News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthieu Napoli:
Test against the lowest Composer dependencies on Travis
December 18, 2014 @ 10:53:58

Recently the "prefer-lowest" option of Composer was mentioned in relation to testing for Symfony-based applications. In this new post to his site Matthieu Napoli shows how you can do it on any project that uses the Travis-CI continuous integration service.

Composer just got a new awesome addition thanks to Nicolas Grekas: prefer the lowest versions of your dependencies. [...] This amazing option will install the lowest versions possible for all your dependencies. What for? Tests of course!

He includes all the instructions you'll need to get your Travis build using this command line option, starting with testing it on your own system first. He shows a basic ".travis.yml" file with the configuration you'll need to provide it use the "prefer-lowest" (check out line 17). He does point out that you'll need to run a "composer self-update" first though, as Travis hasn't quite caught up with the latest Composer that includes this option.

0 comments voice your opinion now!
test lowest dependency version composer travisci tutorial

Link: http://mnapoli.fr/test-lowest-dependencies/

Reddit.com:
Composer files being indexed by Google
December 10, 2014 @ 11:36:55

In an interesting thread on the /r/php subreddit on Reddit.com, a user noticed that Google is indexing Composer files that are in the document root of PHP applications. These files, like "composer.json" and "composer.lock" can provide detailed information about which packages and libraries are in use in the application (information disclosure).

The problem is that these files are placed in the web root of the application and not in a folder one level up, a recommended practice. The post links to a Google search that shows an example of current sites with the issue.

Another comment in the same post also reminds users not to have things like their ".git" files in the document root either as they can provide valuable information to would be attackers about your application's code. Things can be done to prevent direct access to these files in the web server configuration but it's far better to restructure the application to have them in a parent directory of the actual web root.

0 comments voice your opinion now!
composer files composerlock composerjson index google search engine security

Link: http://www.reddit.com/r/PHP/comments/2ourf7/composer_files_being_indexed_by_google/

Jordi Boggiano:
Composer 1.0 alpha9
December 09, 2014 @ 13:22:10

In this new post to his site Jordi Boggiano talks about the tagging of the 1.0 alpha9 release of Composer and some of the updates that will be coming along with the release.

I tagged Composer's 1.0.0-alpha9 release yesterday and wanted to write down a more detailed update on the highlights of this release. It includes many changes as the last tag was almost one year old. You can also check the full changelog if you want more details.

The updates (so far) include:

  • Requiring packages from CLI just got easier
  • Installing dependencies on the wrong environment is now possible
  • You now get warnings when installing abandoned packages
  • Custom composer commands via scripts
  • Autoloading tests and related files
  • Performance improvements

He also includes a brief note of thanks to all of those that have contributed to the project and for the support from Toran Proxy customers to help pay for the time he spends working on the tool.

0 comments voice your opinion now!
composer v1alpha9 features improvements list toranproxy

Link: http://seld.be/notes/composer-1-0-alpha9

AirPair.com:
Best Practices for Modern PHP Development
December 05, 2014 @ 09:50:22

On the AirPair site today they've posted an article from developer Brian Fenton covering several things he sees as the best practices for modern PHP development, a listing of several tool, practices and suggestions to improve your skills as a PHP developer and bring them to the next level.

He breaks it down into five main sections (each with their own subsections):

  • Setup and configuration
  • Use Composer
  • Follow good design principles
  • Object calisthenics
  • Unit testing

Some of the points made under each of these sections include suggestions about using sensible defaults, installing and using Composer, the SOLID design principles and unit testing tools. Check out the full post for more great suggestions and techniques to improve your skills.

0 comments voice your opinion now!
bestpractices modern development tips list composer objectcalisthenics unittest

Link: https://www.airpair.com/php/posts/best-practices-for-modern-php-development

Bernhard Schussek:
Puli Powerful Resource Management for PHP
December 04, 2014 @ 11:53:22

Bernhard Schussek has announced a tool for handling resources in a more Composer-inspired way: Puli. Puli is described as a tool that "manages files, directories and other resources in a filesystem-like repository".

