News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Made With Love Blog:
Tilde and caret version constraints in Composer
April 13, 2015 @ 12:56:22

The Made With Love blog has posted a great introduction to version handling in Composer today. They focus in on two characters that can be confusing if you're not exactly sure what they mean - the carat (^) and tilde (~).

A dependency that uses semantic versioning allows you to predict wether it is still going to work or not when you upgrade it to a new version. Basically when the x in a x.y.z version number changes, you might need to do some changes to be able to work with this new version without problems. [...] Depending on your dependency manager you can define version constraints using wildcards (*), comparators like <=, logical operators (, often means AND and | means OR), etc. [...] There are also some syntactic sugar operators like ~ (tilde) and ^ (caret)

They include some examples of both characters in use defining the required install versions, showing how one allows for approximate matches and the version ranges they apply to.

0 comments voice your opinion now!
composer dependency version constraint tilde carat

Link: http://blog.madewithlove.be/post/tilde-and-caret-constraints/

Scotch.io:
A Beginner's Guide To Composer
March 31, 2015 @ 13:48:55

The Scotch.io site has posted a guide that can help you if you're just getting started in the world of PHP packages via Composer. In this new tutorial Daniel Pataki introduces you to the tool and how to use it to install the dependencies you need.

I'm sure there are plenty of coders out there who are wondering about the benefits of using composer and many who are afraid to make the leap into a new system. In this article we'll take a look at what exactly Composer is, what it does and why it is a great tool for PHP projects.

He starts with the basics of dependency management, why it would be used in a project and how it automates the installation and integration of 3rd party libraries. From there he helps you get Composer installed and starts in on a sample "composer.json" configuration file. In his example he installs Monolog, the popular PHP logging class. He talks some about how to specify versions, locking down the dependency versions to install and installing "developer only" requirements.

0 comments voice your opinion now!
composer package dependencies library introduction beginner guide

Link: https://scotch.io/tutorials/a-beginners-guide-to-composer

ServerGrove Blog:
Security tools for PHP projects
March 23, 2015 @ 12:19:13

On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.

Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.

They list four tools that focus on different areas of the security of your application to help provide good basic coverage:

One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.

0 comments voice your opinion now!
security tools list checker advisories roave composer iniscan versionscan

Link: http://blog.servergrove.com/2015/03/23/security-tools-php-projects/

Piotr Pasich:
Ant, composer and code quality tools
March 18, 2015 @ 11:33:47

In his latest post Piotr Pasich shares some handy tips (and tools) to help you use Composer to do some of the common tasks you might use Ant or Phing for.

I decided to start with something uncomplicated - a simple solution that could help me solve a prosaic, but annoying issue. For instance, XML format. No, I won't fight with it. I see it as great and practical, however mostly I don't need so sophisticated code to cover my needs - the yaml usually fits the purpose. [...] Yet, do I really need this flexibility [of XML configuration] when I use vagrant or docker to maintain the same environment as on the production? For 90% of PHP projects probably I won't use all of the features of the virtualization tools. I only want to install necessary libraries, check the code quality before committing or introduce fixtures. Most of those points are easily feasible in composer.

He then shows how to execute these checks through the functionality included with Composer to run custom scripts. His example measures the quality of the code based on the results first from a single run of the PHP Mess Detector (phpmd) command. He then extends this with the open source contribution he mentions earlier with his CodeQualityThreshold library allowing not only for more checks (phpmd, phpcs, phpcpd, etc) but also allows you to configure the thresholds for each class if desired. He includes an example of it in action and screenshots of the results.

0 comments voice your opinion now!
ant composer code quality phpmd commandline library codequalitythreshold threshold

Link: http://piotrpasich.com/ant-composer-and-code-quality-tools/

Alan Storm:
Laravel 5 Autoloader
February 24, 2015 @ 11:51:15

Alan Storm has a new post to his site that takes an in-depth look at Laravel's autoloader and how things have changed with the release of Laravel 5.

Last time we finished up our look at Laravel 4.2's autoloader implementation. Like a lot of features in Laravel, (or any framework), once you pull out the microscope sharp edges begin to jut out everywhere. However, unlike many other framework teams, the Laravel core team is willing to make shifts in their platform and application architecture. If you're familiar with the internals of Laravel 4, looking at the internals of Laravel 3 may be a little disorienting. Similarly, the recent release of Laravel 5 presents some new wrinkles at the system level.

In the post he compares some of the differences based off of things found in a previous look at Laravel 4.2's autoloading system. He lists out the autoloaders initialized during the autoloader phase, four of them, including the use of the PhpParser library and Composer-only autoloading. He also includes a section at the end about some other smaller autoloading changes in the Composer configuration in both the "autoload" and "autoload-dev" sections.

0 comments voice your opinion now!
laravel autoloader laravel4 laravel5 indepth composer phpparser swift

Link: http://alanstorm.com/laravel_5_autoloader

ThePHP.cc:
PHPUnit Migration from PEAR to PHAR
January 14, 2015 @ 13:48:34

On The PHPcc's site today Sebastian Bergmann, the creator of the popular PHPUnit unit testing framework, shows you how to move to using the tool's phar file and away from the previously used PEAR install method.

