search

maglnet / ComposerRequireChecker

A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
MIT License
871 stars 70 forks source link

Useless dependencies option #51

Open soullivaneuh opened 6 years ago

soullivaneuh commented 6 years ago

It would be a great addition to be able to list useless dependencies. I mean an required dependency with no symbol usage at all.

Of course, it should be optional and the configuration file should accept packages to ignore.

Some packages could just provide configuration file or whatever not related to PHP directly, but used. This case would be a false positive.

Ocramius commented 6 years ago

This is problematic due to how composer dependencies work, as sometimes you have to require a dependency, and then a third-party package performs a lookup to see if a certain HTTP client or extension is available, then looks for polyfills and so on.

This means that the useless packages would be filled with potentially dangerous false-positives.

mindplay-dk commented 6 years ago

This means that the useless packages would be filled with potentially dangerous false-positives.

That fact makes it perhaps not useful for automation, but yhere could still be an option to request this check on demand - usually the maintainer is going to be able to tell false positives from real ones, so this check could definitely be useful in my opinion.

For example, after a large refactoring, such as splitting off certain members to a separate package - it's often hard to keep track of the dependency changes in that situation.

soullivaneuh commented 6 years ago

This means that the useless packages would be filled with potentially dangerous false-positives.

@mindplay-dk Well explained what I think about that.

This is also why I said the configuration file should accept packages to ignore.

MidnightDesign commented 5 years ago

Duplicate of #14?

bobvandevijver commented 3 years ago

@soullivaneuh Would https://github.com/composer-unused/composer-unused help for your case?

SvenRtbg commented 3 years ago

Would https://github.com/composer-unused/composer-unused help for your case?

I'd recommend that tool, too, even though it is only just starting and has some issues, errors and unresolved edge cases.

I have them both running in an automated job, so using one or two tools is no big deal. And I can imagine that these two tools have way different approaches due to their different nature. Keeping them separate will probably reduce overall complexity. ;)