Unfortunately, sharing your work gets a lot harder when you leave PHP code and enter the land of configuration files, images, CSS files, translation catalogs - in short, any file that is not PHP. For brevity, I'll call these files resources here. Using resources located in Composer packages is quite tedious: You need to know exactly where the package is installed and where the resource is located in the package. That's a lot of juggling with absolute and relative file system paths and prone to error.

[...] One and a half years ago I talked about this problem with PHP-FIG. I wrote a blog post about The Power of Uniform Resource Location in PHP. Many people joined the discussion. The understanding of the problem and its solution got riper as we spoke. Today, I am glad to present to you the first (and probably last) alpha version of Puli, a framework-agnostic resource manager for PHP.

He walks through the basics of the tool - how it manages the various resources, what the configuration looks like and how it can directly be integrated with Composer. He also points to a Twig extension that allows for Puli integration via paths in your templates. There's also a Symfony bridge that lets you use it in your YAML configuration files.

0 comments voice your opinion now!
resource management puli tool composer twig symfony integration

Link: http://webmozarts.com/2014/12/03/puli-powerful-resource-management-for-php/

Anthony Ferrara:
What About Garbage?
December 03, 2014 @ 13:33:44

In his latest post Anthony Ferrara looks at a recent change in the Composer dependency management tool involving a major speed boost, just from disabling the garbage collection.

If you've been following the news, you'll have noticed that yesterday Composer got a bit of a speed boost. And by "bit of a speed boost", we're talking between 50% and 90% speed increase depending on the complexity of the dependencies. But how did the fix work? And should you make the same sort of change to your projects? For those of you who want the TL/DR answer: the answer is no you shouldn't.

He talks about what the actual (one line) change was that sped things up but goes on to talk about why doing this isn't necessarily a good thing. He covers how PHP handles variables internally, how it relates to "pointers" and the copy-on-write functionality. He includes code snippets and gives an overview of how each would be handled by the interpreter. Unfortunately, the way PHP handles things, deleting a variable only removes variable reference, not the value, but does decrement the reference count for it. When that hits 0, garbage collection kicks in and removes associated values too.

He talks about a few other kinds of garbage collection (the reference count method is just one of them) and circles back around to how this relates to Composer's functionality. He points out the number of objects created during the dependency resolution process and what can happen when the root buffer, populated with all of these objects, gets too full (hint: garbage collection). He finishes the post talking about how, in Composer's case, the garbage collection change yielded the performance impact it did, but doesn't suggest it for every project. He also makes a few suggestions as to things that could be done to improve PHP's garbage collection handling.

0 comments voice your opinion now!
garbage collection handling composer disable detail

Link: http://blog.ircmaxell.com/2014/12/what-about-garbage.html

VG Tech Blog:
Using Local Packages as Composer Dependencies
November 25, 2014 @ 09:16:45

On the VG Tech blog this latest post shows you how to use local packages as dependencies in your Composer-enabled applications.

Composer changed pretty much everything when it comes to including dependencies in PHP projects. No more SVN externals or copying large library folders into your project. This is really great, but there's one thing I've been struggling to find a smooth process for; developing dependencies for your project. When implementing your project, the need for some module, library, service provider or something else will arise, and sometimes you'll have to implement it yourself. So, how to do that?

He starts with a list of three suggestions (including actually having the code in the project or mirroring the package) but suggests the last of the three: using a repository with a relative file system setup. He uses the "repositories" configuration option in the Composer config to define a "vcs" type and gives it a path to the package contents. He ends the post with the resulting output of the Composer install command, showing the package pulled in and being able to commit to it just like any other repo.

0 comments voice your opinion now!
local package composer dependencies tutorial repository

Link: http://tech.vg.no/2014/11/25/using-local-packages-as-composer-dependencies/

SitePoint PHP Blog:
Private Composer Packages with Gemfury
November 12, 2014 @ 10:05:32

The SitePoint PHP blog has a new post today introducing you to an alternative for hosting your own PHP packages privately using the Gemfury service. Gemfury is a hosted (PaaS) tool that lets you host packages (and not just Composer/PHP ones) without the need to have them public on Packagist.