In April 2014 I announced that I would shut down pear.phpunit.de on December 31, 2014. The motivation behind this move was to simplify the release process of PHPUnit by getting rid of an outdated distribution channel. I was afraid that I would leave users of my software behind by this move. [...] I am relieved that the shutdown of pear.phpunit.de went as smooth as it did. [...] In this article I show you how to make the transition from using PHPUnit from a PEAR package to using PHPUnit from a PHP Archive or using Composer as easy and convenient as possible.

There's three main steps to the migration from PEAR to the Composer-based phar installation:

  • Uninstalling PEAR Packages
  • Using PHPUnit from a PHP Archive (PHAR)
  • Installing PHPUnit with Composer

He includes the commands and configuration files/settings you'll need to make the transition happen. He also mentions that older versions are still available if there's a need but only on GitHub/Packagist as phar packages, not via PEAR.

0 comments voice your opinion now!
phpunit migration pear phar packagist composer tutorial

Link: http://thephp.cc/news/2015/01/phpunit-migration-from-pear-to-phar

Marco Pivetta:
roave/security-advisories Composer against Security Vulnerabilities
December 30, 2014 @ 12:12:40

As Marco Pivetta has mentioned in his latest post to his site, Roave has released a tool for use with Composer that helps prevent vulnerable versions of software from even being installed (based on the data from the security-advisories data from FriendsOfPHP).

Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project.

The tool makes use of a "conflict" metapackage, mentioned in the Composer spec, and fails when the software and version is listed in the FriendsOfPHP information. This integration with Composer means that there's no need to run a separate tool for the checks to be made. It's integrated into the workflow and will dynamically fail without the need for you to update anything.

0 comments voice your opinion now!
roave securityadvisories prevent vulnerable software composer install

Link: http://ocramius.github.io/blog/roave-security-advisories-protect-against-composer-packages-with-security-issues/

Matthieu Napoli:
Test against the lowest Composer dependencies on Travis
December 18, 2014 @ 10:53:58

Recently the "prefer-lowest" option of Composer was mentioned in relation to testing for Symfony-based applications. In this new post to his site Matthieu Napoli shows how you can do it on any project that uses the Travis-CI continuous integration service.

Composer just got a new awesome addition thanks to Nicolas Grekas: prefer the lowest versions of your dependencies. [...] This amazing option will install the lowest versions possible for all your dependencies. What for? Tests of course!

He includes all the instructions you'll need to get your Travis build using this command line option, starting with testing it on your own system first. He shows a basic ".travis.yml" file with the configuration you'll need to provide it use the "prefer-lowest" (check out line 17). He does point out that you'll need to run a "composer self-update" first though, as Travis hasn't quite caught up with the latest Composer that includes this option.

0 comments voice your opinion now!
test lowest dependency version composer travisci tutorial

Link: http://mnapoli.fr/test-lowest-dependencies/

Reddit.com:
Composer files being indexed by Google
December 10, 2014 @ 11:36:55

In an interesting thread on the /r/php subreddit on Reddit.com, a user noticed that Google is indexing Composer files that are in the document root of PHP applications. These files, like "composer.json" and "composer.lock" can provide detailed information about which packages and libraries are in use in the application (information disclosure).

The problem is that these files are placed in the web root of the application and not in a folder one level up, a recommended practice. The post links to a Google search that shows an example of current sites with the issue.

Another comment in the same post also reminds users not to have things like their ".git" files in the document root either as they can provide valuable information to would be attackers about your application's code. Things can be done to prevent direct access to these files in the web server configuration but it's far better to restructure the application to have them in a parent directory of the actual web root.

0 comments voice your opinion now!
composer files composerlock composerjson index google search engine security

Link: http://www.reddit.com/r/PHP/comments/2ourf7/composer_files_being_indexed_by_google/

Jordi Boggiano:
Composer 1.0 alpha9
December 09, 2014 @ 13:22:10

In this new post to his site Jordi Boggiano talks about the tagging of the 1.0 alpha9 release of Composer and some of the updates that will be coming along with the release.

I tagged Composer's 1.0.0-alpha9 release yesterday and wanted to write down a more detailed update on the highlights of this release. It includes many changes as the last tag was almost one year old. You can also check the full changelog if you want more details.

The updates (so far) include:

  • Requiring packages from CLI just got easier
  • Installing dependencies on the wrong environment is now possible
  • You now get warnings when installing abandoned packages
  • Custom composer commands via scripts
  • Autoloading tests and related files
  • Performance improvements

He also includes a brief note of thanks to all of those that have contributed to the project and for the support from Toran Proxy customers to help pay for the time he spends working on the tool.

0 comments voice your opinion now!
composer v1alpha9 features improvements list toranproxy

Link: http://seld.be/notes/composer-1-0-alpha9


Community Events

Don't see your event here?
Let us know!


podcast api introduction language php7 library voicesoftheelephpant version opinion interview unittest release extension community laravel install xdebug framework series example

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework