{"id":13593738,"url":"https://github.com/coenjacobs/mozart","last_synced_at":"2026-02-24T17:10:51.237Z","repository":{"id":18360448,"uuid":"84092826","full_name":"coenjacobs/mozart","owner":"coenjacobs","description":"Developers tool for WordPress plugins: Wraps all your projects dependencies in your own namespace, in order to prevent conflicts with other plugins loading the same dependencies in different versions.","archived":false,"fork":false,"pushed_at":"2026-02-12T22:02:47.000Z","size":706,"stargazers_count":466,"open_issues_count":17,"forks_count":65,"subscribers_count":10,"default_branch":"master","last_synced_at":"2026-02-13T07:03:56.731Z","etag":null,"topics":["autoloader","composer","dependency-management","wordpress"],"latest_commit_sha":null,"homepage":"https://coenjacobs.me/projects/mozart/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/coenjacobs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":["coenjacobs"]}},"created_at":"2017-03-06T16:02:19.000Z","updated_at":"2026-02-12T22:01:41.000Z","dependencies_parsed_at":"2026-02-13T00:01:16.200Z","dependency_job_id":null,"html_url":"https://github.com/coenjacobs/mozart","commit_stats":{"total_commits":259,"total_committers":9,"mean_commits":28.77777777777778,"dds":"0.23166023166023164","last_synced_commit":"fb98a64cac0330b738b84e724de70c8422735b53"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/coenjacobs/mozart","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coenjacobs%2Fmozart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coenjacobs%2Fmozart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coenjacobs%2Fmozart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coenjacobs%2Fmozart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/coenjacobs","download_url":"https://codeload.github.com/coenjacobs/mozart/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coenjacobs%2Fmozart/sbom","scorecard":{"id":298555,"data":{"date":"2025-08-11","repo":{"name":"github.com/coenjacobs/mozart","commit":"fb98a64cac0330b738b84e724de70c8422735b53"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/2 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/docker-latest.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-latest.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.7.1 not signed: https://api.github.com/repos/coenjacobs/mozart/releases/37263048","Warn: release artifact 0.7.0 not signed: https://api.github.com/repos/coenjacobs/mozart/releases/37199193","Warn: release artifact 0.7.1 does not have provenance: https://api.github.com/repos/coenjacobs/mozart/releases/37263048","Warn: release artifact 0.7.0 does not have provenance: https://api.github.com/repos/coenjacobs/mozart/releases/37199193"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'release-0.7'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-latest.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/docker-latest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-latest.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/docker-latest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-latest.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/docker-latest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-latest.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/docker-latest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/coenjacobs/mozart/release.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating composer:2.7.7 to composer:2.7.7@sha256:2088445f2bcaea6fe72cefcdd9ef0cb75139ee103459cc0d1dad496e19847d2c","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:4","Warn: containerImage not pinned by hash: Dockerfile:17","Warn: containerImage not pinned by hash: Dockerfile:21","Warn: downloadThenRun not pinned by hash: .github/workflows/release.yml:30","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  15 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T20:08:10.249Z","repository_id":18360448,"created_at":"2025-08-17T20:08:10.249Z","updated_at":"2025-08-17T20:08:10.249Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29458159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T21:29:27.764Z","status":"ssl_error","status_checked_at":"2026-02-14T21:28:11.111Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["autoloader","composer","dependency-management","wordpress"],"created_at":"2024-08-01T16:01:23.855Z","updated_at":"2026-02-18T15:02:54.381Z","avatar_url":"https://github.com/coenjacobs.png","language":"PHP","funding_links":["https://github.com/sponsors/coenjacobs"],"categories":["PHP"],"sub_categories":[],"readme":"# Mozart [![Latest Stable Version](https://poser.pugx.org/coenjacobs/mozart/v/stable.svg)](https://packagist.org/packages/coenjacobs/mozart) [![License](https://poser.pugx.org/coenjacobs/mozart/license.svg)](https://packagist.org/packages/coenjacobs/mozart) [![Total Downloads](https://poser.pugx.org/coenjacobs/mozart/downloads)](//packagist.org/packages/coenjacobs/mozart) [![Docker Image Pulls](https://img.shields.io/docker/pulls/coenjacobs/mozart.svg)](https://hub.docker.com/r/coenjacobs/mozart)\nComposes all dependencies as a package inside a WordPress plugin. Load packages through Composer and have them wrapped inside your own namespace. Gone are the days when plugins could load conflicting versions of the same package, resulting in hard to reproduce bugs.