承接 spiriitlabs/composer-update-report 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

spiriitlabs/composer-update-report

Composer 安装命令:

composer require spiriitlabs/composer-update-report

包简介

Composer plugin that generates a Markdown report after each composer update

README 文档

README

A Composer plugin that automatically generates a Markdown report after each composer update, by comparing the current composer.lock with the version recorded in Git.

It is framework-agnostic: updated packages are grouped automatically by their Composer vendor (drupal/*, symfony/*, laravel/*, …), so the report highlights whatever stack your project uses — Drupal, Symfony, Laravel or any other — without any configuration.

Requirements

  • PHP >= 8.1
  • Composer >= 2.0
  • The project must be versioned with Git (the plugin reads composer.lock from HEAD)

Installation

composer require --dev spiriitlabs/composer-update-report

The plugin activates automatically upon installation — no additional configuration is required.

How it works

On each composer update, the plugin:

  1. Reads composer.lock from HEAD (state before the update)
  2. Compares it with the current composer.lock (state after the update)
  3. Groups updated packages by Composer vendor
  4. Generates a composer-update-YYYY-MM-DD.md file at the project root

If no version changes are detected, no file is created.

Same-day updates are merged

If you run several composer update during the same day, the reports are merged into a single composer-update-YYYY-MM-DD.md rather than overwritten or appended.

The first run of the day records the starting state of composer.lock (from Git HEAD) into a per-day baseline file stored inside the repository's git directory (.git/composer-update-report/baseline-YYYY-MM-DD.json). Every subsequent run recomputes the diff against that baseline, so the report always reflects all the updates of the day as one consolidated summary — even if composer.lock was committed between two updates. Because the baseline lives under .git/, it is never tracked and never appears as a stray file in your project — no .gitignore entry is required.

Regenerating a report on demand

Besides the automatic hook, a update-report Composer command regenerates the report from arbitrary git refs — without running composer update. This is handy while a branch is in progress: compare the current composer.lock against the base branch.

# Diff the working composer.lock against the base branch
composer update-report --from=origin/develop

# Diff two arbitrary refs
composer update-report --from=v1.2.0 --to=v1.3.0

Options:

Option Default Description
--from HEAD Git ref for the before state
--to working composer.lock Git ref for the after state
--report-profile extra config (or agnostic) Force a profile (agnostic | drupal) for this run
--output-dir extra config (or project root) Force the output directory for this run

Unlike the automatic hook, this command never reads or writes the day baseline, so it can be run any number of times without interfering with the consolidated same-day report.

Report contents

The report is structured into sections:

Section Contents
Updates (per vendor) One subsection per Composer vendor (drupal, symfony, …), most active first
New packages Packages absent from the previous composer.lock
Removed packages Packages present in the previous composer.lock but now removed

Updated packages are grouped automatically by their vendor prefix (the part before /). Vendors are ordered by the number of updated packages (descending), so the framework that changed the most appears first. Well-known vendors get a curated icon and label (Drupal, Symfony, Laravel, API Platform, Doctrine, Twig, League, PHPUnit, PHPStan); any other vendor falls back to a generic icon and its capitalised name. Packages with no vendor/ prefix are gathered under Autres librairies.

Within a vendor, packages that share the same before/after version are merged into a single line (typical of Symfony components released in lockstep).

Example generated report

# Update summary — 30/04/2026

Based on the `composer.lock` diff, here is a summary of all updated packages.

### 🚀 Major and minor updates

#### 🎵 Symfony

* Updated from `6.4.6` to `6.4.8`:

    * `symfony/console`, `symfony/http-kernel`, `symfony/routing`

#### 🔵 Drupal

* `drupal/core` : `10.2.5``10.3.0`
* `drupal/pathauto` : `1.11.0``1.12.0`

#### 📦 Autres librairies

* `monolog` : `2.9.0``3.0.0`

### ✅ New packages

* `drupal/gin` : `3.0.0`

### ❌ Removed packages

* `drupal/obsolete_module` : `1.0.0`

Configuration

By default the report is generated at the project root. You can change the output directory by adding the following to your composer.json:

{
    "extra": {
        "composer-update-report": {
            "output-dir": "reports/composer"
        }
    }
}

The directory is created automatically if it does not exist. The path is relative to the project root.

Report profile

By default the report uses the agnostic profile described above (grouping by Composer vendor). A dedicated Drupal profile is also available, which keeps the original layout with sections for Drupal Core, Modules Contrib Drupal and Bibliothèques sous-jacentes (Vendor). Select it explicitly with the profile option:

{
    "extra": {
        "composer-update-report": {
            "profile": "drupal"
        }
    }
}

Accepted values are agnostic (default) and drupal. An unknown value prints a warning and falls back to agnostic.

Notes

  • The report includes both require and require-dev packages.
  • Packages sharing the same before/after version (within a vendor) are grouped into a single line for readability.
  • The generated file is not committed automatically; it is intended to be copied into a ticket, a PR, or a tracking tool.
  • If composer.lock does not yet exist in HEAD (first commit, empty repository), the plugin prints a warning and generates nothing.

License

MIT — see LICENSE

spiriitlabs/composer-update-report 适用场景与选型建议

spiriitlabs/composer-update-report 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 314 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 05 月 13 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 spiriitlabs/composer-update-report 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 spiriitlabs/composer-update-report 我们能提供哪些服务?
定制开发 / 二次开发

基于 spiriitlabs/composer-update-report 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 314
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 44
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-05-13