False positive on Laravel\Illuminate packages

[darkdarin]

I have this composer.json requires:

"require": {
    "php": ">=8.0",
    "ext-json": "*",
    "doctrine/annotations": "^1.11",
    "illuminate/contracts": "^9.0",
    "illuminate/support": "^9.0",
    "illuminate/http": "^9.0",
    "illuminate/container": "^9.0",
    "illuminate/pipeline": "^9.0",
    "illuminate/console": "^9.0",
    "illuminate/validation": "^9.0",
    "phpdocumentor/reflection-docblock": "^3.0|^4.0|^5.0",
    "phpdocumentor/type-resolver": "^1.5",
    "psr/http-message": "^1.0",
    "psr/simple-cache": "^1.0|^2.0|^3.0",
    "spiral/attributes": "^2.8",
    "symfony/http-foundation": "^6.0",
    "symfony/http-kernel": "^6.0",
    "tochka-developers/array-file-cache": "^1.0|^2.0|^3.0",
    "tochka-developers/jsonrpc-annotations": "^1.3",
    "tochka-developers/jsonrpc-standard": "^1.0"
},
"require-dev": {
    "bensampo/laravel-enum": "^5.0",
    "laravel/pint": "^1.4",
    "mockery/mockery": "^1.0",
    "orchestra/testbench": "^7.1",
    "phpunit/phpunit": "^9.6",
    "roave/security-advisories": "dev-latest",
    "timacdonald/log-fake": "^2.0",
    "vimeo/psalm": "^5.6"
},

I explicitly declared the dependency on illuminate/* packages, because use classes from this packages in my code.
Command result:

+-----------------------------------------------------------+--------------------+
| Unknown Symbol                                            | Guessed Dependency |
+-----------------------------------------------------------+--------------------+
| class_basename                                            |                    |
| Illuminate\Console\Command                                |                    |
| Illuminate\Container\Container                            |                    |
| Illuminate\Contracts\Container\BindingResolutionException |                    |
| Illuminate\Contracts\Debug\ExceptionHandler               |                    |
| Illuminate\Contracts\Support\Arrayable                    |                    |
| Illuminate\Contracts\Support\Jsonable                     |                    |
| Illuminate\Http\Response                                  |                    |
| Illuminate\Pipeline\Pipeline                              |                    |
| Illuminate\Support\Facades\Config                         |                    |
| Illuminate\Support\Facades\Facade                         |                    |
| Illuminate\Support\Facades\Log                            |                    |
| Illuminate\Support\Facades\Request                        |                    |
| Illuminate\Support\Facades\Validator                      |                    |
| Illuminate\Support\Reflector                              |                    |
| Illuminate\Support\ServiceProvider                        |                    |
| Illuminate\Support\Str                                    |                    |
| Illuminate\Validation\Validator                           |                    |
+-----------------------------------------------------------+--------------------+

All this classes provided by declared illuminate/* packages.

If I delete orchestra/testbench package from require-dev section - i have correct result from composer-require-checker (There were no unknown symbols found.)

This happens because package orchestra/testbench require laravel/framework that provides all illuminate/* packages (https://github.com/laravel/framework/blob/9.x/composer.json#L57).
And if I install all dependencies of my package (with flag --no-dev or without it) - composer install package laravel/framework instead of illuminate/* packages, but composer-require-checker as it appears not use replace section of requirement packages

Is there correct way to fix this behaviour?

[Ocramius]

I don't think there's a clean way around replace: clauses, since they generally involve weird hacks anyway.

What I'm wondering about though is why Guessed Dependency is empty: are those classes completely missing from your vendor/ directory, when the framework package is installed? 🤔

[darkdarin]

When framework package installed, those classes presented in vendor directory and correctly registered in composer autoload (autoload_classmap), like this:

'Illuminate\\Console\\Command' => $vendorDir . '/laravel/framework/src/Illuminate/Console/Command.php',

[Ocramius]

I'd say that you should try and investigate why they cannot be located by this tool then 🤔

Somewhere in here, perhaps: https://github.com/maglnet/ComposerRequireChecker/tree/786978774fb5851e7593bbfc934892c2072d9f7d/src/ComposerRequireChecker/DefinedSymbolsLocator

[DanielBadura]

What I'm wondering about though is why Guessed Dependency is empty

Guessed Dependency is empty because we only have the GuessFromLoadedExtensions in place and class_basename is a Laravel function. For the classes to guess the dependencies we have this open PR #346.