hi - lo), 0, 1). The weighted sum is scaled by 100 and capped at 100. Archived packages are halved.

score = min(100, (pop + activity + recency + opportunity + ln_boost + deps) × 100 × archived_factor)

Vendor "Avg Score" is the average of these package scores across that vendor's packages.

What Is Opportunity?

The Opportunity score (0–100) identifies packages where your contributions could have outsized impact: "hidden gems" — widely used but under-starred — plus packages with moderate contribution backlogs. Higher opportunity means a package is both widely adopted and likely to welcome contributions.

It blends two components:

• Hidden gem (65%) — High monthly downloads relative to low stars. Formula: log₁₀(downloads_monthly/(stars+1) + 1) × 25, capped at 100.
• Contribution need (35%) — Open issues + PRs, normalized so a moderate backlog (roughly 2–80 items) signals opportunity without being overwhelming.

The combined score is multiplied by a health factor (0.5–1.0) based on: not archived (+0.25), recency of last release (up to +0.15), and reasonable issue load (+0.1). Final score:

opportunity = min(100, (hidden_gem × 0.65 + contribution_need × 0.35) × health_factor)

Sort or filter by Opportunity on the packages index to find packages where your contributions could matter most.

Discover & Compare Packages

Search Weave Code to find packages by name or topic. Each package page shows how many people use it, how often it's updated, who maintains it, and whether it has known security issues. Compare options side by side and bookmark the ones you like.

You can also explore by vendor — the teams and organizations behind the packages. See how many packages they publish, their combined popularity, and who contributes to their projects. It's a way to discover trusted names in the Laravel community.

Package and vendor scores (0–100) help you gauge quality at a glance. Our score blends popularity (stars, forks), activity (open issues, releases), recency of updates, Laravel News mentions, and dependent count. Vendor "Avg Score" is the average of those package scores across that vendor's packages.

Where Our Data Comes From

Weave Code combines data from trusted, public sources. We do not sell data — we organize it to help you choose wisely. Here is what we gather from each:

• Packagist — The main registry for PHP packages. We use it for package names, descriptions, download counts, release dates, licenses, and dependency information.
• GitHub — Stars, forks, contributor lists, open and closed issues, and how recently the project was updated. For organizations (vendors), we also pull follower counts, member lists, and profile details.
• Libraries.io — How many other packages depend on a given package, whether it is deprecated, and whether the maintainers have a security policy.
• Snyk — Known security vulnerabilities and risk scores, so you can see at a glance if a package has open security issues.
• Semrush — Organic traffic estimates for vendor homepages when they have a dedicated website (not just a GitHub page). This helps gauge community reach.
• Laravel Daily and Laravel News — Whether a package has been featured or mentioned in these popular Laravel-focused sites, as a signal of ecosystem visibility.