Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Snyk.io:
The State of Open Source Security Report 2019
Feb 27, 2019 @ 22:09:28

On the Snyk.io site they've announced the release of their State of Open Source Security Report for 2019. In this report they talk about packages and managers outside of the PHP ecosystem, but there's also plenty in there about general Open Source security, regardless of the technology used.

We’ve seen big technology players doubling-down on open source in 2018. In every registry we reviewed, we saw an increasing rate of open source libraries being indexed in every language ecosystem. This is to be expected, but the rate of growth may come as a surprise to many.

[...] In 2017 the CVE list reported more than 14,000 vulnerabilities, breaking the record for the most CVEs reported in a single year. 2018 continued the record-breaking streak with over 16,000 vulnerabilities reported.

We can see how open source package growth translates into user adoption when looking at the download numbers for various packages in different ecosystems.

They specifically cover packages in the Node.js, Python and Java worlds but the same principles apply to PHP and Composer packages too. There's a few other related posts that go into more detail on the vulnerability increases, the desire for Open Source developers to be security-minded and other topics. You can get all of the information in one place, though: the PDF version of the report.

tagged: opensource security stateofsecurity report 2019 snyk

Link: https://snyk.io/opensourcesecurity-2019/

Community News:
Hacktoberfest 2018
Oct 04, 2018 @ 15:52:52

With the coming of October, what's become an annual event has started back up to encourage contributions to Open Source projects: Hacktoberfest. This is a joint venture between Digital Ocean, GitHub, and Twilio. If you make the contributions, you'll receive a special limited edition Hacktoberfest t-shirt

[Here's the rules:] To get a shirt, you must make five pull requests (PRs) between October 1–31 in any timezone. PRs can be to any public repo on GitHub, not just the ones highlighted. The PR must contain commits you made yourself. PRs reported by maintainers as spam or that are automated will be marked as invalid and won't count towards the shirt. This year, the first 50,000 of you can earn a T-shirt (compared with 30,000 in 2017).

The guiding principles of the event are to encourage everyone to contribute (make them feel welcome) and to shoot for quality, not quantity. If you're not sure where to start, check out the main page for the event near the bottom of the page for a listing of projects with open Hacktoberfest issues.

tagged: hacktoberfest18 october opensource contribution

Link: https://hacktoberfest.digitalocean.com/

Tomas Votruba:
5 Advices I Would Love to Get Before Starting to Maintain an Open Source
Sep 13, 2018 @ 14:48:23

In a new post to his site Tomas Votruba has shared a list of five things that he, as an open source package maintainer, had heard before getting started.

I wasn't always confident while making public every single line of PHP code I write. I had to take many blind paths, spend a night full of stress coding in unknown waters and make a lot of over-complicated code that backfired to me months later.

They say "experience cannot be passed and it must be experienced" and I agree with that, but still there are some shortcuts that would speed-up my path to joyful open-source coding I have today. Here are 5 of them.

He then shares his suggestions, each with a brief summary explaining what it means and how you can apply it:

  1. Be Open to Change any Package
  2. Don't Keep Every feature You Have
  3. Lock to LTS, Maintained Dependencies and green PHP
  4. All You Need to Maintain is 1 Repository
  5. Don't Take Advise as Granted, Experiment for Yourself

He includes some of his own backstory in several of the posts about his own development work and how he found out some of these "the hard way".

tagged: opensource advice maintainer package opinion top5 list

Link: https://www.tomasvotruba.cz/blog/2018/09/10/5-advices-i-would-love-to-get-before-starting-to-maintain-open-source/

CoderWall:
The Laravel Admin Panel That You Need
Aug 27, 2018 @ 14:21:04

On the CoderWall site they've posted a tutorial that's a sort of reaction to the recent Laravel Nova administration dashboard release. In it they point out another project, the Laravel Admin Panel (LAP) that handles a lot of the same kind of functionality.

I have been working on this product on opensource for about 8 months now, and the project has become quite successful. People are actually using it and we are making our goal to make it more developer friendly. [...] According to my experience with people who have used our admin panel and its feature to create a module instantly, they are aloof of the details beneath that architecture and are constantly in need of help if anything goes wrong.

If new developers are made to use some super smart software which just creates everything for them, they are just not very aware of the happenings and end up not knowing anything of how the project works.

The post introduces the project and what kind of functionality it provides including:

  • user/role/permissions management
  • "page" management
  • menu management

...and their "star of the show", the Module Boilerplate Generator that allows for the quick and easy generation of all code required to add a new module to the application (models, controllers, request handling, views, migrations, etc). You can find more information on the GitHub repository for the project.

tagged: laravel administration panel introduction lap project opensource

Link: https://www.codewall.co.uk/the-laravel-admin-panel-that-you-need/

Exakat Blog:
Versions impact on PHP code bases
Aug 01, 2018 @ 15:03:27

On the Exakat blog there's a new post covering some of the impact that PHP versions have on codebases they've reviewed in the normal course of their product's analysis and the requirements of Open Source software.

With the upcoming PHP 7.3, the question of the next migration is back on our tables. We’ll hear a strange mix of begging to move to the new versions for features and security, mixed with a constant threatening that some old versions will soon be unmaintained or worse. Indeed, there is versions impact on PHP code bases.

Particular witnesses of that evolution are open source projects. They usually have to support a wide range of versions, and in the same time, are actively encouraged to use the newest features. It is a delicate work of balancing compatibility and progress.

To observe the way Open Source projects handle the evolution of PHP, we have audited 1977 Open source PHP projects, by linting them with PHP versions from 5.5 to 7.3. This taught us the impact of PHP on code, over a long period of coding. Let’s review them.

The post starts by talking about linting of PHP files (checking the syntax for issues but not executing the contents). It then shares some statistics about the number of Open Source projects that lint on every build and how it has trended over time. They also share some results on the age of packages that are in wide use, showing that the ration of "old code" to "young code" is surprisingly similar.

tagged: staticanalysis opensource package lint age results statistics

Link: https://www.exakat.io/versions-impact-on-php-code-bases/

Tomas Votruba:
Why is Your Company Losing Money by not Open Sourcing: 1. Hiring
Jul 27, 2018 @ 14:22:36

On his site Tomas Votruba has a post sharing one thing he thinks is holding back your company from doing well: not open sourcing code.

Do you want to hire developers? Do you want to hire those developers who help your company in the long term? Do you want to save money for random picks of HR agencies? Do you want to hire developers who already know your code before even meeting you? Do you want to attract developers in the long term with zero investment?

Go Open-source!

He goes on to talk about some of his own experiences in the job interview process and how "old-school methods" aren't working as well as they used to. He then makes some suggestions about how to attract programmers "in a 2018 way". He uses a comparison between the traditional hiring process and a newer one ("open hiring"). He makes the suggestion of, when looking to fill a role, going to the contributors list of your or other popular packages and see who has contributed and reach out to them first. This allows you a preview into their skills and lets you evaluate it (and other contributions) against your needs for the role.

tagged: opensource hiring money contribution opinion

Link: https://www.tomasvotruba.cz/blog/2018/07/26/why-is-your-company-losing-money-by-not-open-sourcing-1-hiring/

Sebastian De Deyne:
A good issue
May 04, 2018 @ 15:10:25

As a maintainer of an open source project there are things that can help to make your role easier. One of them is encouraging useful issues being filed on the project with good information about the problem or suggestion. In this post to his site Sebastian De Deyne shares a few helpful hints on what can make for a good issue.

Maintaining a number of open source projects comes with a number of issues. Reporting a good issue will result in a more engaged approach from project maintainers. Don't forget: there's a human behind every project.

His suggestions include:

  • as much detail as possible ("X is broken" isn't useful)
  • having a single point or suggestion per issue
  • being polite (remember, open source maintainers aren't often paid for this work)

His last point might be the most important: making a human connection. Sometimes it's easy to forget that there's a real person on the other end of the line. If you work with the person reporting the issue rather than just focusing on the technical parts it can make it an easier and more pleasurable process for all involved.

tagged: good issue opensource project report personal recommendation

Link: https://sebastiandedeyne.com/posts/2018/a-good-issue

Junior Grossi:
Open-source is about sharing and giving back. Think about that.
Mar 26, 2018 @ 14:25:48

In a new post to his site Junior Grossi shares some of his thoughts about Open Source and how it's less about "free software" and more about sharing and giving back.

Maintaining an open source project – even a small one – is not an easy task. The open source ecosystem is about sharing and contributing, about giving and receiving. You scratch my back and I will scratch yours.

He suggests that working in Open Source is less about the actual software that's being written as it is a lifestyle. For him, the goal is to make someone else's life better by working on something you're sharing (instead of working on something commercial). He includes a quote from Fabien Potencier (of Symfony) about Open Source developers being exploited for their free software and how, despite the gift of time and work spent on the code, some people don't appreciate the work and just complain.

Instead of complaining about features or bugfixes, do it yourself, and show your gratitude for people that spent their free time working on something to help your life. They could be with their family but no, they were doing open-source. And you should thank them for that.

He finishes with a few thoughts about giving back to the projects you use and enjoy. It doesn't always have to be about code too - you can submit bugs, contribute to documentation or even just write up a tutorial to share your own knowledge of using the package.

tagged: opensource sharing project free software code opinion

Link: https://blog.jgrossi.com/2018/open-source-is-about-sharing-and-giving-back-think-about-that/

Maatwebsite:
Laravel Excel - Lessons Learned
Mar 20, 2018 @ 15:49:33

On the Maatwebsite Medium.com site they've posted a retrospective of their last several years of work on the Laravel Excel Open Source package.

Laravel Excel (https://github.com/Maatwebsite/Laravel-Excel) turned 4 years last November and has reached almost 6 million Packagist downloads. A good time to reflect on 4,5 years of open source development.

The article starts with a bit of history behind the initial development of the package as a simple wrapper around PHPExcel. It covers some of the initial syntax of the tool and features included from the start. The project moved on to v1.x with a complete rewrite and then into v2.x with support for the Laravel v5.x framework releases. It then talks about their "support conundrum" as they reached 1 (then, later, 6) million package downloads. They cover some of the usual project support issues, a reduction in their work on the package and how they worked to "fix it for everyone".

The post also talks about their "open source rehab" and how it changed their view from its recent "because 1 million people use it" back to making a difference in developers' lives. It finishes up talking about some of the "lessons learned" in how it worked with Laravel, a retrospective on its current state and a look forward at Laravel Excel v3.0.

tagged: laravel laravelexcel package opensource lesson learn motivation

Link: https://medium.com/@maatwebsite/laravel-excel-lessons-learned-7fee2812551

Exakat Blog:
Largest PHP applications (2018)
Mar 19, 2018 @ 16:35:46

On the Exakat blog there's a new post that includes the details of the largest PHP applications currently available (and popular) based on their own scanning of Open Source Projects.

When testing the exakat static analysis engine, I need to run it on real code. Open Source projects are a real blessing there, since they come in different shapes and stripes. [...] Nowadays, code bases tends to be smaller, compared to more ancient applications. Components are the norm, and they impact both the development of the application, and its extension.

[...] For this survey, we collected 1885 Open Source applications, and counted only their tokens. Tokens are PHP atomic elements, that are needed to understand and run code. Comments, white spaces and delimiters were not counted, leaving only the useful tokens. Then, the more the larger is the application.

The post lists out the top 100 largest PHP applications (by tokens, not by line) including:

  • Magento2 (#6)
  • Drupal (#12)
  • Yii (#21)
  • Joomla (#36)
  • Symfony (#52)
  • Apigility (#80)

The list comes with the count of tokens and is an update of their 2016 largest PHP applications post.

tagged: large application token size project opensource scanner

Link: https://www.exakat.io/largest-php-applications-2018/


Trending Topics: