Detect unused composer dependencies

Overview

Project scanner for detect unused composer dependencies

unused-scanner

Versions

Use 1.3.x@dev versions for projects with php 5.6, 7.0

Use 2.x versions for projects with php >= 7.1

ChangeLog

see CHANGELOG.md

Installation

composer global require insolita/unused-scanner

Ensure that your ~/.composer/vendor/bin directory declared in $PATH

echo $PATH

if not - you should add it in ~/.bashrc or ~/.profile

Update

composer global update

Usage

prepare configuration file, see scanner_config.example.php

put it in project root (or other place)

run composer dumpautoload in your project directory

run unused_scanner /path/to/configuration/file/scanner_config.php

since 1.1 you can run it without argument, if scanner_config.php existed in current working directory, it will be used by default

For auto-testing:

Add --silent option for skip progress output and return exit code = 16, when unused packages detected

run unused_scanner --silent /path/to/configuration/file/scanner_config.php

Docker:

https://github.com/juanmrad/docker-unused-scanner

Demo screenshot

Licence

This project uses the MIT licence.

Comments
  • Packages with only usage of Symfony services/config in .yml are detected as unused

    Packages with only usage of Symfony services/config in .yml are detected as unused

    Php version: 7.2

    Os: Debian Stretch

    Composer packages with detection troubles: any that are used only in Symfony .yml definitions

    Which type of autoload it uses? -

    Code example of package classes usage that not detected: -

    E.g. if the only reference to willdurand/geocoder-bundle is - '@bazinga_geocoder.geocoder' as a DI argument for a service and in my service I construct it with a class from a different package as I have to (use Geocoder\ProviderAggregator;), it's not detected.

    wait feedback 
    opened by Destroy666x 11
  • Changed exit codes for found and not found unused deps

    Changed exit codes for found and not found unused deps

    Hello! It's hard to use unused scanner on CI, because it does not return properly exit codes.

    Default expected behaviour is following:

    • 0 - when no unused deps found
    • 1 - when found at least one unused dependency

    So I unused_scanner script to follow that behaviour

    opened by rakshazi 9
  • problem with composer >= 2.0.9

    problem with composer >= 2.0.9

    hi there,

    my apologies in case I am totally wrong here. i am using this package with version with "^1.3" inside my composer.json with PHP 5.6.9 as fixed PHP version. (yeah i know, super old). i was wondering, why composer now takes minutes instead of seconds when just using composer with -h - so with nothing. turned out, that this package uses nesbot/carbon (>=1.22) and this package requires kylekatarnls/update-helper (^1.1). and the helper is scanning all my files, while composer <= 2.0.8 is not.

    i don´t know what really causes that behavior, but in case it has something to do with this package i wanted to let you know.

    thanks !

    https://github.com/composer/composer/issues/9760

    opened by michabbb 8
  • Missing licence

    Missing licence

    opened by bdsl 6
  • Unused-scanner scans only first directory from the list and founds nothing

    Unused-scanner scans only first directory from the list and founds nothing

    Php version: 7.2.7 on Laravel 5.7.19

    Os: Win10 x64

    Composer packages with detection troubles: all

    I tried to test unused-scanner on my Laravel project. Following the manual, I've installed scanner via composer, created scanner_config.php in root directory and...

    It does not work. After preparing stage (less than a second), scanner takes first directory from $scanDirectories array, returns "No unused depedencies found" and quits.

    D:\htest\test>unused_scanner scanner_config.php

    • config prepared

    • search patterns prepared

    • Scan D:\htest\test\app
      100%[============================================================>] No unused dependencies found!

    My scanner_config.php:

    <?php $projectPath = __DIR__ ; //Declare directories which contains php code $scanDirectories = [ $projectPath . '/app/', $projectPath . '/config/', $projectPath . '/resources/views/', $projectPath. '/routes/' ]; //Optionally declare standalone files $scanFiles = [ $projectPath . '/AuthenticatesUsers.php', ]; return [ 'composerJsonPath' => $projectPath . '/composer.json', 'vendorPath' => $projectPath . '/vendor/', 'scanDirectories' => $scanDirectories, 'scanFiles'=>$scanFiles ];

    opened by TeslaX93 6
  • ::class references not detected

    ::class references not detected

    Under one of the directories included in the scanDirectories setting, if a PHP file returning an array contains a use of ::class, usage of the referenced class will not be detected. In my case, the reference was Opauth\OpenID\Strategy\OpenID::class and the associated library was opauth/openid.

    opened by elazar 5
  • Usage of classes without declared namespaces not detected

    Usage of classes without declared namespaces not detected

    One of the dependencies of my project is datadog/php-datadogstatsd. This library uses a classmap autoloader and references a directory containing a single class file that does not include a namespace directive.

