PatchPub

Patch any PHP Composer dependency anyway you need

Change any file in any dependency used by Composer.
Manage patches for multiple projects, all in one place.
Get started with your Github Account
Any file any way
Use diff patches, Github Pull Requests, String Replaces, Regex Replaces, or simply replace entire files.
Create once, use multiple times
Assign patches to projects, and manage all current and future patches in one place.
Get notified about errors
If a new version comes out and your patch doesn't work anymore, you get notified immediately.
Getting started

All it takes to start is to add your PatchPub repository to your "composer.json", run "composer update", that's it.

"repositories": [
  {
    "type": "composer",
    "url": "{your-project-url}"
  }
]
"repositories": [
  {
    "type": "composer",
    "url": "https://repo.patchpub.com/{your-project-url}"
  }
]
Get started
Multiple ways to change files

Modify anything the way your project needs.

Validate and check all patches immediately.

Search & Replace (incl. Regex)
Change any string in any file of a dependency.
Search and Replace in files
Use a patch diff
Use an existing patch diff to change files in a dependency.
Apply a diff patch
Validate and check right away
Save your patch confidently, knowing it works with the current version of the dependency.
Preview changes before saving
Even change "composer.json" itself
Modify the "composer.json" of a dependency, which gets reevaluated by Composer during composer install/update.
Preview composer.json changes before saving
Search and Replace in files Apply a diff patch Preview changes before saving Preview composer.json changes before saving
Packed with goodies

PatchPub keeps it simple by default, yet powerful for managing complex changes.

Multiple Projects
Assign a patch to multiple projects at once, patching your entire fleet of projects
Disable/Enable
You don't need to delete a patch or project, you can also simply disable a patch or project.
Select target version
Choose which version should be used for patching, either major versions (1.*) or minor versions (1.2.*)
Stable or dev
You devide wether only stable versions should be used or also dev versions.
Updates right away
As soon as a new version comes out, patches are validated and applied.
Get notified
If something goes wrong during patching, you get notified immediately. Maybe your changes got implemented into the core.
Super simple installation
Simply add the new repository to your "composer.json" and run "composer update". That's it.
Very high Reliability
All files are stored on Cloudflare R2 for high reliability, completely decoupled for this app.
Get started right away
Pricing & Roadmap

What already exists, and what's to come...

Free Community Features
Up to 10 patches
Up to 10 projects
Error notifications via email
Auto apply of patches on new version
All public composer packages available
Get started right away
Planned Pro Features
Use private composer repositories
Invite team members and manage roles
See changelogs of all patches and projects
Private projects and patches which require credentials for each user
Support PatchPub's continued operation
FAQ

PatchPub is designed to work seamlessly with CI/CD pipelines. Since patches are applied directly on the target distribution zip file, way before composer is run, all patched dependencies are fetched like any other dependency by Composer.

This means that your CI/CD pipeline will always use the patched versions of the dependencies, ensuring consistency across environments.

You can easily disable a patch or a whole project of patches without deleting them. This allows you to keep your patches organized and ready to be re-enabled when needed.

Simply toggle the active state of the patch or project in the PatchPub interface, and it will not be applied during the Composer install/update process.

PatchPub does not apply patches from remote sources directly. Instead, it allows you import and review those patches before applying.

Once a patch is imported it won't be automatically imported again (yet, maybe another feature requests?)

Yes, you can create multiple patches for the same dependency, each targeting different versions for different projects. This allows you to manage changes for specific versions of a dependency without affecting others.

PatchPub allows you to modify the "composer.json" file of a dependency. This means you can change the version constraints, add or remove dependencies, and even modify scripts or autoloading configurations. These changes are applied during the Composer install/update process, ensuring that your project uses the modified version of the dependency.

To make sure your changes are applied correctly without corrupting the composer.json file, PatchPub validates the changes before saving them. This validation ensures that the modified composer.json is still a valid and readable JSON file.
Yes, you can create multiple patch configurations for the same file. Each patch config can contain different changes, and you can apply them in sequence. This allows you to manage complex changes effectively.
Sure you can. Each patch will be applied one after the other, allowing you to build up a series of changes to a file or set of files.

If a patch fails to apply automatically on a new version release, you will receive an error notification via email. You can then review the patch and make necessary adjustments to ensure it works with the current version of the dependency.

If you are just creating a patch, you can also validate it immediately to ensure it works with the current version of the dependency.
PatchPub currently supports public repositories. However, I am planning to introduce support for private repositories in the Pro version, allowing you to manage patches for private dependencies as well.

PatchPub works way before any other patching packages kick in, like "vaimo/composer-patches" or "cweagans/composer-patches".

It applies patches directly on the distributed dist file or a dependency version, ensuring that your changes are applied before any other patching tools are executed.

Therefore, it does not conflict with other patching tools, and you can use it alongside them if needed.

PatchPub does not handle circular dependencies directly. However, it allows you to manage patches for each dependency individually.

If you have circular dependencies, you can create patches for each dependency separately and apply them as needed.

Composer will handle the circular dependencies as usual, and PatchPub will apply your patches accordingly.
Dimitri König
Hi, I'm Dimitri

I've been working with third-party components in PHP projects for over 20 years.

When Composer came along in 2013, it was a huge blessing. But it also brought challenges when patching dependencies.

PatchPub was created to patch dependencies in a simple, reliable, and centralized way.

© 2025 Unique-P GmbH @ Switzerland by Dimitri König. All rights reserved.
Bugs & Features