Composer works effectively and seamlessly in conjunction with Packagist, a comprehensive repository of public packages. However, sooner or later the time will come when you've written your own package which, for whatever reason, cannot be open-sourced and shared freely via Packagist. There are a few options for hosting these private packages [like adding them manually, Satis or Toran Proxy]. [...] Gemfury is a PaaS alternative. Aside from the peace-of-mind that comes from a hosted solution - albeit one which comes at a price - one huge advantage is that it supports not just PHP Composer packages, but Ruby Gems, Node.js npm, Python PyPi, APT, Yum and Nu-Get.

He spends the rest of the article walking you through the creation of an account (with the 14-day free trial) and how to create a new package that will be pushed to the service. He adds one dependency (Faker) and a bit of code for the push. He shows how to add the git remote for the Genfury service, tag a release and deploy the result out to the service. He updates this by showing how to take that same repository and making it private, requiring a "secret code" to be able to access. He ends the post with a quick mention of other methods to work with the Genfury service including their own command line tool, fury.

0 comments voice your opinion now!
composer package private gemfury tutorial paas hosted

Link: http://www.sitepoint.com/private-composer-packages-gemfury/

Peter Petermann:
Building better project skeletons with Composer
November 06, 2014 @ 11:26:54

Peter Petermann has (re)posted an article he wrote about building better project skeletons with Composer and automate the process to make your life easier.

The more you use modern frameworks and the more modular you build your PHP applications, the more likely you'll use a skeleton (or template) for creating new projects. In fact, most of the better known frameworks provide skeletons for you to bootstrap your application with. Those skeletons are great to get started, but it's very likely you'll have your own stack of composer packages that you integrate in each project after a while. Each skeleton will be slightly different, so you'll likely fork your own. This article is meant to provide you with an understanding on how to build a skeleton that will allow you to automate things as far as possible.

He starts with some of the basics, both in the terminology that will be used in the article and a little bit about projects in Composer. He shows how the Zend Framework 2 project makes uses of a built-in "composer.phar" file to make bootstrapping easier but soon asks how it could be improved. The answer comes in the form of Composer's own "create-project" functionality (with a few additions, like cleanup scripts run after the fact). He then gets into building his own custom skeleton that includes a custom post-create-project cleanup script, templates for static files (README, CHANGELOG, etc) and a basic "composer.json" configuration for the end result.

0 comments voice your opinion now!
tutorial custom project skeleton composer application

Link: http://devedge.wordpress.com/2014/11/05/building-better-project-skeletons-with-composer-2/

Phil Sturgeon:
Composer It's ALMOST Always About the Lock File
November 05, 2014 @ 11:44:49

In his latest post Phil Sturgeon talks about a point that's been argued on both sides of the Composer users out there - whether or not to commit the "composer.lock" file. Phil talks some about it in his article and suggests that you should commit it for applications but not for components.

If you and your employees are a little vague with your composer.json specifications and you don't have a composer.lock then you can end up on different versions between you. Theoretically, if component developers are using SemVer and you're being careful then you should be fine, but keeping your lock in version control will make sure that the same version is on your dev teams computers. This will happen every time you run $ composer install. If you are on Heroku or EngineYard then this will be used for the deployment of your production components as a built in hook, which is awesome.

He mentions an article from Davey Shafik, this being his reaction to it. He suggests, though, that an absolute of "always commit for components" may be too much and could potentially cause other problems. He points out that since the "composer.lock" handling is local to the directory, you can hit up against version requirement issues between them in your application as a whole. He wonders "how strict is too strict" when defining dependencies and some things to think about (like your users) when making the choice to upgrade the libraries you use.

0 comments voice your opinion now!
composer composerlock file commit version semanticversioning semver component application

Link: https://philsturgeon.uk/blog/2014/11/composer-its-almost-always-about-the-lock-file


Community Events





Don't see your event here?
Let us know!


opinion artisanfiles voicesoftheelephpant symfony interview introduction library series laravel framework list release podcast language composer tool community version security conference

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework