_A lightweight CLI tool to efficiently manage Composer & NPM dependencies in a project._
Managing dependencies across both Composer (PHP) and NPM (JavaScript) can be tedious. depkit simplifies the process by providing a single command to:
- π¦ Install dependencies for both Composer and NPM
- π Audit and check for outdated dependencies
- π Ensure best practices by running necessary package checks
- π Customizable config file (
depkit.json) - β‘ Works seamlessly with WordPress, PHP, and Node.js projects
- π οΈ Ideal for automation in CI/CD, Lando, and local development workflows
- π Installs production or development dependencies
- π οΈ Runs security audits to identify vulnerabilities
- π Checks for outdated packages
- β‘ Lightweight and fast
Before executing any commands, depkit checks for the existence of composer.json and package.json in your project root:
- If
composer.jsonis found, it runs Composer commands. Otherwise, it skips Composer execution. - If
package.jsonis found, it runs NPM commands. Otherwise, it skips NPM execution. - If neither file is found,
depkitexits with an error, as there are no dependencies to manage.
This ensures that depkit only executes relevant commands based on your project structure.
npm install -g @sp-packages/depkitThis allows you to use depkit globally in your terminal.
npm install @sp-packages/depkit --save-devThen, run it via:
npx depkitRun dependency installation and checks for both Composer and NPM:
depkit$ depkit -h
Usage: depkit [options]
A lightweight CLI tool to efficiently manage Composer & NPM dependencies in a project.
Options:
-V, --version output the version number
--skip-composer Skip processing Composer dependencies
--skip-npm Skip processing NPM dependencies
--production Install only production dependencies (exclude dev dependencies)
-c, --config <config> Path to the configuration file (default: depkit.json)
-q, --quiet Disable output
-v, --verbose Enable verbose logging
-h, --help display help for command-
Skip Composer execution:
depkit --skip-composer
-
Skip NPM execution:
depkit --skip-npm
-
Skip both (not recommended):
depkit --skip-composer --skip-npm
To install only production dependencies (skip devDependencies):
depkit --productionThis runs:
composer install --no-devnpm install --omit=dev
Running the depkit command will allow you to automatically create the depkit.json file. Alternatively, you can manually create a depkit.json or .depkit.json in your project root or a custom configuration file and pass it using the -c or --config parameter:
{
"TOOLS": {
"COMPOSER_VERSION": {
"title": "Checking Composer version",
"command": "info",
"type": "composer",
"behavior": "error",
"priority": 1,
"args": ["--version"]
},
"COMPOSER_AUDIT": {
"title": "Auditing PHP Dependencies",
"command": "audit",
"type": "composer",
"behavior": "error",
"priority": 2
},
"NPM_VERSION": {
"title": "Checking NPM version",
"prefix": "npm",
"command": "info",
"args": ["--version"],
"type": "npm",
"behavior": "error",
"priority": 3
},
"DEPCHECK": {
"title": "Depcheck NPM Packages",
"prefix": "npx",
"command": "depcheck",
"type": "npm",
"behavior": "warn",
"requires": "depcheck",
"priority": 4
},
"NPM_OUTDATED": {
"title": "Outdated NPM Packages",
"command": "outdated",
"type": "npm",
"behavior": "warn",
"priority": 5
}
}
}If no --config option is provided, depkit will look for depkit.json or .depkit.json in the project root by default.
By default, depkit executes predefined commands for Composer and NPM, ensuring dependencies are properly managed.
| Command | Description |
|---|---|
composer -V |
Checks the installed Composer version |
composer install |
Installs Composer dependencies |
composer install --no-dev |
Installs Composer dependencies without dev dependencies (when --production is used) |
composer audit |
Checks for known security vulnerabilities in dependencies |
composer outdated |
Lists outdated Composer dependencies |
| Command | Description |
|---|---|
npm -v |
Checks the installed NPM version |
npm install |
Installs NPM dependencies |
npm install --omit=dev |
Installs only production dependencies (when --production is used) |
npm audit --omit=dev |
Runs an NPM security audit |
npm outdated |
Lists outdated NPM dependencies |
By running these commands, depkit provides a clear picture of your project's dependencies:
- π Composer & NPM Version Checks β Ensure the correct versions are installed.
- π Security Audits β Identify vulnerabilities in your dependencies.
- π Outdated Package Reports β Know when dependencies need updates.
- π Seamless Installation β Manage dependencies across multiple environments.
This helps maintain a secure, up-to-date, and stable project setup! π
β [SUCCESS] No security vulnerability advisories found.β [SUCCESS] Checking Composer version: Passed
β [SUCCESS] Installing PHP Dependencies: Passed
β [SUCCESS] Auditing PHP Dependencies: Passed
β [SUCCESS] Outdated PHP Dependencies: Passed
β [SUCCESS] Checking NPM version: Passed
β [SUCCESS] Installing NPM Packages: Passed
β [WARNING] Depcheck NPM Packages: Issues found
β [SUCCESS] Outdated NPM Packages: Passed
β [SUCCESS] Auditing NPM Packages: Passed- WordPress & PHP Projects β Handle Composer and NPM dependencies in one go
- Node.js Projects β Keep dependencies up to date with ease
- CI/CD Automation β Ensure dependencies are installed before builds
- Lando & Local Dev Environments β Automate dependency setup
If you're using Lando, you can automatically run depkit after lando start:
services:
appserver:
run_as_root:
- depkitRun depkit in GitHub Actions, GitLab CI/CD, or other automation scripts:
jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Install Dependencies
run: npm ci
- name: Install DepKit
run: npm install -g @sp-packages/depkit
- name: Run DepKit
run: depkitContributions are welcome! Please open an issue or submit a pull request on GitHub.
This project is licensed under the MIT License. See the LICENSE file for details.