Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Packagist Api
Assessments

Packagist Api Laravel Package

spatie/packagist-api

Search Packagist and fetch package details via the official Packagist API. Provides a simple PackagistClient built on Guzzle with a URL generator, plus helpers to list all packages or filter by vendor/type, and browse popular packages with pagination.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Developer Tooling & Ecosystem Integration

    • Enable internal tools (e.g., dependency scanners, compliance checkers) to programmatically fetch package metadata (versions, dependencies, licenses) from Packagist without reinventing API wrappers.
    • Example: Build a "Package Health Dashboard" for engineering teams to monitor third-party risks (e.g., outdated dependencies, vulnerable packages).

  • Build vs. Buy

    • Buy: Use this package to avoid maintaining custom API clients for Packagist, reducing technical debt.
    • Build: Only if needing highly customized Packagist interactions (e.g., real-time syncs, offline caching) beyond this package’s scope.

  • Roadmap Prioritization

    • Short-term: Integrate into CI/CD pipelines (e.g., GitHub Actions) to block builds on critical dependency issues.
    • Long-term: Extend to support other registries (Composer, npm, PyPI) via a unified abstraction layer, using this as a reference implementation.

  • Use Cases

    • Security: Scan for vulnerable packages by cross-referencing Packagist data with vulnerability databases (e.g., Snyk, GitHub Advisory Database).
    • Compliance: Automate license audits by extracting license fields from package metadata.
    • DevOps: Generate changelogs or release notes by aggregating package version histories.

When to Consider This Package

  • Adopt if:

    • Your team uses Composer/PHP and needs to fetch Packagist metadata programmatically (e.g., versions, dependencies, licenses).
    • You want to reduce API boilerplate and leverage a battle-tested, MIT-licensed solution with minimal maintenance.
    • Your use case aligns with read-only operations (e.g., analytics, reporting) rather than writing to Packagist.

  • Look elsewhere if:

    • You need real-time updates or offline caching—this package is a thin wrapper around Packagist’s API with no built-in persistence.
    • You require multi-registry support (e.g., npm, RubyGems) out of the box; consider a custom solution or a more generic package like box/spout (for CSV/Excel exports) combined with registry-specific APIs.
    • Your project demands high throughput (e.g., bulk processing 10K+ packages); the package may need rate-limiting handling.
    • You’re building a Packagist alternative or need to modify package metadata—this is read-only.

How to Pitch It (Stakeholders)

For Executives:

*"This package lets us automate dependency risk management by tapping into Packagist’s data—without building or maintaining our own API client. For example, we could:

  • Block vulnerable packages in CI/CD by integrating with security tools.
  • Reduce audit time by programmatically checking licenses and versions.
  • Cut dev ops costs by reusing open-source infrastructure instead of custom solutions. It’s a low-risk, high-reward investment with minimal maintenance, aligning with our focus on [security/compliance/DevEx]."*

For Engineering:

*"Spatie’s packagist-api gives us a simple, well-documented PHP client to fetch package metadata (versions, dependencies, licenses) from Packagist. Key benefits:

  • No API wrangling: Handles rate limits, authentication (if needed), and response parsing.
  • Lightweight: ~50KB, MIT-licensed, and actively maintained (last release: March 2025).
  • Extensible: We can wrap it in a service class to add caching, retries, or multi-registry support later. Use case: Let’s use it to power our [dependency scanner/compliance tool]—it’ll save us [X] hours of dev time and reduce technical debt."*

For Security/Compliance:

*"This package enables programmatic access to package metadata, which is critical for:

  • Automated vulnerability scanning: Cross-reference Packagist data with CVE databases.
  • License compliance: Audit third-party dependencies at scale.
  • Supply chain visibility: Track package histories and maintainers. Example: We could integrate it with our [SIEM/tool] to flag risky dependencies in real time."*
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport
twbs/bootstrap4