selfphp/php-dependency-inspector

CLI tool for analyzing, cleaning up, and monitoring Composer dependencies in PHP projects.

Maintainers

Details

github.com/selfphp/php-dependency-inspector

Source

Issues

Installs: 2

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 0

Forks: 1

Open Issues: 2

pkg:composer/selfphp/php-dependency-inspector

v1.4.0 2025-06-11 20:27 UTC

Requires

Requires (Dev)

MIT 088ffab5ab35ff6fa9aa5924be16c68a01c665cd

  • SELFPHP - Damir Enseleit <damir.enseleit.woop@selfphp.de>

dependencyphpclicomposerinspectoranalysiscleanupunused packagesoutdated packagesautomated audit

This package is auto-updated.

Last update: 2025-12-12 06:41:36 UTC

README

CLI tool for analyzing, cleaning up, and monitoring Composer dependencies in PHP projects.

๐Ÿš€ Commands

๐Ÿ” analyse

php bin/phpdi analyse [--path=...] [--only-unused] [--output=...]
Option Description
--path=... Path to project root (default: current dir)
--only-unused Show only packages that are not used in the codebase
--output=... Export results to a Markdown file

๐Ÿ›ก audit (for CI / Cron)

php bin/phpdi audit --output=report.md [--path=...] [--threshold=0] [--exit-on-unused] [--exit-on-outdated=minor|major] [--output-json=report.json] [--max-outdated=5] [--fail-if-total-packages-exceeds=100] [--no-ansi]
Option Description
--path=... Project directory to analyze
--output=... Write Markdown report to file
--output-json=... Write JSON report to file
--threshold=... Allow up to N unused packages before failing
--exit-on-unused Return exit code 1 if unused packages exceed threshold
--exit-on-outdated Set to none, minor, or major to fail (exit code 2) on outdated deps
--max-outdated=... Max number of outdated packages before failing with code 2
--fail-if-total-packages-exceeds=... Fail with exit code 3 if total package count exceeds limit
--no-ansi Disable ANSI colors (for CI log compatibility)

Exit Codes

  • 0: All checks passed
  • 1: Too many unused packages
  • 2: Outdated packages violate threshold
  • 3: Total package count exceeds limit

โœ… Example

php bin/phpdi audit --output=report.md --threshold=3 --exit-on-unused --exit-on-outdated=minor

โ„น๏ธ Analysis Logic

As of v1.4.0, the tool only analyzes production dependencies listed under require in composer.json.
Development packages from require-dev are excluded from usage checks.

This ensures accurate reports for production readiness and avoids false positives from test-related packages like phpunit/phpunit.

๐Ÿงช Testing

composer test

Runs PHPUnit tests for core functionality.

๐Ÿ“ฆ Installation

composer install

Make sure you have a valid composer.lock file in your project root.

๐Ÿ”„ CI Integration

GitHub Actions

.github/workflows/dependency-audit.yml

name: Dependency Audit
on: [push, pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: 8.2
      - run: composer install
      - run: php bin/phpdi audit --exit-on-unused --exit-on-outdated=major --threshold=0

GitLab CI

.gitlab-ci.yml

dependency-audit:
  image: php:8.2
  script:
    - apt-get update && apt-get install -y unzip git
    - curl -sS https://getcomposer.org/installer | php
    - php composer.phar install
    - php bin/phpdi audit --exit-on-unused --exit-on-outdated=major --threshold=0