A Composer tool to show unused Composer dependencies by scanning your code.

Last update: Jan 7, 2023

Related tags

Overview

composer-unused

A Composer tool to show unused Composer dependencies by scanning your code.

Created by Andreas Frömer and contributors, logo by Caneco.

🔥 🔥 Now available as Github Action on the Marketplace 🔥 🔥

Motivation

When working in a big repository, you sometimes lose track of your required Composer packages. There may be so many packages you can't be sure if they are actually used or not.

Unfortunately, the composer why command only gives you the information about why a package is installed in dependency to another package.

How do we check whether the provided symbols of a package are used in our code?

composer unused to the rescue!

Installation

PHAR (PHP Archive) (recommended)

Install via phive or grab the latest composer-unused.phar from the latest release:

$ phive install composer-unused

$ curl -JOL https://github.com/icanhazstring/composer-unused/releases/latest/download/composer-unused.phar

Global

If you have a lot of projects and don't want to install this package per project, simply install it as a global dependency (e.g. on your CI):

$ composer global require icanhazstring/composer-unused

Local

You can also install composer-unused as a local development dependency:

$ composer require --dev icanhazstring/composer-unused

❗ Beware: Local (or global) requirement might lead to issues related to outdated or replaced dependencies and composer-unused might not work as intended!

Usage

Depending on the kind of your installation the command might differ.

PHAR

The phar archive can be run directly in you project:

$ php composer-unused.phar

Local/Global

Having composer-unused as a local or global dependency you can run it as an composer-plugin:

$ composer unused

Exclude folders and packages

Sometimes you don't want to scan a certain directory or ignore a Composer package while scanning. In these cases, you can provide the --excludeDir or the --excludePackage option. These options accept multiple values as shown next:

$ php composer-unused.phar --excludeDir=config --excludePackage=symfony/console
$ php composer-unused.phar \
    --excludeDir=bin \
    --excludeDir=config \
    --excludePackage=symfony/assets \
    --excludePackage=symfony/console

Make sure the package is named exactly as in your composer.json

Ignore by configuration

You are also able to exclude packages by configuration. For this, you need to provide the extra directive in your composer.json file.

{
    "extra": {
        "unused": [
            "package/a",
            "package/b"
        ]
    }
}

Suppress progress bar

If you run composer-unused in CI the console progressbar often messes up your logs files. To suppress them use:

`$ php composer-unused.phar --no-progress`

Troubleshooting

If you encounter some errors, try running:

$ php composer-unused.phar -vvv

This command will enable the debug mode and create an error report beside your composer.json.

composer-unused-dump-YmdHis

Changelog

Please have a look at CHANGELOG.md.

Contributing

Please have a look at CONTRIBUTING.md.

Code of Conduct

Please have a look at CODE_OF_CONDUCT.md.

License

This package is licensed under the MIT License.

Comments

Packages with classmap autoloading are ignored

90% of packages I used in one of my project has classmap src autoloading, so they are ignored with reason "Package provides no namespace". They have some namespaces, just it is not mentioned in composer

Is there a way how to use your great library with this type of packages?

Thank you for your work!
duplicate enhancement

opened by lulco 36
False positives
Hi there,

Awesome idea for a package, however I am getting some false positives. In my case I am have a Laravel project, and the following packages came up as definite false positives:

`* aws/aws-sdk-php ✗

davejamesmiller/laravel-breadcrumbs ✗

doctrine/dbal ✗

jeremykenedy/laravel-phpinfo ✗

laravel/scout ✗

laravelcollective/html ✗`

There is one more package which I'm not 100% sure about: league/oauth2-client. I will investigate that one and get back to you.

Not 100% sure why these packages are hitting false positives, but might be to do with Laravel using a few of them internally, and others are being auto-discovered by Laravel, and not being used directly within the main app code.
enhancement
opened by robtesch 26

BUG: Package Functions

Describe the bug

Composer Unused does not seem to detect a package as a dependency if the source repo uses a function that is defined in that package.

