Last week, I warned about not explicitly installing dependencies if you don't need to. The key phrase there is "if you don't need to".
For example, if Laravel depends on a CommonMark package to create Markdown mail, but my code only references the Laravel
Mailable class, there is no reason to install
league/commonmark in my project's
On the other hand, let's say I reference some of the CommonMark classes in my code to customize how Markdown code snippets are rendered. Now, I should definitely install it in my project directly. Why? A future Laravel upgrade could bump the package to a new major version or maybe remove it altogether. By installing it directly in the project, conflicts like this are blocked by Composer.
Run it against your project, and it will flag any classes your code depends on that aren't directly installed in your project. It even flags code that depends on a PHP extension if it isn't explicitly required in