plan2net/typo3-update-check
Composer 安装命令:
composer require plan2net/typo3-update-check
包简介
A Composer plugin that checks for TYPO3 updates and provides detailed information about breaking changes and security updates
README 文档
README
A Composer plugin that intercepts TYPO3 core updates and displays breaking changes and security updates before proceeding.
Purpose
Breaking changes and security fixes are easy to overlook when updating TYPO3. This plugin brings that information directly to your terminal the moment you run composer update, highlighting breaking changes (⚠️) and security updates (⚡) so you can make an informed decision before proceeding.
Installation
composer require --dev plan2net/typo3-update-check
composer config allow-plugins.plan2net/typo3-update-check true
Note
Composer 2.2+ requires plugins to be explicitly trusted. The second command adds the necessary entry to your composer.json. When running composer require interactively, Composer will prompt you to allow the plugin — answering yes has the same effect.
Warning
Install this plugin as a development dependency only. It is only useful during development when running composer update; production deployments typically use composer install with locked versions. If you choose to install it in production environments, you do so at your own risk.
How it works
The plugin automatically activates during composer update and:
- Detects TYPO3 core updates — Monitors when
typo3/cms-coreis being updated - Fetches release information — Retrieves data from the TYPO3 API for all versions between current and target
- Matches security advisories — Determines fixed vulnerabilities per release from the Packagist security-advisories API (the same data source as composer audit), including CVE numbers and severity levels (critical, high, medium, low)
- Displays important changes — Shows each affected version's breaking changes and security updates, followed by a one-line digest (releases scanned, security updates with severity totals, breaking changes)
- Warns about skipped security fixes — If the target lands below newer security releases, it lists them so you can raise your constraint
- Requests confirmation — Prompts before proceeding when breaking changes or security updates are found
In non-interactive environments (CI/CD), the plugin displays information but proceeds automatically. If the TYPO3 API is temporarily unavailable, the update continues without interruption.
Major version upgrades
Cross-major updates (e.g. 12.4 → 13.4) are fully supported. Since a major upgrade path contains hundreds of breaking changes, the report switches to a condensed format:
- A banner announces the upgrade with links to the official upgrade guide and the changelog of every crossed major
- Breaking changes appear as a per-release count (e.g.
13.0.0: ⚠️ 207 breaking changes) instead of a full list — security updates keep their complete detail (CVEs, severities, bulletins) - Updates within a major line keep the detailed format as before
- A major upgrade always asks for confirmation in interactive shells, even when release information could not be fetched
- Jumping more than one major at once (e.g. 12 → 14) prints an additional warning, since TYPO3 officially supports upgrading one major version at a time
Example output
A regular update within a major version:
A major version upgrade — the report condenses breaking changes to a count and leads with an upgrade banner:
Manual check
You can check for breaking changes and security updates between any two versions without running an actual update:
composer typo3:check-updates 13.4.10 13.4.12
Both arguments are optional. With no arguments it uses your installed typo3/cms-core version and the latest release in that line; with only the first it defaults the target to the latest:
composer typo3:check-updates # installed version → latest release composer typo3:check-updates 13.4.10 # 13.4.10 → latest release composer typo3:check-updates 12.4.10 13.4.5 # across major versions
Note
Defaults always stay within the installed major line — a cross-major check happens only when you pass the target explicitly. For an unknown cross-major target, the command offers the latest release of the requested major's line.
When a version is auto-detected or defaulted, the command asks for confirmation before checking. If you pass a target that doesn't exist, it offers the latest instead; an unknown current version (or missing versions in a non-interactive shell) is rejected with a hint.
Disabling the check
Set the environment variable TYPO3_UPDATE_CHECK=0 to skip the check, for a single run or permanently in environments where it is not wanted:
TYPO3_UPDATE_CHECK=0 composer update
The values 0, false, off, and no (case-insensitive) are recognized. The manual typo3:check-updates command is not affected.
API availability
The plugin tolerates transient TYPO3 API issues automatically:
- Transient errors: connection failures and HTTP 5xx responses are retried by Composer's own HTTP transport where it supports that (Composer ≥ 2.3 with ext-curl). On older Composer versions or the PHP-streams fallback, requests get a single attempt.
- Rate limiting: HTTP 429 responses are retried by the plugin itself —
up to two retries with exponential backoff (1 s, 2 s), honoring the
server's
Retry-Afterheader capped at 5 s. - No retry on deterministic errors: HTTP 4xx responses other than 429 are treated as final and reported immediately.
- Per-version reporting: when only some versions fail to fetch,
the others are still shown. Each failure is categorized — network
error, server error, not found, or malformed response — and the
plugin suggests retrying with
composer typo3:check-updatesfor the skipped versions. - Fail-soft: if every request fails, the plugin reports the dominant failure category and lets the update proceed so your development workflow is never blocked.
Downloads run through Composer's HTTP layer, so its parallelism setting
(COMPOSER_MAX_PARALLEL_HTTP, default 12) applies.
Caching
API responses are cached to improve performance and reduce load on TYPO3 servers:
- Location — Composer's global cache directory (
~/.cache/composeron Linux/macOS,%LOCALAPPDATA%\Composeron Windows) - Release lists — 1 hour
- Release content — Permanent (content never changes)
- Security advisories — 1 hour
The cache is shared across all TYPO3 projects on the same machine.
Requirements
- PHP 8.1+
- Composer 2.0+
- No third-party runtime dependencies (uses Composer's own HTTP layer)
License
GPL-2.0+
plan2net/typo3-update-check 适用场景与选型建议
plan2net/typo3-update-check 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 6.49k 次下载、GitHub Stars 达 20, 最近一次更新时间为 2025 年 01 月 14 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「typo3」 「updates」 「composer-plugin」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 plan2net/typo3-update-check 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 plan2net/typo3-update-check 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 plan2net/typo3-update-check 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Toolset to help with the day by day maintenance work.
EDD Updates Handler for WordPress Plugins
The WordPress plugin and theme update checker for https://kernl.us
Set Links with a specific language parameter
Provide a way to secure accesses to all routes of an symfony application.
Symfony3 Bundle to send html- & txt-emails (notification about events on your web-app or newsletters etc. scheduled/aggregated) to your users.
统计信息
- 总下载量: 6.49k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 20
- 点击次数: 17
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-2.0-or-later
- 更新时间: 2025-01-14


