Stay in control of dependencies

You need to know where a package is used across your applications, whether it's an internal library you're upgrading, a framework you're migrating, or a package affected by a security advisory.

We scan all composer.lock files in your applications to identify every application that requires the package. Just add all applications as packages to your organization.

You see a complete list showing which version each application uses, whether it's affected by security advisories, if it's a direct or transitive dependency, and whether it's required for development only.

Plan upgrades and migrations with confidence

Rolling out version 2.0 of your internal authentication library? You can see every application that depends on it and which versions they're currently using. No need to ask around or manually check repositories — you have a complete view of what needs to be updated.

Preparing for the next PHP release? Identify which applications are still on older framework versions that aren't compatible with the new PHP release. Prioritize upgrades based on which applications need attention before the deadline.

When a security advisory is published for a package, Private Packagist security monitoring already notifies you which of your applications are affected. Package usage tracking helps your engineering team's coordinate the response, rather than spending hours investigating your exposure.

See critical details at a glance

For every application using a package, Package Usage Tracking shows you:

• Version in use – quickly spot applications on outdated versions
• Security advisory status – automatic flags when known vulnerabilities affect that version
• Direct or transitive – understand if it's an explicit requirement or pulled in by another dependency
• Dev dependencies – see if the application uses the package only for development

Have ideas about additional information that would be useful for you? Do let us know!