Composer Dependency Analyser Laravel Package

Fixes:

• Fix edgecase of classlike definitions being detected as function usages (#240)
• Fix detection of unqualified static access in global scope (#243)

Fixes:

• Remove reserved exit code 255 and replace it with exit code 1 (#214)
• Exclude E_DEPRECATED from error_reporting (#220)

Fixes

• Fix detection of global user function (e.g. polyfills) (#210)
• Fix extension conflict with const definition (#213)

Fixes

• Fix collisions with extension symbol names (#194, #197, #196, #199)

New features:

• 🚀 Support php extension detection (#118)
  • This will likely report new issues upon upgrade
  • You can disable ext-* analysis via $config->disableExtensionsAnalysis()
• Support NO_COLOR environment variable (#181)
• Cli: suggest nearest option when typo is made (#183)

Fixes:

• Cli: fix options parsing (#184)

New features:

• Support absolute paths in composer autoload sections (#171, @VincentLanglet)
• Support even zero composer classloaders (#161)
• Print issue counts per error type (#175)
• Add --version cli option (#172, #176)

Fixes:

• Show all usages even when --show-all-usages is combined with --verbose (#160)
• Add missing --ignore-unknown-functions to --help (#159)
• Improve further processing of junit format (#164, #174)

Fixes

• Fix PHP warning with no composer classloader (#150)

New features:

• Read composer's exclude-from-classmap to exclude paths from analysis (#140 by @LastDragon-ru )
• Support qualified names in global scope (#148)
  • Often used in bundles.php in Symfony applications (#146)

Fixes:

• More specific path has dev/prod mark priority (#142)
• Fix false positive with extension functions with uppercase characters (#144)

Fixes

• Ensure output of junit format is valid xml (#129)
• Check invalid cli options combinations (#131)

Fixes

• Fix unknown function false positive in multi-attribute usages (#124)

Fixes

• Fix wrong detection of attribute name when aliased import or FQN is used (#121)

New features

• :rocket: support function detection (#71)
  • no more unused dependency false positive for packages with functions only!
• support junit format output via --format=junit (#110) (by @reinfi)

Fixes

• Better error message for invalid autoload paths in composer.json (#117)

New features:

• Ability to scan codebase outside of installed folder (#93)
  • This allows usage of composer-bin-plugin, easy scans of codebases with PHP < 7.2, composer's global install, single install in monorepo and similar approaches
• Ability to dump usages of a package via --dump-usages symfony/console (#88)
  • Handy when verifying reported issues

Improvements:

• Support absolute path in --composer-json and --config (#98)
• Ensure ext-tokenizer is present (#104)

Fixes:

• Fix false-positive when FQN reference of a non-lowercase function is used (#90)

Improvements

• Performance boost of 40-60% depending on a project (#65, #66)

New features

• Support multiple composer class loaders (#82)
  • This allows proper analysis in libraries extending PHPStan (example)

Fixes

• Fix edgecase where use Trait is treated as use statement (#69)

Fixes

• File extension does not apply for directly listed files (#61, #62)

New features

• Detect even classes inside phar archives (e.g. PHPStan classes) (#51)
• Remove requirement to call composer dump-autoload -a before execution (#53, #57)
• Output run summary even when issue is found (#58)

Fixes

• Fix false positive when \array or \callable is used (#46)
• Fix unknown class report when package uses autoload.files composer section even for classes (#50)
• Fix duplicate file scan when autoload paths overlap (#52)
• Fix path miscategorization when dev path is inside prod one (#54)

New features

• Support classmap autoload sections in composer.json (#40)

First stable release

• Tested with many OS pojects giving valuable results
• Used in huge project's CI for quite some time

Features

• Detects shadow, dead and misplaced dependencies
• Fine-grained ignores (config file or CLI options)
• Immense performance (15k files in 3s)
• Compatible with PHP 7.2 - PHP 8.3
• Useless ignore detection
• Zero composer dependencies
• Zero configuration needed for first run (autodetected from composer)
• Ability to extract used symbols from yaml, json, xml, neon, ...