FOSSA supports PHP projects that use Composer.
We look for and analyze files named
FOSSA will find any package available on https://packagist.org/
License files will be declared by looking at the
license field in the composer.json file or any other source code related to the package.
If an exact version is not given (i.e. a version range), FOSSA will resolve a dependency to the highest version satisfying the constraint.
Documentation on versioning: Version spec.
.x-dev) are used within a version constraint (not given explicitly), resolving may not work
@dev, @stable, etc.)
requirefor dependencies. dev dependencies will be ignored (
replacewill be ignored)