\n\nThis package requires PHP 8.1 or higher in order to run the tool. You can use the resulting files as a bundle, requiring any PHP version you like, even PHP 5.2.\n\n## How it works\n\nMozart takes your Composer dependencies, copies them into your plugin, and rewrites their namespaces and class names so they can't conflict with other plugins loading the same packages.\n\nFor namespaced packages, Mozart prefixes the namespace and updates all references:\n\n```diff\n-namespace Pimple;\n+namespace CoenJacobs\\TestProject\\Dependencies\\Pimple;\n\n-use Psr\\Container\\ContainerInterface;\n+use CoenJacobs\\TestProject\\Dependencies\\Psr\\Container\\ContainerInterface;\n\n class Container implements ContainerInterface\n```\n\nFor packages using global-scope classes, Mozart adds a prefix to class names:\n\n```diff\n-class Container {\n+class CJTP_Container {\n     // ...\n }\n\n-$container = new Container();\n+$container = new CJTP_Container();\n```\n\nThis happens across the full dependency tree — namespace declarations, `use` statements, type hints, string references in `class_exists()` calls, and more. The result is a self-contained copy of your dependencies that won't collide with any other plugin's versions.\n\n## Installation\n\nMozart brings its own dependencies to the table and that potentially introduces its own problems (yes, I realise how meta that is, for a package like this). That's why installing Mozart in isolation, either through the Docker container, the available PHAR file or installing Mozart as a global dependency with Composer is preferred. In all cases, the [configuration](#configuration) still needs to be placed in the `composer.json` file of the project itself.\n\n```\ndocker run --rm -it -v ${PWD}:/project/ coenjacobs/mozart /mozart/bin/mozart compose\n```\n\nSee [docs/installation.md](docs/installation.md) for all installation methods (Docker, PHAR, Composer).\n\n## Configuration\nMozart requires little configuration. All you need to do is tell it where the bundled dependencies are going to be stored and what namespace they should be put inside. This configuration needs to be done in the `extra` property of your `composer.json` file:\n\n```json\n\"extra\": {\n    \"mozart\": {\n        \"dep_namespace\": \"CoenJacobs\\\\TestProject\\\\Dependencies\\\\\",\n        \"dep_directory\": \"/src/Dependencies/\",\n        \"classmap_directory\": \"/classes/dependencies/\",\n        \"classmap_prefix\": \"CJTP_\",\n        \"packages\": [\n            \"pimple/pimple\"\n        ],\n        \"excluded_packages\": [\n            \"psr/container\"\n        ],\n        \"override_autoload\": {\n            \"google/apiclient\": {\n                \"classmap\": [\n                    \"src/\"\n                ]\n            }\n        },\n        \"delete_vendor_directories\": true\n    }\n},\n```\n\nThe following configuration values are required:\n\n- `dep_namespace` defines the root namespace that each package will be put in. Example: Should the package we're loading be using the `Pimple` namespace, then the package will be put inside the `CoenJacobs\\\\TestProject\\\\Dependencies\\\\Pimple` namespace, when using the configuration example above.\n- `dep_directory` defines the directory the files of the package will be stored in. Note that the directory needs to correspond to the namespace being used in your autoloader and the namespace defined for the bundled packages. Best results are achieved when your projects are using the [PSR-4 autoloader specification](http://www.php-fig.org/psr/psr-4/).\n- `classmap_directory` defines the directory files that are being autoloaded through a classmap, will be stored in. Note that this directory needs to be autoloaded by a classmap in your projects autoloader.\n- `classmap_prefix` defines the prefix that will be applied to all classes inside the classmap of the package you bundle. Say a class named `Pimple` and the defined prefix of `CJTP_` will result in the class name `CJTP_Pimple`.\n\nSee [docs/configuration.md](docs/configuration.md) for optional configuration, the full dependency tree caveat, and autoloader setup.\n\n## Further reading\n\n| Document | Description |\n|---|---|\n| [docs/installation.md](docs/installation.md) | All installation methods: Docker, PHAR, Composer |\n| [docs/configuration.md](docs/configuration.md) | Full configuration reference: required and optional options |\n| [docs/usage.md](docs/usage.md) | Automating Mozart with Composer scripts, configuring your project's autoloader |\n| [docs/docker.md](docs/docker.md) | Docker registries, tag strategy, multi-architecture support |\n| [docs/background.md](docs/background.md) | Why Mozart was created and how it compares to PHP-Scoper |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoenjacobs%2Fmozart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoenjacobs%2Fmozart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoenjacobs%2Fmozart/lists"}