News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ThePHP.cc:
PHPUnit Migration from PEAR to PHAR
January 14, 2015 @ 13:48:34

On The PHPcc's site today Sebastian Bergmann, the creator of the popular PHPUnit unit testing framework, shows you how to move to using the tool's phar file and away from the previously used PEAR install method.

In April 2014 I announced that I would shut down pear.phpunit.de on December 31, 2014. The motivation behind this move was to simplify the release process of PHPUnit by getting rid of an outdated distribution channel. I was afraid that I would leave users of my software behind by this move. [...] I am relieved that the shutdown of pear.phpunit.de went as smooth as it did. [...] In this article I show you how to make the transition from using PHPUnit from a PEAR package to using PHPUnit from a PHP Archive or using Composer as easy and convenient as possible.

There's three main steps to the migration from PEAR to the Composer-based phar installation:

  • Uninstalling PEAR Packages
  • Using PHPUnit from a PHP Archive (PHAR)
  • Installing PHPUnit with Composer

He includes the commands and configuration files/settings you'll need to make the transition happen. He also mentions that older versions are still available if there's a need but only on GitHub/Packagist as phar packages, not via PEAR.

0 comments voice your opinion now!
phpunit migration pear phar packagist composer tutorial

Link: http://thephp.cc/news/2015/01/phpunit-migration-from-pear-to-phar

Marco Pivetta:
roave/security-advisories Composer against Security Vulnerabilities
December 30, 2014 @ 12:12:40

As Marco Pivetta has mentioned in his latest post to his site, Roave has released a tool for use with Composer that helps prevent vulnerable versions of software from even being installed (based on the data from the security-advisories data from FriendsOfPHP).

Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project.

The tool makes use of a "conflict" metapackage, mentioned in the Composer spec, and fails when the software and version is listed in the FriendsOfPHP information. This integration with Composer means that there's no need to run a separate tool for the checks to be made. It's integrated into the workflow and will dynamically fail without the need for you to update anything.

0 comments voice your opinion now!
roave securityadvisories prevent vulnerable software composer install

Link: http://ocramius.github.io/blog/roave-security-advisories-protect-against-composer-packages-with-security-issues/

Matthieu Napoli:
Test against the lowest Composer dependencies on Travis
December 18, 2014 @ 10:53:58

Recently the "prefer-lowest" option of Composer was mentioned in relation to testing for Symfony-based applications. In this new post to his site Matthieu Napoli shows how you can do it on any project that uses the Travis-CI continuous integration service.

Composer just got a new awesome addition thanks to Nicolas Grekas: prefer the lowest versions of your dependencies. [...] This amazing option will install the lowest versions possible for all your dependencies. What for? Tests of course!

He includes all the instructions you'll need to get your Travis build using this command line option, starting with testing it on your own system first. He shows a basic ".travis.yml" file with the configuration you'll need to provide it use the "prefer-lowest" (check out line 17). He does point out that you'll need to run a "composer self-update" first though, as Travis hasn't quite caught up with the latest Composer that includes this option.

0 comments voice your opinion now!
test lowest dependency version composer travisci tutorial

Link: http://mnapoli.fr/test-lowest-dependencies/

Reddit.com:
Composer files being indexed by Google
December 10, 2014 @ 11:36:55

In an interesting thread on the /r/php subreddit on Reddit.com, a user noticed that Google is indexing Composer files that are in the document root of PHP applications. These files, like "composer.json" and "composer.lock" can provide detailed information about which packages and libraries are in use in the application (information disclosure).

The problem is that these files are placed in the web root of the application and not in a folder one level up, a recommended practice. The post links to a Google search that shows an example of current sites with the issue.

Another comment in the same post also reminds users not to have things like their ".git" files in the document root either as they can provide valuable information to would be attackers about your application's code. Things can be done to prevent direct access to these files in the web server configuration but it's far better to restructure the application to have them in a parent directory of the actual web root.

