Features

Base check

composer update-check

Reference

The main feature is about checking whether all root requirements are up to date. This is achieved by internally performing a simple composer update as dry run and evaluating the result.

Using the native Composer command allows to fully respect all Composer configuration. This ensures that the displayed results are as reasonable as possible.

Exclude dev-packages

composer update-check --no-dev

Reference

In case only packages listed in require should be checked, the option --no-dev can be used. It skips all packages listed in require-dev by excluding them from the list of packages internally passed to composer update.

Note that packages are still checked if they are listed in the require section as well. To completely exclude a specific package, the --ignore-packages parameter might be the better choice.

Exclude by name or pattern

Tip

Multiple packages can be excluded at the same time since the -i parameter can be used repeatedly.

composer update-check -i "composer/*"

Reference

Specific packages can be explicitly excluded from the update check. This can be done by either specifying the full package name or using an asterisk as placeholder, e.g. my-vendor/*.

All packages are internally parsed using the native PHP function fnmatch to check whether they should be excluded from the update check.

Security scan

composer update-check --security-scan

Reference

Since version 0.3.0 of the Plugin an additional security scan can be performed to check whether currently required package versions are insecure. This can especially be useful if frameworks are used which are regularly updated.

The security scan is being performed by the help of the Packagist Security Advisories API endpoint.

JSON output

composer update-check --json

Reference

As an alternative output, the update check result can also be printed in JSON format. This might be useful when using the update check as basis for other tools or programs.

If you want to use the update check result for additional reports, you might be interested in the PostUpdateCheckEvent which is being dispatched after each successful update check.