Error dump

Live example in Actions output: https://github.com/tattersoftware/codeigniter4-files/runs/4347265699?check_suite_focus=true

Run composer-unused -vvv --profile --ansi --no-interaction --no-progress --excludePackage=php
Running 2.1.12 (2021-11-09 16:02:04) with PHP 8.0.13 on Linux / 5.11.0-1021-azure

Loading packages
----------------
 ! [NOTE] Found 7 package(s) to be checked.                                     
Scanning files from basedir /home/runner/work/codeigniter4-files/codeigniter4-files
-----------------------------------------------------------------------------------

Results
-------
Found 4 used, 3 unused and 5 ignored packages

 Used packages
 ✓ tatter/exports
 ✓ tatter/permits
 ✓ tatter/settings
 ✓ tatter/thumbnails
[18.7MiB/0.38s] Memory usage: 18.68MiB (peak: 18.97MiB), time: 0.38s

 Unused packages
 ✗ tatter/alerts
 ✗ tatter/assets
 ✗ tatter/audits

 Ignored packages
 ○ php (Package excluded by cli/config)
 ○ components/jquery (Package provides no namespace)
 ○ enyo/dropzone (Package provides no namespace)
 ○ fortawesome/font-awesome (Package provides no namespace)
 ○ twbs/bootstrap (Package provides no namespace)
Error: Process completed with exit code 1.

In this example tatter/alerts defines a helper function alerts() (https://github.com/tattersoftware/codeigniter4-alerts/blob/develop/src/Helpers/alerts_helper.php) which is used by the source repo's controller (https://github.com/tattersoftware/codeigniter4-files/blob/0ee8595a60394cebeb42ab11a3e095042b0ebd5e/src/Controllers/Files.php#L374).

bug

opened by MGatner 25

0.8.x: detects various used packages as unused
git clone https://github.com/api-platform/api-platform

cd api-platform/api

composer install

(add name in composer.json, see #345)

composer-unused

Expected:

Marks all packages that provide classes referenced in config/bundles.php as used

Actual:

They are all marked as unused.

For example: doctrine/doctrine-migrations-bundle or symfony/monolog-bundle

This used to work with 0.7.x
opened by lazka 24
ext-ds round #2
Describe the bug

So I had the issue with ext-ds before #87 which got fixed. Thanks!

Now installed this lib on another project and it reports unused ext-ds again. Not sure why though.

The file has use Ds\Set;

and a method is like

protected function execute(InputInterface $input, OutputInterface $output) : int { $currentFiles = new Set( ...

