That tool allows you to check dependencies and versions across all your project.

1.0.0 2015-07-24 12:40 UTC


The main purpose of this project is to help you to handle your composer usage.

It can be used on a per-project basis, allowing you to check one project from command line. It can also be used to handle multiple projects and see results from a simple web interface.


Web view
Web view

Cli usage
Cli usage



In a per-project usage, you just need to checkout this repo where you want and, then, launch this command line :

./bin/composer_helper check /var/www/myproject --no-export -s

This will take any folders under /var/www, which have a composer.json file and apply rules.

Global usage

The global usage have 2 possibilities. You can just use the previous command line and give it all the folders you wanna check. Or you can export results in a more convenient way, with a little web app. This is how to do the last option.

  1. Checkout this project in a path your webserver can use (i.e: /var/www/composer_helper).
  2. Make sure both your user and your webserver can edit the "health.json" file.
  3. Run this command : `./bin/composer_helper check /var/www/* -s --quiet`
  4. Go to http://localhost/composer_helper/web/ (or whatever your host is) and see results.

To go further, you'll obviously wanna create a cronjob and a vhost. Feel free to do so, it'll be easier to work with that tool.

Rules applied


In this project we assume you have a satis proxy configured. Satis helps you to maintain private projects and be able to deploy your app when github or bitbucket are offline.

So one of the rule checks that every projects you use is in your satis proxy with the correct version.

You can also provide an internal vendor option (i.e: ccmbenchmark). When doing so, it'll check that for all packages from this particular vendor, you use the very last version. It will help you to keep hidden technical debt low.

Lock file

One of the rule checks that your lock file is up-to-date.


This project checks that you use only stable packages, as recommended in a production environment.


One of the rule just does a "composer validate" over every project to be sure there is no errors.