0 comments voice your opinion now!
composer files composerlock composerjson index google search engine security

Link: http://www.reddit.com/r/PHP/comments/2ourf7/composer_files_being_indexed_by_google/

Jordi Boggiano:
Composer 1.0 alpha9
December 09, 2014 @ 13:22:10

In this new post to his site Jordi Boggiano talks about the tagging of the 1.0 alpha9 release of Composer and some of the updates that will be coming along with the release.

I tagged Composer's 1.0.0-alpha9 release yesterday and wanted to write down a more detailed update on the highlights of this release. It includes many changes as the last tag was almost one year old. You can also check the full changelog if you want more details.

The updates (so far) include:

  • Requiring packages from CLI just got easier
  • Installing dependencies on the wrong environment is now possible
  • You now get warnings when installing abandoned packages
  • Custom composer commands via scripts
  • Autoloading tests and related files
  • Performance improvements

He also includes a brief note of thanks to all of those that have contributed to the project and for the support from Toran Proxy customers to help pay for the time he spends working on the tool.

0 comments voice your opinion now!
composer v1alpha9 features improvements list toranproxy

Link: http://seld.be/notes/composer-1-0-alpha9

AirPair.com:
Best Practices for Modern PHP Development
December 05, 2014 @ 09:50:22

On the AirPair site today they've posted an article from developer Brian Fenton covering several things he sees as the best practices for modern PHP development, a listing of several tool, practices and suggestions to improve your skills as a PHP developer and bring them to the next level.

He breaks it down into five main sections (each with their own subsections):

  • Setup and configuration
  • Use Composer
  • Follow good design principles
  • Object calisthenics
  • Unit testing

Some of the points made under each of these sections include suggestions about using sensible defaults, installing and using Composer, the SOLID design principles and unit testing tools. Check out the full post for more great suggestions and techniques to improve your skills.

0 comments voice your opinion now!
bestpractices modern development tips list composer objectcalisthenics unittest

Link: https://www.airpair.com/php/posts/best-practices-for-modern-php-development

Bernhard Schussek:
Puli Powerful Resource Management for PHP
December 04, 2014 @ 11:53:22

Bernhard Schussek has announced a tool for handling resources in a more Composer-inspired way: Puli. Puli is described as a tool that "manages files, directories and other resources in a filesystem-like repository".

Unfortunately, sharing your work gets a lot harder when you leave PHP code and enter the land of configuration files, images, CSS files, translation catalogs - in short, any file that is not PHP. For brevity, I'll call these files resources here. Using resources located in Composer packages is quite tedious: You need to know exactly where the package is installed and where the resource is located in the package. That's a lot of juggling with absolute and relative file system paths and prone to error.

[...] One and a half years ago I talked about this problem with PHP-FIG. I wrote a blog post about The Power of Uniform Resource Location in PHP. Many people joined the discussion. The understanding of the problem and its solution got riper as we spoke. Today, I am glad to present to you the first (and probably last) alpha version of Puli, a framework-agnostic resource manager for PHP.

He walks through the basics of the tool - how it manages the various resources, what the configuration looks like and how it can directly be integrated with Composer. He also points to a Twig extension that allows for Puli integration via paths in your templates. There's also a Symfony bridge that lets you use it in your YAML configuration files.

0 comments voice your opinion now!
resource management puli tool composer twig symfony integration

Link: http://webmozarts.com/2014/12/03/puli-powerful-resource-management-for-php/

Anthony Ferrara:
What About Garbage?
December 03, 2014 @ 13:33:44

In his latest post Anthony Ferrara looks at a recent change in the Composer dependency management tool involving a major speed boost, just from disabling the garbage collection.

If you've been following the news, you'll have noticed that yesterday Composer got a bit of a speed boost. And by "bit of a speed boost", we're talking between 50% and 90% speed increase depending on the complexity of the dependencies. But how did the fix work? And should you make the same sort of change to your projects? For those of you who want the TL/DR answer: the answer is no you shouldn't.