Error dump

``` {"time":"2021-03-18T20:05:21.635042+00:00","level":"info","message":"version","context":{"value":"0.7.0"}} {"time":"2021-03-18T20:05:21.635436+00:00","level":"info","message":"requires","context":{"php":"^8.0","ext-ds":"*","Vendor\/entity-fqn-extractor":"^0.1.0","Vendor\/logging-integration-bundle":"dev-master as 0.1.0","spawnia\/sailor":"^0.3.0","symfony\/config":"^5.2","symfony\/console":"^5.2","symfony\/dependency-injection":"^5.2","symfony\/error-handler":"^5.2","symfony\/finder":"^5.2","symfony\/framework-bundle":"^5.2","symfony\/http-kernel":"^5.2","thecodingmachine\/safe":"^1.3","vlucas\/phpdotenv":"^5.3","webmozart\/assert":"^1.10"}} {"time":"2021-03-18T20:05:21.635464+00:00","level":"info","message":"dev-requires","context":{"Vendor\/coding-standard":"^4.0","hectorj\/safe-php-psalm-plugin":"dev-master as 1.3.0","icanhazstring\/composer-unused":"0.7.4","maglnet\/composer-require-checker":"^3.2","php-ds\/php-ds":"^1.3","phpstan\/extension-installer":"^1.0","phpstan\/phpstan":"^0.12.58","phpstan\/phpstan-mockery":"^0.12.7","phpstan\/phpstan-phpunit":"^0.12.17","phpstan\/phpstan-strict-rules":"^0.12.5","phpstan\/phpstan-webmozart-assert":"^0.12.12","phpunit\/phpunit":"^9.5","psalm\/plugin-phpunit":"^0.15.1","roave\/security-advisories":"dev-master","thecodingmachine\/phpstan-safe-rule":"^1.0","vimeo\/psalm":"^4.6"}} {"time":"2021-03-18T20:05:21.635486+00:00","level":"info","message":"autoload","context":{"psr-4":{"Vendor\\Project\\":["generated\/PhpSailor\/","src\/"]}}} {"time":"2021-03-18T20:05:21.635505+00:00","level":"info","message":"dev-autoload","context":{"psr-4":{"Vendor\\Project\\Tests\\":"tests\/"}}} {"time":"2021-03-18T20:05:21.714817+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/generated\/PhpSailor\/FlopApi\/EnabledSflowDevices.php","context":[]} {"time":"2021-03-18T20:05:21.727818+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/generated\/PhpSailor\/FlopApi\/EnabledSflowDevices\/EnabledSflowDevicesResult.php","context":[]} {"time":"2021-03-18T20:05:21.732516+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/generated\/PhpSailor\/FlopApi\/EnabledSflowDevices\/EnabledSflowDevices.php","context":[]} {"time":"2021-03-18T20:05:21.733637+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/generated\/PhpSailor\/FlopApi\/EnabledSflowDevices\/Devices\/Devices.php","context":[]} {"time":"2021-03-18T20:05:21.735022+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/sailor.php","context":[]} {"time":"2021-03-18T20:05:21.740026+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/tests\/bootstrap.php","context":[]} {"time":"2021-03-18T20:05:21.744057+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/tests\/TestCaseBase.php","context":[]} {"time":"2021-03-18T20:05:21.783792+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/src\/bootstrap.php","context":[]} {"time":"2021-03-18T20:05:21.787352+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/src\/Nfdump\/Application\/ConsoleCommand\/GenerateNfcapdConfig.php","context":[]} {"time":"2021-03-18T20:05:21.799781+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/src\/Nfdump\/Domain\/PathProvider.php","context":[]} {"time":"2021-03-18T20:05:21.801460+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/src\/CoreLibrary\/Symfony\/KernelContainerConfigurator.php","context":[]} {"time":"2021-03-18T20:05:21.809976+00:00","level":"debug","message":"Parsing file \/Users\/user\/project\/src\/Kernel.php","context":[]} ```

Additional information

I wonder how to debug. I can see it's scanning the file with ext-ds used in dump.
opened by simPod 20

$Declaration of Symfony\Component\Console\Style\OutputStyle::write() is incompatible$

Declaration of Symfony\Component\Console\Style\OutputStyle::write() is incompatible

Composer v2.0.10 is bundled with symfony/console where declaration of Symfony\Component\Console\Style\OutputStyle is

public function write($messages, $newline = false, $type = self::OUTPUT_NORMAL)

while in my app is

public function write($messages, bool $newline = false, int $type = self::OUTPUT_NORMAL)

It somehow causes composer unused to crash

Reading ./composer.json (/Users/user/project/composer.json)
Loading config file /Users/user/.composer/auth.json
Loading config file ./composer.json (/Users/user/project/composer.json)
Checked CA file /usr/local/etc/[email protected]/cert.pem: valid
Executing command (/Users/user/project): git branch -a --no-color --no-abbrev -v
Executing command (/Users/user/project): git rev-list master..composer
Executing command (/Users/user/project): git rev-list remotes/origin/master..composer
Reading /Users/user/.composer/composer.json
Loading config file /Users/user/.composer/auth.json
Loading config file /Users/user/.composer/composer.json (/Users/user/.composer/composer.json)
Loading config file /Users/user/.composer/auth.json
Reading /Users/user/.composer/auth.json
Reading /Users/user/project/vendor/composer/installed.json
Loading plugin Dealerdirect\Composer\Plugin\Installers\PHPCodeSniffer\Plugin
Loading plugin PHPStan\ExtensionInstaller\Plugin
Loading plugin Roave\YouAreUsingItWrong\Hook
Loading plugin Icanhazstring\Composer\Unused\UnusedPlugin
Running 2.0.10 (2021-02-23 16:11:37) with PHP 7.4.15 on Darwin / 20.3.0
PHP Fatal error:  Declaration of Symfony\Component\Console\Style\OutputStyle::write($messages, bool $newline = false, int $type = self::OUTPUT_NORMAL) must be compatible with Symfony\Component\Console\Output\OutputInterface::write($messages, $newline = false, $options = 0) in /Users/user/project/vendor/symfony/console/Style/OutputStyle.php on line 52

opened by simPod 19

Check functions from file autoloading
Describe the bug

A function from a composer dependency is used but its usage is not detected. I assume it is about a function that is provided via files autoloading: https://github.com/bpolaszek/php-iterable-functions/blob/0cc66fecec909546752b67215af72acbb66445e3/composer.json#L10

Additional information

{ "require": { "php": ">=7.4", "bentools/iterable-functions": ">=1.4" }, "autoload": { "psr-4": { "FooBar\\": "src/" } }, "require-dev": { "icanhazstring/composer-unused": ">=0.7" } }
enhancement
opened by JoshuaBehrens 19
Allow scanning of files that are not in namespaces but consume namespaces
Currently the code seems to only scan psr0/4, classmap and files directives. However, we have a large Cake2 project where the bulk of our files are not namespaced. They still use composer dependencies.

An example high level directory structure is like (in our case):

bin/ Config/ Console/ Controller/ Lib/ Model/ Plugin/ src/ Test/ vendor/ View/ webroot/ composer.json composer.lock

While /src contains a section of our code which is namespaced, our MVC files are in either the Controller/Model/View directories, or in the Plugin directory. These have no namespace, but do consume namespaces.

It would be handy if the tool could scan those files as well, as currently the output of unused is correct if we are only talking about the src directory. The rest of the "unused" packages are consumed in our MCV structure (or at least I'd like to think so!)
enhancement
opened by AshleyPinner 16
False positives after using `readonly` modifier

Describe the bug

I'm changing one of my libs to require and use features from PHP 8.1. After the commit that introduces the readonly modifier, composer-unused started to report false positives.

I'm ignoring it for now but it might be good to investigate the cause :+1:
bug

opened by lcobucci 14
bin/composer-unused not working when composer/composer not present

Describe the bug

Currently composer/composer is used to "fake" a composer executable using the bin/composer-unused binary. This is not possible anymore as the dependency to it was moved to dev to avoid conflicting while installing the tool.

The binary should be removed altogether an only bundled with the phar archive where composer/composer is shipped with. If installed as plugin composer unused should be the way to go.
bug

opened by icanhazstring 13

Unable to install composer-unused in private packagist package

When typing composer require --dev icanhazstring/composer-unused, I'm getting an error and I can't install this package 😕

Using version ^0.5.6 for icanhazstring/composer-unused
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for icanhazstring/composer-unused ^0.5.6 -> satisfiable by icanhazstring/composer-unused[0.5.6].
    - icanhazstring/composer-unused 0.5.6 requires zendframework/zend-servicemanager ^3.4 -> no matching package found.

Potential causes:
 - A typo in the package name
 - The package is not available in a stable-enough version according to your minimum-stability setting
   see <https://getcomposer.org/doc/04-schema.md#minimum-stability> for more details.
 - It's a private package and you forgot to add a custom repository to find it

Read <https://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.

opened by carusogabriel 13

Unable to run the phar version on project
Describe the bug

I have installed the latest Phar version on my computer, but when I want execute, I have this error:

PHP Fatal error: Uncaught Error: Typed property __ComposerUnused__\ComposerUnused\ComposerUnused\Composer\Config::$name must not be accessed before initialization in phar:///home/me/.config/composer/vendor/bin/composer-unused/src/Composer/Config.php:23

Additional information

I have try with PHP 7.4, 8.0 and 8.1 with same result.
opened by macintoshplus 1
composer(deps): update phpstan/phpdoc-parser requirement from ^1.12 to ^1.15
Updates the requirements on phpstan/phpdoc-parser to permit the latest version.

Release notes

Sourced from phpstan/phpdoc-parser's releases.

1.15.0

6ff970a - Fix tests

2a4686e - Add generics support to @method definitions

c7c2609 - Update dessant/lock-threads action to v4

Commits

6ff970a Fix tests

2a4686e Add generics support to @method definitions

c7c2609 Update dessant/lock-threads action to v4

df1a794 Generics type projections (call-site variance)

aac4411 Add specialized tags support

066f9d0 Update send-pr.yml

4f28c2e Update metcalfc/changelog-generator action to v4

33aefcd Add equality assert syntax

ae85d4b Fix __toString() for negated asserts

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependency
opened by dependabot[bot] 0
Missing directories cause crash

Describe the bug

When a PSR-4 prefix is registered in composer.json but the directory it points to does not exist composer-unused crashes. Composer itself doesn't mind.

Additional information

Finder.php line 532.

opened by SamMousa 1
Wrong version in command

There is a wrong version number in command

https://github.com/composer-unused/composer-unused/blob/af9085d2058333d26559b334c536c40fb04e28d3/src/Console/Command/UnusedCommand.php#L33

opened by ssanko 1
fix/issue #399 draft2
PR for issue #399

What i fixed

Added simple log message that Package was ignored %s was ignored

removed the ::warning from infront of message

Added GithubFormatter unit test
opened by ayushthe1 2
fix/issue #399 - draft 1
PR for issue #399

What i fixed

Added simple log message that Package was ignored %s was ignored

removed the ::warning from infront of message

What remains to be fixed

Add unit tests
opened by ayushthe1 0

Releases(0.8.5)

0.8.5(Dec 2, 2022)
Improvements 🔧

Readd progress bar by @MarcinGladkowski in https://github.com/composer-unused/composer-unused/pull/427

Fixes 🐛

Marking required package as used by "required-by" even if other package is unused by @MarcinGladkowski in https://github.com/composer-unused/composer-unused/pull/424

Update PatternFilter example in README by @mvhirsch in https://github.com/composer-unused/composer-unused/pull/416

Explicitly require symfony/property-access by @eliashaeussler in https://github.com/composer-unused/composer-unused/pull/428

Resolve issue with suggest-by feature by @eliashaeussler in https://github.com/composer-unused/composer-unused/pull/428

New Contributors

@mvhirsch made their first contribution in https://github.com/composer-unused/composer-unused/pull/416

@MarcinGladkowski made their first contribution in https://github.com/composer-unused/composer-unused/pull/424

@eliashaeussler made their first contribution in https://github.com/composer-unused/composer-unused/pull/428

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.8.4...0.8.5
Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.33 MB)
composer-unused.phar.asc(566 bytes)
0.8.4(Oct 13, 2022)
Improvements 🔧

Add JsonFormatter with test by @TomasVotruba in https://github.com/composer-unused/composer-unused/pull/398

Add testcase for readonly class (#369) by @pascalheidmann in https://github.com/composer-unused/composer-unused/pull/402

Don't report packages unused in annotations by @LeoVie in https://github.com/composer-unused/composer-unused/pull/404

Prepare php 8.2 support by @pascalheidmann in https://github.com/composer-unused/composer-unused/pull/403

Fixes 🐛

override exit code with "0" if option --ignore-exit-code is used by @pascalheidmann in https://github.com/composer-unused/composer-unused/pull/396

Empty PSR4 namespace by @yoanmLf in https://github.com/composer-unused/composer-unused/pull/405

New Contributors

@pascalheidmann made their first contribution in https://github.com/composer-unused/composer-unused/pull/396

@TomasVotruba made their first contribution in https://github.com/composer-unused/composer-unused/pull/398

@LeoVie made their first contribution in https://github.com/composer-unused/composer-unused/pull/404

@yoanmLf made their first contribution in https://github.com/composer-unused/composer-unused/pull/405

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.8.3...0.8.4
Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.13 MB)
composer-unused.phar.asc(566 bytes)
0.8.3(Sep 30, 2022)
Improvements 🔧

Add missing use statement by @OskarStark in https://github.com/composer-unused/composer-unused/pull/374

Fixes 🐛

Keep the PatternFilter in used state by @nicklog in https://github.com/composer-unused/composer-unused/pull/353

Wire up custom configuration file location support by @WyriHaximus in https://github.com/composer-unused/composer-unused/pull/354

Fix typo in CONTRIBUTING.md by @Jean85 in https://github.com/composer-unused/composer-unused/pull/359

Fix Symfony 4 support by @Jean85 in https://github.com/composer-unused/composer-unused/pull/360

Mark new "composer" platform requirement as globally excluded. (Fixes: #381) by @AndreasA in https://github.com/composer-unused/composer-unused/pull/389

Lexer version detector patch by @georgeconstantinou in https://github.com/composer-unused/composer-unused/pull/392

New Contributors

@nicklog made their first contribution in https://github.com/composer-unused/composer-unused/pull/353

@WyriHaximus made their first contribution in https://github.com/composer-unused/composer-unused/pull/354

@Jean85 made their first contribution in https://github.com/composer-unused/composer-unused/pull/359

@OskarStark made their first contribution in https://github.com/composer-unused/composer-unused/pull/374

@AndreasA made their first contribution in https://github.com/composer-unused/composer-unused/pull/389

