How do I install ComposerRequireChecker for my Laravel project?

Run `composer global require maglnet/composer-require-checker` to install it globally, or download the PHAR from the [releases page](https://github.com/maglnet/ComposerRequireChecker/releases) for CI/CD use. No Laravel-specific setup is needed—it works with any Composer-based project.

Will this tool break my Laravel app if I run it?

No, it’s a static analyzer that only scans your code and `composer.json`—it never modifies files or runs your application. Use it in CI to catch issues early without risking production.

Does ComposerRequireChecker support Laravel 10+ and PHP 8.1–8.5?

Yes, the latest version (v4.24.0+) supports PHP 8.1–8.5 and integrates seamlessly with Laravel 10+. It aligns with Laravel’s LTS roadmap and Composer’s dependency resolution.

How do I handle false positives, like PHP core functions or Laravel’s own classes?

Use the `--whitelist` flag or a `composer-require-checker.json` config to exclude known symbols. Start with defaults, then refine the whitelist incrementally—Laravel’s `illuminate/*` classes are often safe to ignore if explicitly required.

Can I run this in GitHub Actions or GitLab CI without slowing down builds?

Yes, use the PHAR distribution for speed and cache results with tools like `actions/cache`. For large repos, run it nightly or split scans by module. Disable Xdebug (`XDEBUG_MODE=off`) to avoid performance hits.

What if my Laravel package uses custom Composer installers (e.g., `laravel/ui`)?

Add `--no-plugins` to skip plugin execution during scans. This prevents conflicts with installers while still detecting soft dependencies in your codebase.

Does this tool replace PHPStan or Psalm for dependency checks?

No, it’s complementary. PHPStan/Psalm focus on type safety, while this tool specifically targets *dependency hygiene*—catching soft dependencies that could break on updates. Use both for robust Laravel projects.

How do I enforce this check in CI to block merges with soft dependencies?

Add a step to your CI pipeline (e.g., GitHub Actions) like `./composer-require-checker.phar check composer.json --`. Fail the build on warnings by setting exit codes or using `set +e` in scripts.

Will this tool detect missing PHP extensions (e.g., `pdo_mysql`) used in Laravel?

Yes, it scans for PHP functions/extensions not declared in `composer.json` (e.g., `mysql_connect`). Add explicit `require` entries for extensions like `ext-pdo_mysql` to avoid runtime errors.

Are there alternatives to ComposerRequireChecker for Laravel?

For dependency hygiene, this is the most targeted tool. Alternatives like `depcheck` (Node.js) or `composer validate` are less precise. For static analysis, combine it with `phpstan/extension-installer` to auto-require missing extensions.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Composer Require Checker Laravel Package

maglnet/composer-require-checker

CLI tool that scans your PHP sources and composer.json to ensure every used class/function comes from declared dependencies. Detects “soft” transitive deps and missing required PHP extensions, helping prevent breakage after dependency updates.

View on GitHub

Deep Wiki

Context7

CLI tool to analyze composer dependencies and verify that no unknown symbols are used in the sources of a package

Frequently asked questions about Composer Require Checker

How do I install ComposerRequireChecker for my Laravel project?: Run `composer global require maglnet/composer-require-checker` to install it globally, or download the PHAR from the [releases page](https://github.com/maglnet/ComposerRequireChecker/releases) for CI/CD use. No Laravel-specific setup is needed—it works with any Composer-based project.
Will this tool break my Laravel app if I run it?: No, it’s a static analyzer that only scans your code and `composer.json`—it never modifies files or runs your application. Use it in CI to catch issues early without risking production.
Does ComposerRequireChecker support Laravel 10+ and PHP 8.1–8.5?: Yes, the latest version (v4.24.0+) supports PHP 8.1–8.5 and integrates seamlessly with Laravel 10+. It aligns with Laravel’s LTS roadmap and Composer’s dependency resolution.
How do I handle false positives, like PHP core functions or Laravel’s own classes?: Use the `--whitelist` flag or a `composer-require-checker.json` config to exclude known symbols. Start with defaults, then refine the whitelist incrementally—Laravel’s `illuminate/*` classes are often safe to ignore if explicitly required.
Can I run this in GitHub Actions or GitLab CI without slowing down builds?: Yes, use the PHAR distribution for speed and cache results with tools like `actions/cache`. For large repos, run it nightly or split scans by module. Disable Xdebug (`XDEBUG_MODE=off`) to avoid performance hits.
What if my Laravel package uses custom Composer installers (e.g., `laravel/ui`)?: Add `--no-plugins` to skip plugin execution during scans. This prevents conflicts with installers while still detecting soft dependencies in your codebase.
Does this tool replace PHPStan or Psalm for dependency checks?: No, it’s complementary. PHPStan/Psalm focus on type safety, while this tool specifically targets *dependency hygiene*—catching soft dependencies that could break on updates. Use both for robust Laravel projects.
How do I enforce this check in CI to block merges with soft dependencies?: Add a step to your CI pipeline (e.g., GitHub Actions) like `./composer-require-checker.phar check composer.json --`. Fail the build on warnings by setting exit codes or using `set +e` in scripts.
Will this tool detect missing PHP extensions (e.g., `pdo_mysql`) used in Laravel?: Yes, it scans for PHP functions/extensions not declared in `composer.json` (e.g., `mysql_connect`). Add explicit `require` entries for extensions like `ext-pdo_mysql` to avoid runtime errors.
Are there alternatives to ComposerRequireChecker for Laravel?: For dependency hygiene, this is the most targeted tool. Alternatives like `depcheck` (Node.js) or `composer validate` are less precise. For static analysis, combine it with `phpstan/extension-installer` to auto-require missing extensions.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

998

Favorites

1,005

Forks

Score

44.2

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 998

+5.0
Forks

input: 78

+2.3
Open issues + PRs

input: 44

+4.4
Releases

input: 33

+9.9
Recency

input: 77

+15.8
Issue opportunity

input: 32

+6.3
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 43.7

Opportunity

58.5

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

67.2
Contribution need

open_issues + open_prs: 44

53.8
Health factor

archived + recency + open issues

×0.94

Total 58.5

License

MIT

Last release

Mar 20, 2026

Watchers

Downloads

484K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai