Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Composer Dependency Analyser
Assessments

Composer Dependency Analyser Laravel Package

shipmonk/composer-dependency-analyser

Fast, zero-dependency tool to analyze Composer dependencies. Detects unused, shadowed, and misplaced packages/extensions by scanning your autoload paths. Works out of the box, highly configurable, and very performant (15k files in ~2s). Compatible with PHP 7.2–8.5.

View on GitHub
Deep Wiki
Context7

Getting Started

Install the package as a dev dependency with composer require --dev shipmonk/composer-dependency-analyser. Run it immediately with vendor/bin/composer-dependency-analyser — no config needed for initial use. It auto-scans autoload and autoload-dev paths from your composer.json, reports shadow, unused, and misplaced dependencies out of the box. Start with the default console output to identify obvious issues (e.g., unused packages like nette/utils or dev dependencies used in production code). Use --help or vendor/bin/composer-dependency-analyser --dump-usages vendor/package to investigate specific reports.

Implementation Patterns

Integrate into CI workflows to fail builds on dependency issues (composer check:depscomposer-dependency-analyser). Add a composer-dependency-analyser.php config file in your project root to fine-tune ignored errors per path/package/extension, adjust scanned paths, or disable extension analysis. Use --format=junit for CI integration and visual dashboards. Leverage --dump-usages=* to verify false positives or understand why a dependency is flagged. For projects using DIC config files (YAML, NEON), extract class references via regex or manual parsing into addForceUsedSymbols() to avoid false unused dependency reports.

Gotchas and Tips

  • False positives in unused deps: Your code may use dependencies indirectly (e.g., via DIC, reflection, polyfills). Use ignoreErrorsOnPackage or addForceUsedSymbols() to suppress them. Always validate dumps via --dump-usages.
  • Extension analysis quirks: If ext-* symbols are misreported, ensure your PHP runtime has the extension enabled or use --disable-ext-analysis / $config->disableExtensionsAnalysis().
  • Path specificity matters: More specific paths (e.g., /src vs /src/Controller) take precedence. Confusing prod vs dev categorization can cause misplacement reports — review path scanning logic.
  • Zero-config first run isn’t universal: Monorepos, PHP <7.2, or non-standard autoload setups may need --composer-json=path/to/other/composer.json or explicit config.
  • Avoid unmatched ignores: Use disableReportingUnmatchedIgnores() only after verifying ignore patterns match — unmatched ignores rarely help debugging.
  • Memory/performance: Analyzing huge codebases? Enable setFileExtensions(['php']) and exclude large directories (e.g., vendor, tests). The tool’s 2s scan time assumes typical PHP projects — adjust expectations for truly massive repos.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport