Best Composer MCP Servers
Composer is a dependency manager for PHP that allows you to declare the libraries your project depends on and manages them for you.
Why this server?
Identifies PHP projects and extracts namespaces, classes, interfaces, and routes from Laravel or Symfony frameworks for structural analysis.
AlicenseAqualityAmaintenanceStructural graph map of any codebase. Scans entities, relationships, and feature flows across 13 languages so LLMs navigate by structure instead of reading everything.Last updated16136MITWhy this server?
Scans composer.json files to automatically detect and integrate PHP project stack details into the FAF context.
AlicenseAqualityAmaintenancePersistent project context for Google Gemini. 12 MCP tools for .faf Project DNA — auto-detect your stack, validate, score, and sync across CLAUDE.md, GEMINI.md, and AGENTS.md. Python/FastMCP. IANA-registered format (application/vnd.faf+yaml). 183 tests. One file, every AI platform.Last updated122MITWhy this server?
Allows running Composer commands like install and update within RollDev project environments to manage PHP dependencies.
AlicenseAqualityCmaintenanceAn MCP server for RollDev and Magento 2 development environments that enables LLMs to manage project environments, execute SQL queries, and run PHP or Magento CLI commands. It supports automated project initialization, Composer integration, and system service control directly through natural language.Last updated109MITWhy this server?
Scans composer.lock files to detect known vulnerabilities in PHP dependencies and recommend fix versions.
AlicenseAqualityAmaintenanceAn MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.Last updated9MITWhy this server?
Enables Composer to install packages from private repositories over SSH by loading the correct SSH keys into the agent and diagnosing authentication failures.
AlicenseAqualityAmaintenanceEnables secure remote command execution and file operations over SSH/SFTP with automatic authentication resolution. Features built-in diagnostics that identify connection issues—such as stale host keys, unloaded agents, or permission errors—and provide specific commands to fix them.Last updated211374MITWhy this server?
Analyzes composer.json and composer.lock files to extract project metadata and identify known vulnerabilities (CVEs) in project dependencies.
AlicenseAqualityDmaintenanceA security audit server for Laravel projects that performs static code analysis, dependency CVE checks, and configuration audits. It enables developers to detect vulnerabilities like SQL injection and XSS while providing active attack simulations directly within MCP-compatible IDEs.Last updated82AGPL 3.0Why this server?
Provides dependency auditing for Composer projects by analyzing composer.lock files to identify known vulnerabilities.
AlicenseAqualityBmaintenanceProvides verified dependency-audit verdicts for AI agents, checking installed versions against OSV advisories and splitting direct vs transitive dependencies.Last updated3MITWhy this server?
Detects Composer package manager usage in PHP projects by analyzing composer.json files and dependencies.
Why this server?
Allows executing Composer commands within the DDEV web service container for dependency management.
AlicenseAqualityCmaintenanceEnables AI assistants to interact with DDEV local development environments by querying databases, managing project states, and executing container commands. It provides comprehensive control over local services with a security-first approach using whitelisted operations.Last updated5233GPL 2.0