全部技能 分类浏览
← 返回
未分类

Composer Json Validator

Validate and lint PHP Composer composer.json files for structure, dependencies, autoload, and best practices. Use when asked to lint, validate, check, or aud...
验证并检查 PHP Composer composer.json 文件的结构、依赖、自动加载及最佳实践,用于在需要 lint、验证、检查或审计时使用。
charlie-morrison charlie-morrison 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 347
下载
💾 1
安装
1
版本
#latest

概述

Composer JSON Validator

Validate and lint PHP Composer composer.json files for structure, dependencies, autoload configuration, and best practices.

Commands

lint — Run all lint checks

python3 scripts/composer_json_validator.py lint composer.json
python3 scripts/composer_json_validator.py lint composer.json --strict
python3 scripts/composer_json_validator.py lint composer.json --format json
python3 scripts/composer_json_validator.py lint composer.json --format markdown

dependencies — Inspect require/require-dev

python3 scripts/composer_json_validator.py dependencies composer.json
python3 scripts/composer_json_validator.py dependencies composer.json --format json

scripts — Inspect scripts section

python3 scripts/composer_json_validator.py scripts composer.json
python3 scripts/composer_json_validator.py scripts composer.json --format markdown

validate — Full validation (structure + lint + summary)

python3 scripts/composer_json_validator.py validate composer.json
python3 scripts/composer_json_validator.py validate composer.json --strict --format json

Flags

FlagDescription
-------------------
--strictExit code 1 on warnings (CI-friendly)
--format textHuman-readable output (default)
--format jsonMachine-readable JSON
--format markdownMarkdown report

Lint Rules (22 checks)

Structure (5)

  1. Valid JSON syntax
  2. Required fields: name, description, type
  3. Valid package name format (vendor/package)
  4. Valid type value (library, project, metapackage, composer-plugin)
  5. license field present and valid SPDX identifier

Dependencies (6)

  1. No duplicate packages across require and require-dev
  2. Version constraints use valid operators (^, ~, >=, etc.)
  3. No dev-only packages in require (phpunit, mockery, etc.)
  4. No wildcard * versions
  5. PHP version constraint present in require
  6. ext- dependencies are explicit (not )

Autoload (4)

  1. PSR-4 autoload defined
  2. Namespace ends with \\ (PSR-4 convention)
  3. No duplicate namespaces across autoload entries
  4. autoload-dev separate from autoload

Best Practices (7)

  1. scripts section present
  2. No post-install-cmd/post-update-cmd executing arbitrary URLs
  3. config.sort-packages enabled
  4. minimum-stability explicit when not stable
  5. prefer-stable set when minimum-stability is not stable
  6. No hardcoded absolute paths in autoload
  7. All repository URLs use HTTPS

Exit Codes

CodeMeaning
---------------
0No errors (warnings allowed unless --strict)
1Errors found (or warnings in --strict mode)
2Invalid arguments / file not found

Example Output

composer.json lint results
==========================
[ERROR]   name: Package name must match vendor/package format
[WARN]    dependencies: phpunit/phpunit found in require (should be in require-dev)
[WARN]    autoload: config.sort-packages not enabled
[INFO]    scripts: scripts section present

Summary: 1 error(s), 2 warning(s), 1 info

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 11:49 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

dev-programming

CodeConductor.ai

larsonreever
AI驱动平台,提供快速全栈开发、智能体、工作流自动化及低代码AI集成的可扩展产品创建。
★ 72 📥 181,884
dev-programming

Mcporter

steipete
使用 mcporter CLI 直接列出、配置、认证及调用 MCP 服务器/工具(支持 HTTP 或 stdio),涵盖临时服务器、配置编辑及 CLI/类型生成功能。
★ 195 📥 67,668
it-ops-security

Vulnerability Prioritizer

charlie-morrison
在CVSS评分之外,利用EPSS、CISA KEV、资产关键性、可达性分析以及利用成熟度进行漏洞优先级排序
★ 1 📥 502

Skill工具集 © 2026