Table of contents
Introduction Composer Dependency Analyser
The Composer Dependency Analyser is a useful tool for PHP developers that helps to identify and manage dependencies within a project. This is particularly important for recognising and removing unused or obsolete packages, resulting in a more efficient and maintainable codebase. As an agency, we use this tool in many of our projects and integrate it into GitLab CI/CD pipelines to continuously optimise code and package quality.
Installation and setup of Composer Dependency Analyser
To use the Composer Dependency Analyser, you must first install the tool. The following steps will guide you through the process:
1. install the tool via Composer:
composer require --dev shipmonk-rnd/composer-dependency-analyser
2. run the tool to start an analysis of your dependencies:
vendor/bin/composer-dependency-analyser
Possible stumbling blocks:
- Make sure that your Composer project is properly configured and that all dependencies are correctly defined in the
composer.json file.
Configuration and customisation of Composer Dependency Analyser
The Composer Dependency Analyser can be adapted to your project requirements by defining specific rules or ignoring certain dependencies. Here are some configuration tips:
- You can create a list of packages to ignore if you deliberately want to keep them even though they are not directly used.
- Use the integrated reporting options to obtain detailed information about unused or obsolete dependencies.
Example of a possible customisation:
{ "ignore": [
"symfony/polyfill-*"
]
}
Advantages: You avoid unnecessary dependencies and ensure that your composer.lock file only contains the packages that are actually used.
Use of Composer Dependency Analyser
The tool is used to analyse all packages and dependencies in your project. It helps to remove unnecessary dependencies and improve the security and efficiency of the code.
Typical use cases:
- Removing unused dependencies from legacy projects.
- Optimisation of dependencies to reduce memory consumption and loading times.
Example:
vendor/bin/composer-dependency-analyser check
Integration in CI/CD-Pipelines
Our agency seamlessly integrates the Composer Dependency Analyser into CI/CD pipelines to ensure that dependencies are checked with every commit or merge.
Example of a GitLab CI configuration:
composer_dependency_check:
stage: test
script:
- vendor/bin/composer-dependency-analyser check
only:
- merge_requests
Advantages:
- Automated checking of dependencies with every merge request.
- Reduction of security risks due to obsolete or unnecessary packages.
Frequently asked questions (FAQ)
Was ist der Composer Dependency Analyser?
A tool for analysing and optimising the dependencies of a PHP project.
Why is it important to check the dependencies?
To improve code quality, minimise security risks and optimise resource consumption.
How does the tool help with legacy code?
It identifies obsolete or unused packages that can be removed or updated.
How do I integrate the Composer Dependency Analyser into my CI/CD pipelines?
By adding a dependency check step in the CI configuration file.
Which PHP versions are supported?
The tool is compatible with all current PHP versions that support Composer.
How can I remove unused dependencies?
Run the tool to identify unused packages and then adjust your composer.json file accordingly.
Can the tool cause errors?
Only if dependencies are not configured correctly. A precise check of composer.json is necessary.
Are there alternatives to the Composer Dependency Analyser?
Yes, some developers use manual audits or similar tools like composer-unused.
How often should I run the tool?
Ideally with every new commit or before every release in order to recognise unnecessary packages at an early stage.
What to do if the analyser does not work as expected?
Check the configuration of the tool and the versions of your dependencies.
Conclusion
The Composer Dependency Analyser is an essential tool for every PHP project to optimise code quality and remove unnecessary dependencies. With our expertise, we help you to successfully integrate the tool into your projects and CI/CD pipelines so that you benefit from a secure and efficient code base. Contact us if you need support with implementation or configuration.
Further resources
Reach our PHP Consultant specialists
We are experts in PHP and help you to master your digital challenges. Our experienced team supports you with PHP updates, PHP refactoring and advises you remotely on all questions relating to PHP. With our fully automated CI/CD deployments and a robust Docker infrastructure, we take your PHP projects to the next level. Rely on our expertise for reliable and scalable PHP solutions.