composer-unused: False positives
Hi there,
Awesome idea for a package, however I am getting some false positives. In my case I am have a Laravel project, and the following packages came up as definite false positives:
`* aws/aws-sdk-php ✗
- davejamesmiller/laravel-breadcrumbs ✗
- doctrine/dbal ✗
- jeremykenedy/laravel-phpinfo ✗
- laravel/scout ✗
- laravelcollective/html ✗`
There is one more package which I’m not 100% sure about: league/oauth2-client. I will investigate that one and get back to you.
Not 100% sure why these packages are hitting false positives, but might be to do with Laravel using a few of them internally, and others are being auto-discovered by Laravel, and not being used directly within the main app code.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 26 (16 by maintainers)
👍 done.
Symfony components has several cases where they would have a package relying on optional packages. The component would require these packages explicitly, but would use them if present or if you pass some arguments in a method. So you need to require these 3rd-party packages in your application as well if you want to use a component in a specific way. However, application code would not use them anywhere.
See https://github.com/symfony/symfony/issues/26259 for a specific example.
Feature idea: Cross reference used packages to inform user about required packages which are already installed via other 3rd party requirement. So these packages can be safely removed.
I hit similar false positive results with a Symfony project and it was a bit frightening 😄
That cross check would be great! It would give user trust to remove direct requirements of these packages.
This package is a great idea!