    Under one of the directories included in the scanDirectories setting, I have a class that extends from this library's class. This class usage is not detected.

    opened by elazar 4
  • 'php' reported as an unused dependency after adding 'hyn/multi-tenant' as dependency

    'php' reported as an unused dependency after adding 'hyn/multi-tenant' as dependency

    Php version:

    PHP 7.2.5-1+ubuntu16.04.1+deb.sury.org+1

    Os:

    ubuntu16.04.1

    Composer packages with detection troubles:

    hyn/multi-tenant

    Which type of autoload it uses?

    PSR4

    When adding the package, scanner starts complaining:

    Unused dependencies found!
     -php
    
    bug todo hacktoberfest 
    opened by kalessil 3
  • Failed to open Stream

    Failed to open Stream

    Php version: 7.1.14

    Os: MacOS High Sierra

    Composer packages with detection troubles:

    Which type of autoload it uses?

    Code example of package classes usage that not detected:

    unused_scanner /path/to/configuration/file/scanner_config.php --silent PHP Warning: require_once(/path/to/configuration/file/scanner_config.php): failed to open stream: No such file or directory in /Users/enz/.composer/vendor/insolita/unused-scanner/Lib/Runner.php on line 86 PHP Fatal error: require_once(): Failed opening required '/path/to/configuration/file/scanner_config.php' (include_path='.:') in /Users/enz/.composer/vendor/insolita/unused-scanner/Lib/Runner.php on line 86

    question wait feedback 
    opened by push32 3
  • Feature request: Usage log

    Feature request: Usage log

    It would be nice if the scanner was able to log instances of usage that it found per dependency (i.e. the name of the dependency and paths to the source files that use it) so that dependencies with minimal usage could be removed or replaced.

    enhancement 
    opened by elazar 3
  • Compile to phar

    Compile to phar

    Fixes #33

    php -d phar.readonly=0 ./compile will produce unused_scanner.phar

    This file may be uploaded as a binary to a release (now there are a no releases only git tags)

    todo 
    opened by BoShurik 2
  • Laravel autodiscovery

    Laravel autodiscovery

    Is it somehow possible to support Laravels autodicovery feature?

    I tried to dig into Laravel to find the relevant code but I only found the place where the extra gets loaded, not where it's actually stored.

    Php version:

    8.0 (but doesn't really matter)

    Os:

    macOS / Ubunutu / Alpine

    Composer packages with detection troubles:

    All Laravel autodiscovered packages, e.g. https://github.com/spatie/laravel-json-api-paginate

    Which type of autoload it uses?

    Autodiscovery via the package's composer.json extra.
    See: https://laravelpackage.com/03-service-providers.html#autoloading

    composer.json of the package that is not detected:

    {
      ...,
    
      "autoload": { ... },
    
      "extra": {
          "laravel": {
              "providers": [
                  "JohnDoe\\BlogPackage\\BlogPackageServiceProvider"
              ]
          }
      }
    }
    

    Code example of package classes usage that not detected:

    The methods are magically injected, you call the package methods on your own models without any use.

    YourModel::jsonPaginate();
    

    See: https://github.com/spatie/laravel-json-api-paginate#usage

    enhancement verification 
    opened by wedi 2
Releases(2.4.0)
Owner
Insolita
Insolita
A Composer tool to show unused Composer dependencies by scanning your code.

composer-unused A Composer tool to show unused Composer dependencies by scanning your code. Created by Andreas Frömer and contributors, logo by Caneco

null 1.3k Jan 7, 2023
A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies

A CLI tool to analyze composer dependencies and verify that no unknown symbols are used in the sources of a package. This will prevent you from using "soft" dependencies that are not defined within your composer.json require section.

Matthias Glaub 722 Dec 30, 2022
Composer plugin for cleaning up unused files from packages.

