Package Versions Deprecated Laravel Package

Getting Started

This package is a deprecated compatibility shim for composer/package-versions and should be avoided in new projects. In day-to-day Laravel development, you’ll only encounter it in legacy codebases—typically those pinned to older Laravel versions (e.g., <8.40) or dependencies like Doctrine ORM <2.9 that historically required it. First, confirm its presence via composer show -i | grep package-versions-deprecated or inspect composer.json. If found, treat it as technical debt: prioritize removal. Modern Laravel (>=8.40) and Composer (>=2.2) provide full version inspection via Composer\InstalledVersions, making this package obsolete. Start migration by searching for PackageVersions\Versions:: usage across the codebase.

Implementation Patterns

Laravel projects using this package likely rely on runtime version checks (e.g., PackageVersions\Versions::getVersion('laravel/framework')). In legacy contexts, this was used for:

• Conditional feature flags based on installed dependency versions.
• Debug panels or health checks (e.g., logging database driver versions).
• Compatibility guards in service providers (e.g., detecting Doctrine versions).

Modern replacement: Replace with Composer\InstalledVersions::getVersion('vendor/package'). Example:

// Old (deprecated)
use PackageVersions\Versions;
$version = Versions::getVersion('laravel/framework');

// New (standard)
$version = Composer\InstalledVersions::getVersion('laravel/framework');

Always wrap in a try/catch for OutOfBoundsException (thrown if package isn’t installed). Do not add new logic depending on this package; instead, refactor to use InstalledVersions and ensure Composer ≥2.2.

Gotchas and Tips

• Silent failures: The package silently generates a Versions.php file during install/update. If vendor/ permissions are restrictive (e.g., Docker containers), generation fails—resulting in cryptic class-not-found errors. Fix by ensuring vendor/ is writable during composer install.
• Plugin conflicts: This package registers Composer v1/v2 plugins only when active. If another plugin conflicts (e.g., symfony/flex), run composer clear-cache && composer install -vvv to debug event loop issues.
• --no-dev trap: Running composer install --no-dev may omit dev dependencies in the generated Versions.php, causing runtime errors if code references them (e.g., testing tools in CI). Verify composer.lock includes all needed packages.
• Deprecation noise: PHP 7.4+ users see E_USER_DEPRECATED notices even if the package loads correctly. Suppress via custom error handler only as a temporary measure—migration is the real fix.
• Migration checklist:
  1. Confirm Composer ≥2.2 (composer --version).
  2. Replace all PackageVersions\Versions:: usages with Composer\InstalledVersions::.
  3. Remove from composer.json (both require and replace sections).
  4. Run composer dump-autoload --optimize.
  5. Run tests to catch edge cases (e.g., unhandled OutOfBoundsException).