@georgeconstantinou made their first contribution in https://github.com/composer-unused/composer-unused/pull/392

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.8.2...0.8.3
Source code(tar.gz)
Source code(zip)
composer-unused.phar(3.99 MB)
composer-unused.phar.asc(566 bytes)
0.8.2(Mar 22, 2022)
What's Changed

With 0.8.2 we improved the performance of the tool quite a bit. So the overall experience should be be better. In preparation to get the composer-unused-plugin to work properly. We prefixed the sources inside the .phar file.

Improvements 🔧

Make Required Dependencies faster by @scyzoryck in https://github.com/composer-unused/composer-unused/pull/322

Split independent loops during looking for used packages by @scyzoryck in https://github.com/composer-unused/composer-unused/pull/324

Fixes 🐛

Avoid strpos comparison for php package by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/318

Resolve #328: Fix issue where output format could not be forced by cli by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/334

Expose Symfony\Polyfill to be able to run phar with php7.4 by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/339

New Contributors

@scyzoryck made their first contribution in https://github.com/composer-unused/composer-unused/pull/322

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.8.1...0.8.2
Source code(tar.gz)
Source code(zip)
composer-unused.phar(3.96 MB)
composer-unused.phar.asc(566 bytes)
0.8.1(Feb 15, 2022)
What's Changed

With 0.8 release we introduced some regressions into the tool. This release should fix most of them.

Features 💡

GithubAction Annotations:

With this, composer-unused will now annotate errors in your pull requests for unused or zombie packages

--output-format option is now available and can be set to default or github (new styles coming in the future)

Dedicated configuration

The configuration from composer.json was moved into composer-unused.php (see https://github.com/composer-unused/composer-unused#configuration)

Improvements 🔧

Add --output-format by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/280

Add possibility to change phpparser lexer to use correct php version by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/295

Use CIDetector to change output automatically by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/296

Add dedicated configuration by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/299

Use composer/installed.php to get install path of packages by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/306

Fixes 🐛

Resolve #281: Change filter usage state only once by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/282

Update box-project/box to build phar for php8.1 by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/289

List ignored/invalid dependencies in "Ignore" section again by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/297

Use glob to provide multiple additional files by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/304

Allow list of paths for a single namespace specification by @agustingomes in https://github.com/composer-unused/composer-unused/pull/294

New Contributors

@agustingomes made their first contribution in https://github.com/composer-unused/composer-unused/pull/294

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.8.0...0.8.1
Source code(tar.gz)
Source code(zip)
composer-unused.phar(3.96 MB)
composer-unused.phar.asc(566 bytes)
0.8.0(Feb 3, 2022)
What's Changed

Version 0.8 marks a full rewrite of how composer-unused is scanning for unused packages and its integration into composer. There a new features that were rewritten and added again also some features got removed as they need a stable base to integrated again.

Integration with composer

composer-unused itself is no longer a composer-plugin. This functionality was moved to composer-unused/composer-unused-plugin. If you want to use it as a plugin, you only need to install the plugin itself.

Other than that composer-unused is now working as a CLI tool. You can execute it from anywhere passing a --composer-json as option to scan the given file, or like the previous behavior execute it beside the composer.json you want to scan.

Improvements 🔧

Add required-by output after scan by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/260

Add suggested-by flag for console output by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/261

Add php8.1 build by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/243

Integrate symfony/console and split out composer plugin implementation by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/262

Display error message on faulty composer.json by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/263

Add --version output for binary by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/264

Check for function invocation parsing by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/249

Add feature for unused zombies by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/265

Added pattern exclusion support for "-implementation" packages by @verenaroe https://github.com/composer-unused/composer-unused/pull/223

