Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Composer Require Checker
Assessments

Composer Require Checker Laravel Package

maglnet/composer-require-checker

CLI tool that scans your PHP sources and composer.json to ensure every used class/function/extension comes from an explicit require. Detects “soft” (transitive) dependencies and missing PHP extensions so updates don’t break your package.

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Steps

  1. Installation:

    wget https://github.com/maglnet/ComposerRequireChecker/releases/latest/download/composer-require-checker.phar
chmod +x composer-require-checker.phar

    or globally via Composer:

    composer global require maglnet/composer-require-checker

  2. First Run: Navigate to your Laravel project root and execute:

    php composer-require-checker.phar check composer.json

    This scans your project for soft dependencies (unlisted use statements, function calls, or extension usage).

  3. Quick Fix: If a dependency like guzzlehttp/guzzle is flagged, add it to composer.json under require:

    "require": {
    "guzzlehttp/guzzle": "^7.0"
}

    Then run composer update.

First Use Case

Preventing Breaking Changes: Before merging a PR or deploying, run the checker to ensure no soft dependencies exist. Example:

./composer-require-checker check --config-file=composer-require-checker.json composer.json

This catches issues like:

  • Using Symfony\Component\Debug\Debug without requiring symfony/debug.
  • Calling json_decode() without listing ext-json in require.

Implementation Patterns

Daily Workflow

  1. CI Integration: Add to .github/workflows/laravel.yml:

    - name: Check Dependencies
  run: php composer-require-checker.phar check composer.json

    Fail the build if soft dependencies are found.

  2. Local Development: Alias the command in ~/.bashrc:

    alias crc="php composer-require-checker.phar check"

    Run before feature branches:

    crc composer.json

  3. Custom Config: Create composer-require-checker.json to whitelist known safe dependencies:

    {
    "config": {
        "whitelist": {
            "packages": ["monolog/monolog": "2.0"],
            "extensions": ["pdo_mysql"]
        }
    }
}

Laravel-Specific Patterns

  • Service Providers: Scan app/Providers/ for soft dependencies in boot methods:

     php composer-require-checker.phar check --config-file=composer-require-checker.json composer.json

    Example fix: Add vlucas/phpdotenv to composer.json if using Dotenv::load().

  • Artisan Commands: Check app/Console/Commands/ for soft dependencies in handle methods:

     php composer-require-checker.phar check --config-file=composer-require-checker.json composer.json --scan-files="app/Console/Commands/*.php"

  • Packages: For custom packages, use --directory to scan vendor packages:

     php composer-require-checker.phar check --directory=./vendor/your-package composer.json

Gotchas and Tips

Pitfalls

  1. False Positives:

    • Symfony Components: Laravel auto-loads Symfony packages. Whitelist them in config: 
      "whitelist": {
    "packages": ["symfony/*": "*"]
}
    • PHP Built-ins: Avoid flagging count(), array_map(), etc. by extending the default config.

  2. Xdebug Slowdowns: Disable Xdebug for faster scans:

    XDEBUG_MODE=off php composer-require-checker.phar check composer.json

  3. Custom Installers: If using post-install-cmd or plugins, run:

    composer install --no-plugins
php composer-require-checker.phar check composer.json
composer install

  4. PSR-4 Autoloading: Ensure autoload-dev is included if scanning test files:

    "scan-files": ["tests/**/*.php"]

Debugging Tips

  • Verbose Output: Use --verbose to see scanned files: 
    php composer-require-checker.phar check --verbose composer.json
  • Dry Run: Test config changes without modifying composer.json: 
    php composer-require-checker.phar check --config-file=test-config.json composer.json

Extension Points

  1. Custom Rules: Extend the config to ignore specific classes/methods:

    "config": {
    "ignore": {
        "files": ["app/Helpers/legacy.php"],
        "classes": ["App\\Helpers\\LegacyHelper::oldMethod"]
    }
}

  2. Git Hooks: Add to .git/hooks/pre-commit:

    #!/bin/sh
php composer-require-checker.phar check composer.json || exit 1

  3. IDE Integration: Use the checker’s output to annotate unused imports in PHPStorm/VSCode via plugins like PHP Intelephense.

Laravel-Specific Quirks

  • Facade Usage: Avoid soft dependencies by requiring the underlying package. Example: 
    // Soft dependency (flagged)
Cache::remember(...);

// Hard dependency (fixed)
require "symfony/cache": "^6.0";
  • Service Container: Check for soft dependencies in register()/boot() methods of providers. Example: 
    // Soft dependency (flagged)
$this->app->bind('cache', function () {
    return new \Illuminate\Cache\CacheManager(); // Requires symfony/cache
});
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport