
I built a static analysis tool that finds require_once statements your Composer autoloader already covers
Working on legacy codebases, I kept running into the same thing: hundreds of
require_once statements that predate Composer, still sitting there years after
autoloading was set up. Deleting them by hand means answering "is this class
actually autoloadable?" for every single line — so nobody does it.
So I wrote depone: https://github.com/lll-lll-lll-lll/require-once-lint
What it does:
- Tokenizes every PHP file and statically evaluates each require_once path
(concatenation, __DIR__, dirname(), define()'d constants)
- Checks the resolved target against your composer.json autoload config
(psr-4, psr-0, classmap, files, autoload-dev)
- Reports what's redundant — and just as importantly, reports what it
*couldn't* resolve and why, so nothing is silently skipped
- `--trace` shows reverse require-paths from entrypoints, for a final sanity
check before you delete anything
PHP 8.4+, MIT licensed, installable via Composer. It deliberately does one
thing only. Would love feedback, especially weird require_once patterns from
real legacy projects that break the evaluator.