He talks about what the actual (one line) change was that sped things up but goes on to talk about why doing this isn't necessarily a good thing. He covers how PHP handles variables internally, how it relates to "pointers" and the copy-on-write functionality. He includes code snippets and gives an overview of how each would be handled by the interpreter. Unfortunately, the way PHP handles things, deleting a variable only removes variable reference, not the value, but does decrement the reference count for it. When that hits 0, garbage collection kicks in and removes associated values too.

He talks about a few other kinds of garbage collection (the reference count method is just one of them) and circles back around to how this relates to Composer's functionality. He points out the number of objects created during the dependency resolution process and what can happen when the root buffer, populated with all of these objects, gets too full (hint: garbage collection). He finishes the post talking about how, in Composer's case, the garbage collection change yielded the performance impact it did, but doesn't suggest it for every project. He also makes a few suggestions as to things that could be done to improve PHP's garbage collection handling.

0 comments voice your opinion now!
garbage collection handling composer disable detail

Link: http://blog.ircmaxell.com/2014/12/what-about-garbage.html

VG Tech Blog:
Using Local Packages as Composer Dependencies
November 25, 2014 @ 09:16:45

On the VG Tech blog this latest post shows you how to use local packages as dependencies in your Composer-enabled applications.

Composer changed pretty much everything when it comes to including dependencies in PHP projects. No more SVN externals or copying large library folders into your project. This is really great, but there's one thing I've been struggling to find a smooth process for; developing dependencies for your project. When implementing your project, the need for some module, library, service provider or something else will arise, and sometimes you'll have to implement it yourself. So, how to do that?

He starts with a list of three suggestions (including actually having the code in the project or mirroring the package) but suggests the last of the three: using a repository with a relative file system setup. He uses the "repositories" configuration option in the Composer config to define a "vcs" type and gives it a path to the package contents. He ends the post with the resulting output of the Composer install command, showing the package pulled in and being able to commit to it just like any other repo.

0 comments voice your opinion now!
local package composer dependencies tutorial repository

Link: http://tech.vg.no/2014/11/25/using-local-packages-as-composer-dependencies/

SitePoint PHP Blog:
Private Composer Packages with Gemfury
November 12, 2014 @ 10:05:32

The SitePoint PHP blog has a new post today introducing you to an alternative for hosting your own PHP packages privately using the Gemfury service. Gemfury is a hosted (PaaS) tool that lets you host packages (and not just Composer/PHP ones) without the need to have them public on Packagist.

Composer works effectively and seamlessly in conjunction with Packagist, a comprehensive repository of public packages. However, sooner or later the time will come when you've written your own package which, for whatever reason, cannot be open-sourced and shared freely via Packagist. There are a few options for hosting these private packages [like adding them manually, Satis or Toran Proxy]. [...] Gemfury is a PaaS alternative. Aside from the peace-of-mind that comes from a hosted solution - albeit one which comes at a price - one huge advantage is that it supports not just PHP Composer packages, but Ruby Gems, Node.js npm, Python PyPi, APT, Yum and Nu-Get.

He spends the rest of the article walking you through the creation of an account (with the 14-day free trial) and how to create a new package that will be pushed to the service. He adds one dependency (Faker) and a bit of code for the push. He shows how to add the git remote for the Genfury service, tag a release and deploy the result out to the service. He updates this by showing how to take that same repository and making it private, requiring a "secret code" to be able to access. He ends the post with a quick mention of other methods to work with the Genfury service including their own command line tool, fury.

0 comments voice your opinion now!
composer package private gemfury tutorial paas hosted

Link: http://www.sitepoint.com/private-composer-packages-gemfury/


Community Events





Don't see your event here?
Let us know!


composer version voicesoftheelephpant configure series framework interview language release list community api podcast unittest symfony opinion introduction conference threedevsandamaybe laravel

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework