nowo-tech/composer-update-helper 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

nowo-tech/composer-update-helper

Composer 安装命令:

composer require nowo-tech/composer-update-helper

包简介

Generates composer require commands from outdated dependencies. Works with any PHP project (Symfony, Laravel, Yii, CodeIgniter, etc.)

README 文档

README

CI Packagist Version Packagist Downloads License PHP Symfony

Found this useful? Install from Packagist and give the repo a star on GitHub if it helps you.

Generates composer require commands from outdated dependencies. Works with any PHP project: Symfony, Laravel, Yii, CodeIgniter, Slim, Laminas, etc.

Features

  • ✅ Works with any PHP project
  • ✅ Separates production and development dependencies
  • ✅ Shows ignored packages with available versions
  • Force include packages: Override ignore list to force specific packages to be included
  • Multi-framework support with version constraints:
  • Symfony: respects extra.symfony.require
  • Laravel: respects laravel/framework + illuminate/* versions
  • Yii: respects yiisoft/yii2 version
  • CakePHP: respects cakephp/cakephp version
  • Laminas: respects laminas/* versions
  • CodeIgniter: respects codeigniter4/framework version
  • Slim: respects slim/slim version
  • ✅ Compares versions to avoid unnecessary updates
  • Dependency compatibility checking: Automatically detects and prevents dependency conflicts before suggesting updates
  • Transitive dependency suggestions: When conflicts are detected, automatically suggests updating required transitive dependencies with ready-to-use commands
  • Conflict Impact Analysis: Analyzes which packages would be affected by updating conflicting packages (optional with --show-impact flag)
  • Save impact analysis: Save impact analysis to file with --save-impact flag
  • ✅ Can execute commands directly with --run flag
  • ✅ Automatic installation via Composer plugin
  • Release information and changelogs: Shows GitHub release links and changelog previews for outdated packages
  • Progress indicators: Shows loading messages during long-running operations (dependency checking, fallback search, etc.)
  • Help option: Built-in --help flag for comprehensive usage information
  • Verbose and Debug modes: -v, --verbose and --debug options for troubleshooting and detailed information
  • Multiple file extensions: Supports both .yaml and .yml extensions for configuration files
  • Performance optimized: Emojis and common elements are optimized for better performance
  • Lightweight architecture: Script delegates complex logic to PHP in vendor, keeping the repo script lightweight and maintainable
  • ⚠️ Internationalization (i18n) (DEVELOPMENT MODE): Multi-language support for output messages with automatic language detection

Installation

composer require --dev nowo-tech/composer-update-helper

💡 Tip: We also recommend installing Code Review Guardian for a complete code quality workflow. See Related Packages section below.

After installation, two files will be copied to your project root:

  • generate-composer-require.sh - The lightweight wrapper script (delegates complex logic to PHP in vendor)
  • generate-composer-require.yaml - Configuration file for ignored and included packages (only created if doesn't exist)

Note: These files should be committed to your repository so they're available to all team members. The plugin will remove any old .ignore.txt entries from .gitignore if they exist.

Wrapper updates: On first install, generate-composer-require.sh is copied to your project root. On later composer update runs, the plugin does not overwrite a local wrapper that differs from the package copy unless you opt in:

{
  "extra": {
    "composer-update-helper": {
      "auto_update_wrapper": true
    }
  }
}

When opt-in is disabled (default), Composer shows a comment with MD5 hashes if the wrapper differs. See Configuration.

Architecture

The script uses a lightweight architecture for better maintainability:

  • generate-composer-require.sh (in your repo): A lightweight wrapper script (about 350 lines; size may change between releases) that handles:

  • Command-line argument parsing

  • Configuration file detection

  • Executing composer outdated

  • Calling the PHP processor

  • Displaying formatted output from PHP

  • Extracting and executing commands for --run flag

  • process-updates.php (in vendor): Contains the heavy processing logic (about 900 lines; size may change between releases), including:

  • Package processing and filtering

  • Framework detection and version constraints

  • Release information fetching

  • Command generation

  • Output formatting (emojis, sections, formatting, etc.)

