A lot of nice stuff is happening in the PHP ecosystem right now. In this case I’m not talking about the PHP 5.5 RC3 that was released lately, since that will take a bit more time to be released, let alone be available for the world to use. I’m talking about the Symfony 2.3 release, which I’ve been looking forward to. Partially because it’s the first LTS*, but also because it continues to split Symfony up into individual components.
After the stopwatch and the property access components in Symfony 2.2, we now get the new debug and intl components. These might not be the most exiting components in the world, but it’s a sign of a bigger trend in the PHP ecosystem: releasing individual components. This has been going once for the past two years, since Symfony 2.0 was initially released.
So slowly there are more and more components emerging. Partially this is because PSR-1 and PSR-2 have brought use a shared coding style. Partially this might be because individual components are easier to understand. Mostly this is about composer though.
Composer: Changing the PHP ecosystem
Composer is a dependency manager for PHP. There are a couple of benefits in using it:
- Autoloading. This might seem like a basic thing, but it’s very relaxed to not have to think about it any more.
- Lightweight. Only include the components you actually want.
- Mix and match. In the past you’d pick one framework, and then hope it had the components you wanted. Now you can pick the best individual components for the job.
- Security awareness. If you use composer, you can check your dependencies for known security issues.
- Visibility. All your dependencies are stored inside your vendor/ directory.
- Control. Manage your dependencies yourself.
- Dependency awareness. Knowing which components depend on what gives understanding. Just show a graph of your current dependencies using clue/graph-composer. The graph below displays the dependencies of the symfony/translation component.
When using composer, there are two questions that come up a lot
- Has this problem been solved before?
- Could this be a library?
And both of those lead to a lot more code reuse, which is good.
Every story has two sides, so that probably applies here as well. Developers tend to like the new and shiny, but lets look at the story from two sides.
- You might run into the Composer API limit at GitHub.
- What if GitHub is down? What if packagist is down?
- Packagist funding.
- Managing dependencies can take time.
- Conflicts on your composer.lock can be annoying.
For me the balance is very positive. With over 6 million package installs last month, it seems a lot of other people agree. The real question might even be
When will Composer be an integral path of the official PHP release?
* Long Term Support (LTS) means it will be supported until the end of May 2016. Yes, that is a whopping three year period of security patches!