Packagist Composer Package Intelligence Monitor avatar

Packagist Composer Package Intelligence Monitor

Pricing

from $0.02 / 1,000 result extracteds

Go to Apify Store
Packagist Composer Package Intelligence Monitor

Packagist Composer Package Intelligence Monitor

Monitor Composer package releases, dependency changes, licenses, maintainers, and repository metadata from public Packagist data.

Pricing

from $0.02 / 1,000 result extracteds

Rating

0.0

(0)

Developer

Stas Persiianenko

Stas Persiianenko

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

4 days ago

Last modified

Categories

Share

Monitor public Composer package metadata from Packagist.

Track releases, dependency maps, maintainers, licenses, and repository links for exact vendor/package names.

What does it do?

This actor fetches public package metadata from Packagist's P2 registry endpoint.

It produces one structured intelligence record per Composer package.

Use it to capture the latest release and a configurable release history.

Who is it for?

PHP vendor teams can monitor dependencies used by their applications.

Agencies can review package ecosystems before maintaining client projects.

Supply-chain analysts can export package metadata for scheduled review.

Engineering teams can retain a lightweight release inventory without downloading archives.

Why use this actor?

Packagist is the canonical public registry for Composer packages.

The actor uses an HTTP JSON endpoint rather than a browser workflow.

That makes runs fast, low-cost, and appropriate for recurring monitoring.

Data you receive

FieldMeaning
packageNameExact Composer vendor/package name
latestVersionMost recent Packagist version record
latestReleasedAtRelease timestamp when available
licenseDeclared package licenses
repositoryUrlSource repository URL
latestRequireRuntime dependency map
latestRequireDevDevelopment dependency map
versionHistoryRecent package release records

Quick start

  1. Enter one or more exact Composer package names.

  2. Choose the release history depth.

  3. Start the actor.

  4. Export the default dataset as JSON, CSV, Excel, or via the API.

Input

packageNames accepts exact names such as laravel/framework.

You can send up to 100 names in one run.

Names that do not match Composer's vendor/package format are skipped.

Release history depth

Set maxVersions from 1 to 100.

The default keeps the 20 newest records per package.

Use a low value for quick release checks.

Use a larger value for an audit-ready historical export.

Dependency maps

Enable includeDependencies to retain require and require-dev maps.

Dependency counts are always included for quick filtering.

Disable the maps when compact output is more useful than full detail.

Output

Each dataset item is one package intelligence record.

Nested versionHistory entries include release time, version, licenses, and dependency counts.

The actor does not emit a separate row for every version.

This keeps package-level monitoring exports easy to filter and schedule.

How much does it cost to monitor Packagist Composer packages?

A small start event is charged once per run.

A result event is charged for each package record produced.

Tiered per-result discounts are applied by your Apify plan.

See the actor's Pricing tab for current per-result rates.

Scheduled monitoring

Schedule this actor daily or weekly for package portfolios.

Export successive datasets to your preferred warehouse or alerting workflow.

Compare latestVersion, latestReleasedAt, dependency counts, and dependency maps between runs.

Example package list

{
"packageNames": ["laravel/framework", "symfony/console"],
"maxVersions": 20,
"includeDependencies": true
}

API usage with Node.js

import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: process.env.APIFY_TOKEN });
const run = await client.actor('automation-lab/packagist-composer-package-intelligence-monitor').call({
packageNames: ['laravel/framework'], maxVersions: 10, includeDependencies: true,
});
console.log(await client.dataset(run.defaultDatasetId).listItems());

API usage with Python

from apify_client import ApifyClient
client = ApifyClient("APIFY_TOKEN")
run = client.actor("automation-lab/packagist-composer-package-intelligence-monitor").call(run_input={"packageNames": ["laravel/framework"]})
print(list(client.dataset(run["defaultDatasetId"]).iterate_items()))

API usage with cURL

curl "https://api.apify.com/v2/acts/automation-lab~packagist-composer-package-intelligence-monitor/runs?token=$APIFY_TOKEN" \
-H 'content-type: application/json' \
-d '{"packageNames":["laravel/framework"]}'

Integrations

Send dataset exports to a spreadsheet for vendor reviews.

Use a webhook after scheduled runs to compare versions in your CI or alerting service.

Feed dependency maps into internal software-bill-of-materials workflows.

Use the Apify API to retrieve only new run datasets in a data pipeline.

MCP

Use this actor through Apify's hosted HTTP MCP transport. The actor-scoped endpoint is:

https://mcp.apify.com?tools=automation-lab/packagist-composer-package-intelligence-monitor

Add it in Claude Code:

claude mcp add --transport http apify-packagist-composer \
"https://mcp.apify.com?tools=automation-lab/packagist-composer-package-intelligence-monitor"

For Claude Desktop, Cursor, or VS Code, add this HTTP MCP configuration:

{
"mcpServers": {
"apify-packagist-composer": {
"type": "http",
"url": "https://mcp.apify.com?tools=automation-lab/packagist-composer-package-intelligence-monitor"
}
}
}

Example prompts:

  • “Monitor laravel/framework and symfony/console, then summarize their latest releases and dependency counts.”
  • “Get the latest five Packagist releases and runtime dependencies for guzzlehttp/guzzle.”
  • “Compare Composer release history and licenses for doctrine/orm and monolog/monolog.”

Tips

Use exact package names copied from Packagist.

Start with two packages to confirm the fields your workflow needs.

Keep maxVersions low for routine release checks.

Retain dependency maps for deeper compatibility or supply-chain reviews.

Error handling

Invalid names and package names not returned by Packagist are skipped.

Other valid packages continue even if one lookup fails.

Check the run log for skipped names and HTTP response details.

Data source and legality

The actor accesses public metadata returned by Packagist.

Respect Packagist's terms, reasonable request rates, and the licenses of packages you review.

Do not use the output to bypass access controls or redistribute archives.

FAQ

Why is a package missing?

Check that the input uses the exact Composer vendor/package name.

Private packages and removed packages are not available from the public P2 endpoint.

Why are dependency maps empty?

The package version may not declare dependencies, or includeDependencies may be disabled.

Does this check security advisories?

No. This actor focuses on public package and release metadata.

Use a dedicated security-advisory workflow for vulnerability assessment.

Explore more automation tools at https://apify.com/automation-lab.

This actor complements release-monitoring and software-supply-chain workflows.

Support

Include the package name and run ID when reporting a problem.

That makes it easier to distinguish invalid names from upstream registry changes.

Limits

A run accepts up to 100 package names and stores up to 100 history entries per package.

No package archives are downloaded.

No GitHub credentials are required.

Changelog

See .actor/CHANGELOG.md for user-visible release notes.

Summary

Packagist Composer Package Intelligence Monitor turns public Composer registry data into a structured, schedule-ready package monitoring dataset.