Recently, I wanted to get a list of direct dependencies in our PHP source code that are outdated. final result
The initial thought was running dependabot, while it opens a pr
for each minor upgrades, I thought it would be cool to see how I can do the same.
Initially, I found the composer command for the same, we can run:
composer outdated --direct -f json
To get a list of outdated packages in a nice format π
The next thought was to put it behind a service or have it on a server, which brought me to the next hurdle.
I do not want to install the packages or have post-install commands run in a server that I won't be using for anything else.π€·π»ββοΈ
π€ How do we get a list of outdated packages without installing the packages, and do we even need composer for this?
After some thought, I decided to use composer.json
and composer.lock
to get some info and find an API for package information from the packagist.π€π»
The API is more of a URL with json extensionπ€«. For example, to get package details for monolog/monolog
you can just append .json
at the end of the URL. The URLs in packagist are pretty well formatted so for a package like monolog/monolog
the URL becomes: https://packagist.org/packages/monolog/monolog.json
Now, equipped with constraints, current version and package information, it was time to write a script.π€
Step 1: Parsing the files
I used json
library available in python to get the data out of those files.
Step 2: Reading metadata from packagist
I used the repo subdomain, but direct url works as well.
Step 3: Working with semantic versions π―
This was the trickiest part because we need to handle different cases and there were some packages which referenced to git commitπ. But after some try-catch and playing around with semantic-version
library I was able to get the parsing handled. Once done with parsing, comparing versions and preparing the final result was a breeze.π₯³
Note: I had to switch to class NpmSpec
instead of SimpleSpec
to better handle the versions. This library uses the semantic version defined by npm-semver
While the script is just a starting point, it was quite fun to write and maybe I'll expand it to make it object oriented add test cases along with other bells and whistles π
Hope you enjoyed reading it, and it provided you nice tools πͺπ» to use when dealing with semantic versioning in your code. Let me know in comments if I should have explained the process differently.
Make sure you follow, clap, throw some unicorns at me and share this post with your friends, family, neighbours and everyone you meet on road. π