Composer Rules

Enforce composer.json best practices — required fields, version constraint conventions, autoloading configuration, platform requirements, and sort order for clean PHP dependency management.

Enforce composer.lock management rules — commit for applications, ignore for libraries, use install in CI, and update workflow for controlled dependency upgrades.

Enforce security standards for PHP Composer projects — mandatory audit in CI, no dev dependencies in production, package verification, and vulnerability response procedures.