Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Decomposer
Assessments

Laravel Decomposer Laravel Package

lubusin/laravel-decomposer

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Dependency Management & Debugging: Enables proactive dependency analysis, reducing "works on my machine" issues by surfacing hidden package conflicts, version mismatches, or environment inconsistencies. Critical for scaling teams or CI/CD pipelines.
  • Security & Compliance: Generates auditable reports of installed packages (including transitive dependencies) to align with security scans (e.g., SCA tools) or vendor compliance requirements (e.g., open-source licensing).
  • Build vs. Buy: Justifies buying this lightweight package over custom solutions for dependency mapping, especially if the team lacks time to build/maintain a bespoke tool. Avoids reinventing wheel for common needs like:
    • Onboarding new devs (share a decomposer:report snapshot).
    • Troubleshooting production issues (compare dev/staging/prod environments).
  • Roadmap Prioritization:
    • Phase 1: Integrate into CI/CD to auto-generate reports on deployments (e.g., Slack alerts for unexpected dependencies).
    • Phase 2: Extend to monitor for deprecated packages or security vulnerabilities (via integration with tools like snyk or composer-audit).
    • Phase 3: Build a dashboard (using the JSON/array output) to visualize dependency trees for architects.
  • Use Cases:
    • Incident Response: Quickly isolate whether a bug stems from a package conflict (e.g., laravel/framework@9.x vs 10.x).
    • Vendor Lock-in Analysis: Identify critical dependencies to negotiate contracts or plan migrations.
    • Performance Profiling: Correlate slow endpoints with heavy packages (e.g., guzzlehttp/guzzle versions).

When to Consider This Package

  • Adopt When:

    • Your Laravel app has >50 installed packages (transitive dependencies included), making manual tracking unsustainable.
    • You need reproducible environment snapshots for debugging across dev/staging/prod.
    • Security/compliance teams require audit trails of dependencies (e.g., for licensing or vulnerability scans).
    • Your team lacks a centralized dependency inventory (e.g., no Confluence/wiki tracking composer.json changes).
    • You’re migrating Laravel versions and need to validate compatibility of all packages.

  • Look Elsewhere If:

    • You need real-time dependency monitoring (this is a snapshot tool; pair with composer why or roave/security-advisories).
    • Your stack includes non-PHP dependencies (e.g., Node.js, Python) requiring multi-language analysis (consider dependabot or Renovate).
    • You require interactive dependency visualization (use composer why-graph or php-dependency-graph).
    • Your team has strict air-gapped environments (this package requires Composer access).
    • You need automated dependency updates (this is for analysis, not patching; use composer update or php-cs-fixer).

How to Pitch It (Stakeholders)

For Executives/Business Leaders:

*"Laravel Decomposer is a 10-minute setup that solves a $50K/year problem: hidden technical debt in dependencies. Right now, when a bug crops up in production, we waste hours guessing whether it’s a package conflict or our code. This tool gives us a real-time inventory of every package and its version—so we can:

  • Cut debugging time by 60% by comparing dev/prod environments instantly.
  • Avoid costly surprises during upgrades (e.g., ‘Oh no, Package X dropped PHP 8.0 support’).
  • Meet compliance requirements by documenting open-source licenses automatically. The cost? Zero. The ROI? Fewer fires, faster releases, and happier engineers."*

Ask: "Would you rather spend $10K/year on a custom tool or 1 hour to install this?"

For Engineering Teams:

*"This package turns composer show on steroids. Here’s how we’ll use it:

  1. CI/CD Integration: Auto-generate a decomposer:report on every deploy to catch sneaky dependency changes.
  2. Onboarding: New devs get a report.md with their first PR—no more ‘Why is this failing?’ emails.
  3. Security: Export JSON reports to feed into our SCA tool (e.g., Snyk) for vulnerability tracking.
  4. Architecture: Visualize dependency trees (via the array/JSON output) to plan migrations or reduce bloat.

Why now?

  • Low risk: MIT license, 600+ stars, and zero runtime overhead.
  • High reward: Catches issues like this real case where a dev unknowingly pulled in a package with a breaking change.

Proposal:

  • Week 1: Install and test in staging. Generate a baseline report.
  • Week 2: Add to CI pipeline. Alert on unexpected dependencies.
  • Ongoing: Use reports to negotiate with vendors or plan upgrades.

Blockers? (e.g., ‘We already track this manually’ → Let’s compare effort vs. accuracy.)"*

Key Metric to Track: "% of production incidents resolved within 1 hour" (target: +30% after adoption).

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity
testo/bridge-symfony
spatie/flare-daemon-runtime