Added support for the excludePackage option by @verenaroe https://github.com/composer-unused/composer-unused/pull/222

Fixed 🐛

Exlude composer-unused-plugin from being reported as unused by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/270

Don't mark composer-runtime-api as unused by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/274

New Contributors

@sbol-coolblue made their first contribution in https://github.com/composer-unused/composer-unused/pull/255

@verenaroe made their first contribution in https://github.com/composer-unused/composer-unused/pull/223

@MGatner made their first contribution int https://github.com/composer-unused/composer-unused/pull/231

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.7.8...0.8.0
Source code(tar.gz)
Source code(zip)
composer-unused.phar(2.61 MB)
composer-unused.phar.asc(566 bytes)
0.8.0-RC1(Jan 5, 2022)
What's Changed

github-actions(deps): bump shivammathur/setup-php from 2.15.0 to 2.16.0 by @dependabot in https://github.com/composer-unused/composer-unused/pull/241

Add php8.1 build by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/243

Update README.md by @sbol-coolblue in https://github.com/composer-unused/composer-unused/pull/255

Solve #219: Add required-by output after scan by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/260

Resolve #218: Add suggested-by flag for console output by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/261

composer(deps-dev): update phpunit/phpunit requirement from ^9.5.10 to ^9.5.11 by @dependabot in https://github.com/composer-unused/composer-unused/pull/256

composer(deps-dev): update composer/composer requirement from ^2.1.12 to ^2.2.3 by @dependabot in https://github.com/composer-unused/composer-unused/pull/259

Resolve #252: Integrate symfony/console and split out composer plugin implementation by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/262

Resolve #248: Display error message on faulty composer.json by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/263

Resolve #140: Add --version output for binary by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/264

Check for function invocation parsing by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/249

Resolve #189: Add feature for unused zombies by @icanhazstring in https://github.com/composer-unused/composer-unused/pull/265

New Contributors

@sbol-coolblue made their first contribution in https://github.com/composer-unused/composer-unused/pull/255

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.7.x...0.8.0-RC1
Source code(tar.gz)
Source code(zip)
composer-unused.phar(2.61 MB)
composer-unused.phar.asc(566 bytes)
0.7.12(Dec 29, 2021)
What's Changed

Allow symfony/finder v6 by @simPod in https://github.com/composer-unused/composer-unused/pull/257

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.7.11...0.7.12
Source code(tar.gz)
Source code(zip)
composer-unused.phar(5.26 MB)
composer-unused.phar.asc(566 bytes)
0.7.11(Dec 22, 2021)

This reverts changes done with 0.7.10. As it turned out, removing composer/composer is not that simple. The dependency to it will be removed in later phase for 0.8 until that, 0.7 will stay as is.

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.7.10...0.7.11
Source code(tar.gz)
Source code(zip)
composer-unused.phar(5.26 MB)
composer-unused.phar.asc(566 bytes)
0.7.10(Dec 16, 2021)

Source code(tar.gz)
Source code(zip)
composer-unused.phar(5.19 MB)
composer-unused.phar.asc(566 bytes)
0.7.9(Dec 14, 2021)

Source code(tar.gz)
Source code(zip)
composer-unused.phar(5.19 MB)
composer-unused.phar.asc(566 bytes)
0.7.8(Nov 24, 2021)
What's Changed

composer(deps-dev): update phpstan/phpstan requirement from ^0.12.93 to ^0.12.94 by @dependabot in https://github.com/composer-unused/composer-unused/pull/203

github-actions(deps): bump shivammathur/setup-php from 2.11.0 to 2.12.0 by @dependabot in https://github.com/composer-unused/composer-unused/pull/202

composer(deps-dev): update phpunit/phpunit requirement from ^9.5.7 to ^9.5.8 by @dependabot in https://github.com/composer-unused/composer-unused/pull/204

composer(deps-dev): update phpstan/phpstan requirement from ^0.12.94 to ^0.12.96 by @dependabot in https://github.com/composer-unused/composer-unused/pull/205

composer(deps-dev): update phpstan/phpstan requirement from ^0.12.96 to ^0.12.99 by @dependabot in https://github.com/composer-unused/composer-unused/pull/212

composer(deps-dev): update phpunit/phpunit requirement from ^9.5.8 to ^9.5.9 by @dependabot in https://github.com/composer-unused/composer-unused/pull/207

github-actions(deps): bump shivammathur/setup-php from 2.12.0 to 2.14.0 by @dependabot in https://github.com/composer-unused/composer-unused/pull/211

composer(deps-dev): update phpunit/phpunit requirement from ^9.5.9 to ^9.5.10 by @dependabot in https://github.com/composer-unused/composer-unused/pull/215

composer(deps): update nikic/php-parser requirement from ^4.12 to ^4.13 by @dependabot in https://github.com/composer-unused/composer-unused/pull/214

