Production-Dependencies-Guard
A Composer plugin that prevents development packages from being added to production dependencies.
Overview
production-dependencies-guard is a Composer plugin that safeguards production environments by preventing development-only packages from being added to the require section. It helps avoid accidental deployment of debug toolbars and other dev tools, improving application security by ensuring only production-ready dependencies are used.
Key Features
- Dev Package Detection — Identifies packages typically used only in development and blocks their addition to production dependencies.
- License Validation — Configurable license checking to ensure packages meet licensing requirements.
- Abandoned Package Detection — Flags packages that are no longer maintained.
- Description Analysis — Scans package descriptions and keywords for terms like "debug" to catch custom dev packages.
- Deep Dependency Analysis — Optionally analyzes composer.lock for deeper inspection of dependency trees.
- White-listing — Allows specific packages to be exempted from guard checks.
Philosophy
The tool operates on the principle that development dependencies have no security guarantees for production use and should be strictly separated to maintain environment integrity and security.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
