Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Package Versions Deprecated
Assessments

Package Versions Deprecated Laravel Package

composer/package-versions-deprecated

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

This package is deprecated and should never be leveraged for new product decisions. As a PM, I would prioritize eliminating all dependencies on it to reduce technical debt and security risk. Key decisions include:

  • Deprecation removal: Actively remove this package from all codebases (both direct and transitive dependencies) in favor of Composer's native Composer\InstalledVersions class.
  • Roadmap alignment: Schedule migration work in upcoming sprints to replace legacy version-checking logic, ensuring no new features rely on this package.
  • Build vs buy: Never choose this for new solutions—it's a transitional shim with no ongoing maintenance. Modern Composer (v2.2+) handles all required functionality natively.
  • Use case avoidance: No legitimate use cases exist today; any current usage indicates outdated infrastructure that requires urgent remediation.

When to Consider This Package

Only consider this package in one scenario: if maintaining an absolutely legacy project stuck on Composer 1.x and PHP <7.4 with no immediate upgrade path—and even then, it's a temporary stopgap with a strict 30-day migration deadline.
When to look elsewhere:

  • For any new project (never use it).
  • If using Composer 2.2+ (native Composer\InstalledVersions is superior).
  • If the project runs on PHP 7.4+ (the package adds no value).
  • For security-critical systems (it receives no updates and has known vulnerabilities).
  • When dependencies require it—instead, pressure maintainers to upgrade their dependencies to use Composer's built-in tools.

How to Pitch It (Stakeholders)

Executives: "This package is deprecated, unmaintained, and poses a security risk. It's a legacy artifact from Composer 1.x compatibility that we can eliminate entirely by migrating to Composer's built-in version-checking tools. Removing it reduces technical debt, cuts maintenance costs, and eliminates future vulnerabilities—all with minimal engineering effort. We recommend prioritizing this cleanup in our next sprint to avoid compounding risks."
Engineering: "Replace every instance of PackageVersions\Versions with Composer\InstalledVersions::getVersion()—it's a 1:1 replacement with no runtime overhead. This package is obsolete since Composer 2.2+ natively supports this functionality. We'll remove it from composer.json, run composer update --with-all-dependencies, and validate with our test suite. This is a 2-hour refactor per project with immediate reliability gains."

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport