spiriitlabs/composer-update-report
Composer 安装命令:
composer require spiriitlabs/composer-update-report
包简介
Composer plugin that generates a Markdown report after each composer update
README 文档
README
A Composer plugin that automatically generates a Markdown report after each composer update, by comparing the current composer.lock with the version recorded in Git.
It is framework-agnostic: updated packages are grouped automatically by their Composer vendor (drupal/*, symfony/*, laravel/*, …), so the report highlights whatever stack your project uses — Drupal, Symfony, Laravel or any other — without any configuration.
Requirements
- PHP >= 8.1
- Composer >= 2.0
- The project must be versioned with Git (the plugin reads
composer.lockfromHEAD)
Installation
composer require --dev spiriitlabs/composer-update-report
The plugin activates automatically upon installation — no additional configuration is required.
How it works
On each composer update, the plugin:
- Reads
composer.lockfromHEAD(state before the update) - Compares it with the current
composer.lock(state after the update) - Groups updated packages by Composer vendor
- Generates a
composer-update-YYYY-MM-DD.mdfile at the project root
If no version changes are detected, no file is created.
Same-day updates are merged
If you run several composer update during the same day, the reports are merged into a single composer-update-YYYY-MM-DD.md rather than overwritten or appended.
The first run of the day records the starting state of composer.lock (from Git HEAD) into a per-day baseline file stored inside the repository's git directory (.git/composer-update-report/baseline-YYYY-MM-DD.json). Every subsequent run recomputes the diff against that baseline, so the report always reflects all the updates of the day as one consolidated summary — even if composer.lock was committed between two updates. Because the baseline lives under .git/, it is never tracked and never appears as a stray file in your project — no .gitignore entry is required.
Regenerating a report on demand
Besides the automatic hook, a update-report Composer command regenerates the report
from arbitrary git refs — without running composer update. This is handy while a
branch is in progress: compare the current composer.lock against the base branch.
# Diff the working composer.lock against the base branch composer update-report --from=origin/develop # Diff two arbitrary refs composer update-report --from=v1.2.0 --to=v1.3.0
Options:
| Option | Default | Description |
|---|---|---|
--from |
HEAD |
Git ref for the before state |
--to |
working composer.lock |
Git ref for the after state |
--report-profile |
extra config (or agnostic) |
Force a profile (agnostic | drupal) for this run |
--output-dir |
extra config (or project root) |
Force the output directory for this run |
Unlike the automatic hook, this command never reads or writes the day baseline, so it can be run any number of times without interfering with the consolidated same-day report.
Report contents
The report is structured into sections:
| Section | Contents |
|---|---|
| Updates (per vendor) | One subsection per Composer vendor (drupal, symfony, …), most active first |
| New packages | Packages absent from the previous composer.lock |
| Removed packages | Packages present in the previous composer.lock but now removed |
Updated packages are grouped automatically by their vendor prefix (the part before /). Vendors are ordered by the number of updated packages (descending), so the framework that changed the most appears first. Well-known vendors get a curated icon and label (Drupal, Symfony, Laravel, API Platform, Doctrine, Twig, League, PHPUnit, PHPStan); any other vendor falls back to a generic icon and its capitalised name. Packages with no vendor/ prefix are gathered under Autres librairies.
Within a vendor, packages that share the same before/after version are merged into a single line (typical of Symfony components released in lockstep).
Example generated report
# Update summary — 30/04/2026 Based on the `composer.lock` diff, here is a summary of all updated packages. ### 🚀 Major and minor updates #### 🎵 Symfony * Updated from `6.4.6` to `6.4.8`: * `symfony/console`, `symfony/http-kernel`, `symfony/routing` #### 🔵 Drupal * `drupal/core` : `10.2.5` ➝ `10.3.0` * `drupal/pathauto` : `1.11.0` ➝ `1.12.0` #### 📦 Autres librairies * `monolog` : `2.9.0` ➝ `3.0.0` ### ✅ New packages * `drupal/gin` : `3.0.0` ### ❌ Removed packages * `drupal/obsolete_module` : `1.0.0`
Configuration
By default the report is generated at the project root. You can change the output directory by adding the following to your composer.json:
{
"extra": {
"composer-update-report": {
"output-dir": "reports/composer"
}
}
}
The directory is created automatically if it does not exist. The path is relative to the project root.
Report profile
By default the report uses the agnostic profile described above (grouping by Composer vendor). A dedicated Drupal profile is also available, which keeps the original layout with sections for Drupal Core, Modules Contrib Drupal and Bibliothèques sous-jacentes (Vendor). Select it explicitly with the profile option:
{
"extra": {
"composer-update-report": {
"profile": "drupal"
}
}
}
Accepted values are agnostic (default) and drupal. An unknown value prints a warning and falls back to agnostic.
Notes
- The report includes both
requireandrequire-devpackages. - Packages sharing the same before/after version (within a vendor) are grouped into a single line for readability.
- The generated file is not committed automatically; it is intended to be copied into a ticket, a PR, or a tracking tool.
- If
composer.lockdoes not yet exist inHEAD(first commit, empty repository), the plugin prints a warning and generates nothing.
License
MIT — see LICENSE
spiriitlabs/composer-update-report 适用场景与选型建议
spiriitlabs/composer-update-report 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 314 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 05 月 13 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 spiriitlabs/composer-update-report 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 spiriitlabs/composer-update-report 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 314
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 44
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-05-13