konradmichalik / composer-dependency-age
A Composer plugin that analyzes the age of your project dependencies
Installs: 71
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:composer-plugin
Requires
- php: ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0
- composer-plugin-api: ^2.0
- ext-curl: *
- ext-posix: *
- konradmichalik/console-style-kit: ^0.1
- symfony/console: ^5.0 || ^6.0 || ^7.0
Requires (Dev)
- armin/editorconfig-cli: ^1.0 || ^2.0
- composer/composer: ^2.0
- eliashaeussler/php-cs-fixer-config: 2.3.0
- eliashaeussler/rector-config: ^3.0
- ergebnis/composer-normalize: ^2.44
- konradmichalik/php-doc-block-header-fixer: ^0.2
- phpstan/phpstan: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpstan/phpstan-symfony: ^2.0
- phpunit/phpunit: ^10.2 || ^11.0 || ^12.0
- roave/security-advisories: dev-latest
This package is auto-updated.
Last update: 2025-09-07 13:09:18 UTC
README
Composer Dependency Age
A Composer plugin that analyzes the age of your project dependencies and provides neutral categorization to help you understand your dependency landscape. No risk assessment - just clear, objective information about when your dependencies were last released.
Warning
This package is in early development stage and may change significantly in the future. I am working steadily to release a stable version as soon as possible.
Note
Understanding the age of your dependencies is crucial for maintaining a healthy codebase. While newer isn't always better, knowing when your dependencies were last updated helps you make informed decisions about maintenance, security planning, and technical debt management. This tool provides objective age categorization without making assumptions about what you should do - empowering you to prioritize updates based on your project's specific needs, risk tolerance and maintenance windows.
✨ Features
- Neutral Age Analysis - Categorizes dependencies as Current, Medium, or Old based on release dates
- Release Cycle Analysis - Analyzes dependency activity patterns with 4-tier activity rating
- Multiple Output Formats - CLI table, JSON for automation, GitHub-formatted for PRs
- Flexible Filtering - Analyze all dependencies or focus on direct ones only
- Smart Caching - Caches Packagist API responses with configurable TTL for better performance
- CI/CD Ready - Perfect for automated dependency auditing in your build pipelines
- Highly Configurable - Customize thresholds, ignore lists, and output preferences
🔥 Installation
composer require konradmichalik/composer-dependency-age --dev
📊 Usage
Command
Run the command to fully analyze your dependencies:
composer dependency-age
Command Line Options
| Option | Description | Default |
|---|---|---|
--format |
Output format: cli, json, github | cli |
--direct |
Show only direct dependencies | false |
--no-dev |
Exclude development dependencies | false |
--no-colors |
Disable color output | false |
--no-cache |
Disable caching | false |
--offline |
Use cached data only | false |
--ignore |
Comma-separated packages to ignore | - |
--thresholds |
Custom age thresholds (years) | current=0.5,medium=1.0,old=2.0 |
--no-release-cycles |
Disable release cycle analysis | false |
Automatic Analysis
The plugin automatically runs after composer install and composer update operations, providing immediate feedback on your dependency landscape.
$ composer install
📝 Configuration
Configure the plugin via composer.json
{
"extra": {
"dependency-age": {
"thresholds": {
"current": 0.5,
"medium": 1.0,
"old": 2.0
},
"ignore": ["psr/log", "psr/container"],
"output_format": "cli",
"include_dev": false,
"cache_ttl": 2592000,
"event_integration": true,
"event_operations": ["install", "update"],
"event_force_without_cache": false,
"enable_release_cycle_analysis": true,
"release_history_months": 24
}
}
}
🧑💻 Contributing
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
⭐ License
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.