The script automatically detects process-updates.php in vendor/nowo-tech/composer-update-helper/bin/ and uses it. This architecture ensures:

  • Lightweight script in your repo: Easy to read and understand
  • Complex logic in vendor: Automatically updated with composer update
  • Better maintainability: Clear separation of concerns
  • Automatic detection: No configuration needed

Usage

Basic Usage

# Show suggested update commands
./generate-composer-require.sh

# Execute commands directly
./generate-composer-require.sh --run

# Show release information
./generate-composer-require.sh --release-info

# Show full changelogs
./generate-composer-require.sh --release-detail

# Show impact analysis for conflicting packages
./generate-composer-require.sh --show-impact

# Save impact analysis to file
./generate-composer-require.sh --save-impact

# Verbose output
./generate-composer-require.sh --verbose

# Debug mode
./generate-composer-require.sh --debug

# Show help
./generate-composer-require.sh --help

Example output:

⏭️ Ignored packages (prod):
 - doctrine/doctrine-bundle:2.13.2

🔧 Suggested commands:
 composer require --with-all-dependencies vendor/package:1.2.3 another/package:4.5.6
 composer require --dev --with-all-dependencies phpstan/phpstan:2.0.0

Note: By default, release information is not shown (no API calls are made). Use --release-info or --release-detail to enable it.

Available options:

  • --run - Execute suggested commands automatically
  • --release-info - Show release information (summary with links)
  • --release-detail - Show full release changelog for each package (implies --release-info)
  • --no-release-info - Skip release information section (default behavior)
  • --show-impact, --impact - Show impact analysis for conflicting packages (disabled by default)
  • --save-impact - Save impact analysis to composer-update-impact.txt file (implies --show-impact)
  • -v, --verbose - Show verbose output (configuration files, packages, etc.)
  • --debug - Show debug information (very detailed, includes file paths, parsing, etc.)
  • -h, --help - Show help message

For detailed usage information, see Usage Guide.

Configuration

The script searches for configuration files in the current directory (where composer.json is located). It supports both .yaml and .yml extensions, with .yaml taking priority.

Edit generate-composer-require.yaml to configure which packages to ignore or force include during updates, and set default values for command-line options:

# Composer Update Helper Configuration
# Configuration file for ignored and included packages during composer update suggestions

# Enable detailed dependency compatibility checking
# When enabled (true), the tool will check if proposed package versions are compatible
# with currently installed dependencies, preventing conflicts before they occur.
# When disabled (false), the tool will suggest all available updates without checking
# dependency compatibility (faster but may suggest incompatible updates).
# Default: true
check-dependencies: true

# Language for output messages
# Supported: many locales (see docs/CONFIGURATION.md — currently 31+ languages in i18n)
# If not set, will auto-detect from system (LANG, LC_ALL, LC_MESSAGES)
# Default: en (English)
# ⚠️ WARNING: i18n feature is currently in DEVELOPMENT MODE
#language: es

# Command-line options defaults (can be overridden via command-line arguments)
# Set your preferred defaults here, then override them when needed via command-line flags
show-release-info: false     # Show release information by default
show-release-detail: false    # Show full changelog by default
show-impact-analysis: false    # Show impact analysis by default
save-impact-to-file: false    # Save impact analysis to file by default
verbose: false          # Verbose output by default
debug: false           # Debug mode by default

# List of packages to ignore during update
# Ignored packages will still be displayed in the output with their available versions,
# but won't be included in the composer require commands.
ignore:
 - doctrine/orm
 - symfony/security-bundle
 - laravel/framework
 # - package/name # You can add inline comments

# List of packages to force include during update
# Included packages will be added to the composer require commands even if they are
# in the ignore list.
# The include section has priority over the ignore section.
include:
 - some/package
 - another/package

💡 Tip: Command-line arguments always override YAML configuration. For example, if you set show-release-info: true in YAML but run ./generate-composer-require.sh --no-release-info, the release info will be disabled for that run.

For detailed configuration options including language settings, dependency checking, and backward compatibility, see Configuration Guide.

For framework support details, see Framework Support.

Packagist Integration

Composer Update Helper fetches package information from Packagist to analyze dependencies and find compatible versions. Here's how it works:

How It Works

The tool uses a two-tier approach for fetching package information:

  1. Primary Method: Direct Packagist API calls (https://packagist.org/packages/{package}.json)
  • Fast and efficient for most use cases
  • Used for: package requirements, versions, abandoned status, maintainer info, alternative package search
  1. Fallback Method: composer show command
  • Automatically used when Packagist API is unavailable or returns incomplete data
  • Respects your project's repository configuration in composer.json
  • Supports mirrors, private repositories, and custom repository setups

Improving Packagist Access

Using Packagist Mirrors

If you're experiencing slow API responses or rate limiting, you can configure a Packagist mirror in your composer.json:

{
  "repositories": [
    {
      "type": "composer",
      "url": "https://mirror.packagist.com",
      "only": ["packagist"]
    }
  ]
}

The fallback method (composer show) will automatically use your configured mirror.

Using Private Repositories

For private packages or internal repositories, simply configure them in your composer.json:

{
  "repositories": [
    {
      "type": "vcs",
      "url": "https://github.com/your-org/private-package"
    }
  ]
}

When the Packagist API doesn't have information about these packages, the tool automatically falls back to composer show, which respects your repository configuration.

Performance Considerations

  • API Rate Limiting: Packagist doesn't enforce strict rate limits, but excessive requests may be throttled. The tool includes proper user-agent headers and reasonable timeouts (5 seconds).

  • Offline Mode: If you're working offline or behind a firewall, the tool will fall back to composer show, which uses Composer's local cache when available.

  • Caching: Composer caches package metadata automatically. Running composer update periodically ensures your cache is fresh, improving fallback performance.

💡 Tip: If you're using a VPN or behind a corporate firewall, configuring a Packagist mirror or ensuring composer show works will provide the best experience.

Requirements

  • PHP >=8.1 <8.6
  • Composer 2.x

Version information

Supported PHP versions follow composer.json (>=8.1 <8.6). Release history is in docs/CHANGELOG.md.

Documentation

Additional documentation

Related Packages

Code Review Guardian

Looking for a complete code review solution? We highly recommend Code Review Guardian - a provider-agnostic code review guardian that works perfectly with Composer Update Helper:

  • Provider-agnostic: Works with GitHub, GitLab, Bitbucket, and any Git provider
  • Multi-framework support: Automatic framework detection (Symfony, Laravel, etc.)
  • Code quality checks: PHP-CS-Fixer, PHPStan, PHPUnit, Security checks
  • Easy integration: Simple YAML configuration
  • Framework-specific configs: Optimized configurations for each framework

Installation:

composer require --dev nowo-tech/code-review-guardian

Why use both together?

Together with Composer Update Helper, you get a complete development workflow:

  1. Composer Update Helper → Keeps your dependencies up to date
  • Automatically detects outdated packages
  • Generates update commands
  • Respects framework version constraints
  1. Code Review Guardian → Ensures code quality in your pull requests
  • Runs code quality checks automatically
  • Validates code style and standards
  • Prevents merging low-quality code

Perfect combination for maintaining high-quality PHP projects! 🚀

Author

Created by Héctor Franco Aceituno at Nowo.tech

Tests and coverage

  • Tests: PHPUnit (tests/Unit, tests/Integration).
  • PHP: 100% line coverage on src/ (refresh with make test-coverage).
  • TS/JS: N/A
  • Python: N/A

License

The MIT License (MIT). Please see LICENSE for more information.

nowo-tech/composer-update-helper 适用场景与选型建议

nowo-tech/composer-update-helper 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.95k 次下载、GitHub Stars 达 1, 最近一次更新时间为 2025 年 12 月 11 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「symfony」 「php」 「composer」 「codeigniter」 「require」 「update」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 nowo-tech/composer-update-helper 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 nowo-tech/composer-update-helper 我们能提供哪些服务?
定制开发 / 二次开发

基于 nowo-tech/composer-update-helper 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2.95k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 22
  • 依赖项目数: 0
  • 推荐数: 1

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-12-11