Composer Cleanup Plugin Remove tests & documentation from the vendor dir. Based on laravel-vendor-cleanup but implemented as a Composer Plugin instead

Barry vd. Heuvel 136 Dec 15, 2022
A composer plugin, to install differenty types of composer packages in custom directories outside the default composer default installation path which is in the vendor folder.

composer-custom-directory-installer A composer plugin, to install differenty types of composer packages in custom directories outside the default comp

Mina Nabil Sami 136 Dec 30, 2022
Check your Composer dependencies at runtime.

Composition Composition provides a lightweight and generic API, that you can use to check your environment at runtime, instead of manually go checking

Bilal Amarni 108 May 4, 2021
Easily parse your project's Composer configuration, and those of its dependencies, at runtime

Composed This library provides a set of utility functions designed to help you parse your project's Composer configuration, and those of its dependenc

Josh Di Fabio 50 Nov 27, 2022
Shade/Inject composer dependencies into PocketMine-MP plugins.

ComposerShader README for v0.2.0-dev Important Note: This is not perfect, nor will it ever be, with several checks for common uses of certain function

Jack Honour 8 Aug 17, 2022
This composer plugin is a temporary implementation of using symbolic links to local packages as dependencies to allow a parallel work process

Composer symlinker A Composer plugin to install packages as local symbolic links. This plugin is a temporary implementation of using symbolic links to

Pierre Cassat 18 Nov 9, 2021
Plugin for composer to apply patches onto dependencies.

composer-patches-plugin This plugin allows you to provide patches for any package from any package. If you don't want a patch package outside the root

Netresearch 75 Aug 7, 2022
Composer bin plugin — Isolate your bin dependencies

Composer bin plugin — Isolate your bin dependencies Table of Contents Why? How does this plugin work? Installation Usage Example The all bin namespace

Bilal Amarni 394 Jan 7, 2023
A plugin to purge your unused assets, disabled products, and more.

Purge Assets for Craft CMS Purge Assets is a Craft plugin for super-simple purge of assets and products, either via the control panel or with console

Bram Beekman 4 Oct 10, 2021
Clean up your Magento database by removing orphaned, unused and wrongly added attribute, attribute values and settings (for M2).

Magento 2 EAV Cleaner Console Command Purpose of this project is to check for different flaws that can occur due to EAV and provide cleanup functions.

FireGento e. V. - Hackathons 41 Dec 14, 2022
TYPO3 CMS extension which checks used CSS selectors in HTML output of the current page and removes CSS declarations which are unused.

EXT:css_coverage TYPO3 CMS extension which checks used CSS selectors in HTML output of the current page and removes CSS declarations which are unused.

Armin Vieweg 3 Apr 8, 2022
Find undefined and unused variables with the PHP Codesniffer static analysis tool.

PHP_CodeSniffer VariableAnalysis Plugin for PHP_CodeSniffer static analysis tool that adds analysis of problematic variable use. Warns if variables ar

Payton Swick 116 Dec 14, 2022
This plugin help us to remove the unused file or directories in vendor

Composer Ignore Plugin This plugin help us to remove the unused file or directories in vendor. Installation Both global or local install can work well

__FresHmaN 21 Oct 21, 2021
Mobile_Detect is a lightweight PHP class for detecting mobile devices (including tablets). It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment.

Motto: "Every business should have a detection script to detect mobile readers." About Mobile Detect is a lightweight PHP class for detecting mobile d

Şerban Ghiţă 10.2k Jan 4, 2023
The Universal Device Detection library will parse any User Agent and detect the browser, operating system, device used (desktop, tablet, mobile, tv, cars, console, etc.), brand and model.

DeviceDetector Code Status Description The Universal Device Detection library that parses User Agents and detects devices (desktop, tablet, mobile, tv

Matomo Analytics 2.4k Jan 5, 2023
Library for PHP 7.4+ to detect Browsers and Devices

This library requires PHP 7.4+. Also a PSR-3 compatible logger and a PSR-16 compatible cache are required. In

Thomas Müller 37 Oct 2, 2022
Rules to detect game engines and other technologies based on Steam depot file lists

SteamDB File Detection Rule Sets This is a set of scripts that are used by SteamDB to make educated guesses about the engine(s) & technology used to b

Steam Database 103 Dec 14, 2022
Detect flaws in your architecture, before they drag you down into the depths of dependency hell ...

Detect flaws in your architecture before they drag you down into the depths of dependency hell ... What it does System Requirements Installation Phive

Michael Haeuslmann 507 Dec 27, 2022