Skip to content

selfphp/php-dependency-inspector

BranchesTags

Repository files navigation

PHP Dependency Inspector

CLI tool for analyzing, cleaning up, and monitoring Composer dependencies in PHP projects.

🚀 Commands

🔍 analyse

php bin/phpdi analyse [--path=...] [--only-unused] [--output=...]
Option Description
--path=... Path to project root (default: current dir)
--only-unused Show only packages that are not used in the codebase
--output=... Export results to a Markdown file

🛡 audit (for CI / Cron)

php bin/phpdi audit --output=report.md [--path=...] [--threshold=0] [--exit-on-unused] [--exit-on-outdated=minor|major] [--output-json=report.json] [--max-outdated=5] [--fail-if-total-packages-exceeds=100] [--no-ansi]
Option Description
--path=... Project directory to analyze
--output=... Write Markdown report to file
--output-json=... Write JSON report to file
--threshold=... Allow up to N unused packages before failing
--exit-on-unused Return exit code 1 if unused packages exceed threshold
--exit-on-outdated Set to none, minor, or major to fail (exit code 2) on outdated deps
--max-outdated=... Max number of outdated packages before failing with code 2
--fail-if-total-packages-exceeds=... Fail with exit code 3 if total package count exceeds limit
--no-ansi Disable ANSI colors (for CI log compatibility)

Exit Codes

  • 0: All checks passed
  • 1: Too many unused packages
  • 2: Outdated packages violate threshold
  • 3: Total package count exceeds limit

✅ Example

php bin/phpdi audit --output=report.md --threshold=3 --exit-on-unused --exit-on-outdated=minor

ℹ️ Analysis Logic

As of v1.4.0, the tool only analyzes production dependencies listed under require in composer.json.
Development packages from require-dev are excluded from usage checks.

This ensures accurate reports for production readiness and avoids false positives from test-related packages like phpunit/phpunit.

🧪 Testing

composer test

Runs PHPUnit tests for core functionality.

📦 Installation

composer install

Make sure you have a valid composer.lock file in your project root.

🔄 CI Integration

GitHub Actions

.github/workflows/dependency-audit.yml

name: Dependency Audit
on: [push, pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: 8.2
      - run: composer install
      - run: php bin/phpdi audit --exit-on-unused --exit-on-outdated=major --threshold=0

GitLab CI

.gitlab-ci.yml

dependency-audit:
  image: php:8.2
  script:
    - apt-get update && apt-get install -y unzip git
    - curl -sS https://getcomposer.org/installer | php
    - php composer.phar install
    - php bin/phpdi audit --exit-on-unused --exit-on-outdated=major --threshold=0

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 5

v1.4.0 – Improved Accuracy and Cleaner Output Latest
Jun 12, 2025
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages