shipmonk/composer-dependency-analyser
Fast, zero-dependency tool to analyze Composer dependencies. Detects unused, shadowed, and misplaced packages/extensions by scanning your autoload paths. Works out of the box, highly configurable, and very performant (15k files in ~2s). Compatible with PHP 7.2–8.5.
This package integrates seamlessly with Laravel's architecture due to its composer-centric design and zero runtime dependencies. It analyzes standard Laravel paths (app, config, routes, tests) via composer.json autoload sections without requiring framework-specific modifications. The tool's performance (15k files in 2s) is ideal for Laravel CI pipelines where speed matters. Key technical risks include potential false positives for dynamic Laravel patterns (e.g., service container resolution, facade usage) and extension analysis requiring matching PHP runtime extensions. Critical questions: How will it handle Laravel's dynamic class resolution in service providers? Will it correctly identify dependencies used via config files (e.g., config/app.php aliases)? How robust is its handling of Laravel's vendor/autoload.php structure during scanning?
Laravel's standard composer.json structure (app/, tests/, etc.) aligns perfectly with the tool's default scanning paths. Integration requires only composer require --dev and CI pipeline addition (e.g., GitHub Actions step). Migration is non-disruptive: initial runs generate actionable reports with configuration options to suppress false positives. Compatibility is guaranteed across all Laravel versions (5.8+) since the tool supports PHP 7.2-8.5. Sequencing should prioritize early CI execution: run after code build but before deployment checks. For large monorepos, use --composer-json to target specific Laravel projects. Critical step:
How can I help you explore Laravel packages today?