Does this package work with Laravel 10 or 11, and what PHP version is required?

This package requires PHP 8.4+, which means it won’t work natively with Laravel 10 (PHP 8.1) or Laravel 11 (PHP 8.2) without upgrading. If you’re stuck on older PHP versions, consider using an alternative like `roave/security-advisories` or a forked version with PHP 8.1+ support.

How do I integrate this into a Laravel CI pipeline (e.g., GitHub Actions)?

Add it to your `composer.json` under scripts, then run it in CI with PHP 8.4+. Example GitHub Actions step: `run: composer check-license --format=json --rules=rules.json`. Ensure your workflow uses a PHP 8.4 runner and validates the output.

Can I allow specific licenses, vendors, or packages for my Laravel project?

Yes. Create a `.allowed-licenses.php` config file using `LicenseConfigurationBuilder` to whitelist SPDX licenses (e.g., MIT, Apache-2.0), allow entire vendors (e.g., your company), or exempt specific packages (e.g., `vendor/package`). Run checks with `--allow-file path/to/config`.

What happens if a dependency’s license isn’t allowed? Does it fail the build?

By default, it reports violations but doesn’t fail. To enforce compliance, integrate it into CI/CD with a step that exits on errors (e.g., `composer check-license --fail-on-violation`). For Laravel, pair it with a pre-commit hook or GitHub Actions workflow.

Is there a way to check licenses without running `composer install` in CI?

Yes. Use the `json` provider (default) by specifying `--provider-id=json`. This parses Composer’s `installed.json` file, avoiding the need for a full `composer install` in CI. However, note that this file’s schema may change in future Composer versions.

How do I handle dual-licensed packages (e.g., MIT *and* GPL) in Laravel?

The tool checks against the *most restrictive* license by default. To allow dual-licensed packages, explicitly whitelist the permissive license (e.g., MIT) in your config. If GPL is included, you’ll need to ensure compliance with its terms separately.

Are there alternatives if PHP 8.4 isn’t an option for my Laravel app?

Yes. Consider `roave/security-advisories` (PHP 7.4+), `composer-license-checker` v1.3.x (older PHP support), or a forked version of this package. Alternatively, use `composer licenses` manually in CI, though it’s less automated.

Can this package detect license violations in Laravel’s core dependencies (e.g., symfony/console)?

Yes, but only if they’re listed in `installed.json` or via `composer licenses`. Laravel’s core dependencies (e.g., Symfony components) will be scanned like any other package. If you’re using Symfony 8+, ensure your PHP 8.4 environment is compatible with those dependencies.

How do I customize the output format for CI/CD monitoring?

Use `--format=json` for machine-readable output or `--format=text` for human-readable logs. For CI, parse the JSON output to trigger failures or send alerts. Example: `composer check-license --format=json | jq -e '.violations | length == 0' || exit 1`.

What should I do if the tool flags a false positive (e.g., a dependency with no license file)?

Exempt the package in your config using `addAllowedPackage('vendor/package')`. If the issue persists, check Composer’s `installed.json` or run `composer licenses` to verify the license data. Report discrepancies to the package maintainers for potential schema updates.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Composer License Checker Laravel Package

lendable/composer-license-checker

Checks your Composer dependencies’ licenses against configurable allow rules (by SPDX license, vendor, or package) to help ensure OSS compliance and reduce legal risk. Works in CI and can read license data from Composer’s installed.json or composer licenses.

View on GitHub

Deep Wiki

Context7

Tool to check licensing of Composer depdencies against a set of rules to ensure compliance

Frequently asked questions about Composer License Checker

Does this package work with Laravel 10 or 11, and what PHP version is required?: This package requires PHP 8.4+, which means it won’t work natively with Laravel 10 (PHP 8.1) or Laravel 11 (PHP 8.2) without upgrading. If you’re stuck on older PHP versions, consider using an alternative like `roave/security-advisories` or a forked version with PHP 8.1+ support.
How do I integrate this into a Laravel CI pipeline (e.g., GitHub Actions)?: Add it to your `composer.json` under scripts, then run it in CI with PHP 8.4+. Example GitHub Actions step: `run: composer check-license --format=json --rules=rules.json`. Ensure your workflow uses a PHP 8.4 runner and validates the output.
Can I allow specific licenses, vendors, or packages for my Laravel project?: Yes. Create a `.allowed-licenses.php` config file using `LicenseConfigurationBuilder` to whitelist SPDX licenses (e.g., MIT, Apache-2.0), allow entire vendors (e.g., your company), or exempt specific packages (e.g., `vendor/package`). Run checks with `--allow-file path/to/config`.
What happens if a dependency’s license isn’t allowed? Does it fail the build?: By default, it reports violations but doesn’t fail. To enforce compliance, integrate it into CI/CD with a step that exits on errors (e.g., `composer check-license --fail-on-violation`). For Laravel, pair it with a pre-commit hook or GitHub Actions workflow.
Is there a way to check licenses without running `composer install` in CI?: Yes. Use the `json` provider (default) by specifying `--provider-id=json`. This parses Composer’s `installed.json` file, avoiding the need for a full `composer install` in CI. However, note that this file’s schema may change in future Composer versions.
How do I handle dual-licensed packages (e.g., MIT *and* GPL) in Laravel?: The tool checks against the *most restrictive* license by default. To allow dual-licensed packages, explicitly whitelist the permissive license (e.g., MIT) in your config. If GPL is included, you’ll need to ensure compliance with its terms separately.
Are there alternatives if PHP 8.4 isn’t an option for my Laravel app?: Yes. Consider `roave/security-advisories` (PHP 7.4+), `composer-license-checker` v1.3.x (older PHP support), or a forked version of this package. Alternatively, use `composer licenses` manually in CI, though it’s less automated.
Can this package detect license violations in Laravel’s core dependencies (e.g., symfony/console)?: Yes, but only if they’re listed in `installed.json` or via `composer licenses`. Laravel’s core dependencies (e.g., Symfony components) will be scanned like any other package. If you’re using Symfony 8+, ensure your PHP 8.4 environment is compatible with those dependencies.
How do I customize the output format for CI/CD monitoring?: Use `--format=json` for machine-readable output or `--format=text` for human-readable logs. For CI, parse the JSON output to trigger failures or send alerts. Example: `composer check-license --format=json | jq -e '.violations | length == 0' || exit 1`.
What should I do if the tool flags a false positive (e.g., a dependency with no license file)?: Exempt the package in your config using `addAllowedPackage('vendor/package')`. If the issue persists, check Composer’s `installed.json` or run `composer licenses` to verify the license data. Report discrepancies to the package maintainers for potential schema updates.

Popularity trends

Recorded values over time (once-a-day snapshots). May 21, 2026 – Jun 19, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

16.6

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 15

+0.1
Forks

input: 3

+0.1
Open issues + PRs

input: 6

+0.6
Releases

input: 14

+4.2
Recency

input: 162

+11.1
Issue opportunity

input: 3

+0.4
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 16.5

Opportunity

46.5

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

74.1
Contribution need

open_issues + open_prs: 6

5.1
Health factor

archived + recency + open issues

×0.93

Total 46.5

License

MIT

Last release

Jan 8, 2026

Watchers

Downloads

15K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

directorytree/privacy-filter-classifier

directorytree/privacy-filter

datacore/hub-sdk

develia/commons

cuci/prototurk-sdk

cuci/prototurk-sdk-symfony

develia/geo-bundle

dreamzy/livewire-charts

touchestate-sdk/php-sdk

22h/doctrine-garbage-collection-bundle

agtp/agtp-php

agtp/mod-php

splash/sonata-admin

splash/metadata

splash/openapi

splash/scopes

splash/toolkit

testo/output-teamcity

testo/bridge-symfony

spatie/flare-daemon-runtime