github-actions(deps): bump shivammathur/setup-php from 2.14.0 to 2.15.0 by @dependabot in https://github.com/composer-unused/composer-unused/pull/216

github-actions(deps): bump crazy-max/ghaction-import-gpg from 3 to 4 by @dependabot in https://github.com/composer-unused/composer-unused/pull/210

Allow support for psr/container ^2.0 by @alex-winter in https://github.com/composer-unused/composer-unused/pull/239

New Contributors

@alex-winter made their first contribution in https://github.com/composer-unused/composer-unused/pull/239

Full Changelog: https://github.com/composer-unused/composer-unused/compare/0.7.7...0.7.8
Source code(tar.gz)
Source code(zip)
composer-unused.phar(5.09 MB)
composer-unused.phar.asc(566 bytes)
0.7.7(Jul 26, 2021)
Added

Added support for psr/log v2 and 3 #200 (thanks to @simPod)

Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.99 MB)
composer-unused.phar.asc(566 bytes)
0.7.6(Jul 15, 2021)
Removed

Droppped support for composer v1

This release should fix issue with old and new github key format
Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.95 MB)
composer-unused.phar.asc(566 bytes)
0.7.5(Oct 28, 2020)
Added

Added an InstanceofStrategy which detects usages in instanceof expressions #100 Thanks to @localheinz

Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.69 MB)
composer-unused.phar.asc(566 bytes)
0.7.4(Sep 15, 2020)
Fixed

Fixed an issue where ext-ds classes were not recognized as used #88

Fixed an issue where extends and implements of FQN was not marked as used #97

Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.64 MB)
composer-unused.phar.asc(566 bytes)
0.7.3(May 21, 2020)
Added

Added workflow to verify integrity of build phar file

Added self unused dependency check using bin/composer-unused

Changed

Readded composer/composer into root requirements as its required to run bin/composer-unused

Fixed

Fixed an issue where log level received wrong type #83 (thanks to @JoshuaBehrens)

Source code(tar.gz)
Source code(zip)
composer-unused.phar(4.00 MB)
composer-unused.phar.asc(566 bytes)
0.7.2(May 19, 2020)
Added

Added phpspec/prophecy-phpunit to remove deprecations warnings of prophecy() with phpunit/phpunit:^9.0

Added support for composer 2.0 #77

Changed

Changed the exit code 0 if there are no packages to scan #78

Fixed

Fixed an issue where Core extension was checked as ext-core instead of php #79

Source code(tar.gz)
Source code(zip)
composer-unused.phar(3.89 MB)
composer-unused.phar.asc(566 bytes)
0.7.1(Dec 9, 2019)
Added

Added --no-progress to suppress progress bar for CI

Fixed

Fixed bin/composer-unused was unable to detect vendor/autoload.php when run as direct depdendency

Source code(tar.gz)
Source code(zip)
composer-unused.phar(3.95 MB)
composer-unused.phar.asc(566 bytes)
0.7.0(Dec 1, 2019)

Add scoped phar support and release asset.
Source code(tar.gz)
Source code(zip)
composer-unused.phar(3.95 MB)
composer-unused.phar.asc(566 bytes)
0.6.2(Oct 31, 2019)

This release will add support to scan for unused php extensions like ext-json
Source code(tar.gz)
Source code(zip)
0.6.1(Oct 24, 2019)

Fixed some leftover references on zendframework/zend-servicemanager which caused a bug in runtime. Also remove shorthand options on the command for excludeDir and excludePackage
Source code(tar.gz)
Source code(zip)
0.6.0(Oct 24, 2019)

This release will remove the dependency on zendframework/zend-servicemanager and will use our own customer psr/container-interface implementation.

Further some minor bugs were removed and the README.md as well as the CHANGELOG.md got some care taken of.
Source code(tar.gz)
Source code(zip)
0.5.6(Apr 30, 2019)

Bugfix release to support typo3 composer packages #47 Thanks to @tomasnorre
Source code(tar.gz)
Source code(zip)
0.5.5(Apr 12, 2019)

Bugfix release to support yii2 composer packages #44 Thanks to @moltam
Source code(tar.gz)
Source code(zip)
0.5.4(Apr 11, 2019)
Fixed:

Fixed issue where composer-unused-dump was created even when not in debug mode #41

Fixed issue where exit code was greater 0 on skipped packages, while it should be on unused packages #42 Thanks to @binarious

Source code(tar.gz)
Source code(zip)
0.5.3(Apr 11, 2019)

Fixed issue where qualified namespaces where not recognized when called from global namespace. This caused some false-positives (e.g. for symfony-bundles)
Source code(tar.gz)
Source code(zip)
0.5.2(Apr 11, 2019)

This bugfix release adds support for symfony-bundle type in composer.json
Source code(tar.gz)
Source code(zip)
0.5.1(Mar 29, 2019)
It is possible that a package defines a valid namespace and an empty one. This caused the usage analysis to break.

{ "autoload": { "psr-4": { "": "src/", "A\\": "src/" } } }
Source code(tar.gz)
Source code(zip)
0.5.0(Mar 29, 2019)
This release will change the behavior of the plugin.

Changed:

the plugin will exit with a code > 0 if there are unused packages

temporary solution to "silent" ignore ext- packages (might be changed in the future #33)

Added:

cli parameter to exit clean (even with unused packages) --ignore-exit-code

Source code(tar.gz)
Source code(zip)