TAG php

Open-source projects update

I spent the last two days going over most of our OS projects, Symfony2 bundles and other libraries to fix some issues, merge pull requests and tag releases. Here is an update on all changes:

Alice – v1.5.0 – Expressive fixtures generator

  • Added extensibility features to allow the creation of a Symfony2 AliceBundle (hautelook/alice-bundle)
  • Added possibility to fetch objects by id with non-numeric ids
  • Added (local) flag for classes and objects to create value objects that should not be persisted
  • Added enums to create multiple objects (like fixture ranges but with names)
  • Added ProcessorInterface to be able to modify objects before they get persisted
  • Fixed cross-file references, everything is now persisted at once
  • Fixed self-referencing of objects

Also note that Baldur Rensch recently started working on a bundle to integrate Alice in Symfony2, you might want to check that out as well.

Monolog v1.6.0 – Logging for PHP

  • Added HipChatHandler to send logs to a HipChat chat room
  • Added ErrorLogHandler to send logs to PHP’s error_log function
  • Added NewRelicHandler to send logs to NewRelic’s service
  • Added Monolog\ErrorHandler helper class to register a Logger as exception/error/fatal handler
  • Added ChannelLevelActivationStrategy for the FingersCrossedHandler to customize levels by channel
  • Added stack traces output when normalizing exceptions (json output & co)
  • Added Monolog\Logger::API constant (currently 1)
  • Added support for ChromePHP’s v4.0 extension
  • Added support for message priorities in PushoverHandler, see $highPriorityLevel and $emergencyLevel
  • Added support for sending messages to multiple users at once with the PushoverHandler
  • Fixed RavenHandler’s support for batch sending of messages (when behind a Buffer or FingersCrossedHandler)
  • Fixed normalization of Traversables with very large data sets, only the first 1000 items are shown now
  • Fixed issue in RotatingFileHandler when an open_basedir restriction is active
  • Fixed minor issues in RavenHandler and bumped the API to Raven 0.5.0
  • Fixed SyslogHandler issue when many were used concurrently with different facilities

MonologBundle v2.4.0 – Monolog integration in Sf2

  • Added support for the console, newrelic, hipchat, cube, amqp and error_log handlers
  • Added monolog.channels config option to define additional channels
  • Added excluded_404s property to the fingers_crossed handler to avoid logging 404s matching those regex patterns
  • Added ability to set multiple user ids in the pushover handler
  • Added support for an empty dsn in raven handler

Note that as of this version, the bundle’s release cycle is de-synchronized from the framework’s. It means you can just require "symfony/monolog-bundle": "~2.4" in your composer.json and Composer will automatically pick the latest version of the bundle that works with your current version of Symfony. The minimum version of Symfony2 for this workflow is 2.3.0.

NelmioSecurityBundle v1.2.0 – Additional security features for Sf2

  • Added Content-Security-Policy (CSP) 1.0 support
  • Added forced_ssl.whitelist property to define URLs that do not need to be force-redirected
  • Fixed session loss bug on 404 URLs in the CookieSessionHandler

NelmioJsLoggerBundle v1.2.0 – JS error logging in your Sf2 monolog logs

  • Added ability to give more context information by setting window.nelmio_js_logger_custom_context

NelmioCorsBundle v1.1.0 – Cross-Origin Request Headers support for Sf2

  • Added ability to set a wildcard on accept_headers

That’s it for today, but I would like to thank everyone that was involved in either sending pull requests or reporting bugs/feature requests to make all this happen!

July 30, 2013 by Jordi Boggiano in Development, News // Tags: , , , Comments Off on Open-source projects update

Generating fixtures with Alice

A common problem in software development, is that you need data to work with. This is especially true with data-oriented websites. Working with an empty database leads to all sorts of unexpected problems cropping up once the site goes live and receives real world data. Performance issues, visual bugs due to missing fields, too long or too small texts, etc.

The best way to address this is to have fixtures, fake data you use while developing or for automated testing of the website. However writing these fixtures can be a cumbersome process which leads to people postponing it and sometimes outright skip this step.

It used to be that Doctrine1 could load fixtures from yaml files, and symfony1 also had facilities there, but none of this has been made available to Doctrine2 or Symfony2 yet, or at least not in a very usable form.

Instead of writing a plugin for either of those, I set out to write a generic library to easily create objects from yaml files. It can be used with any framework or ORM, and also integrates the great Faker library to generate fake/random data. The library takes a few opinionated turns, so it might not be for everyone. However I am sure it will save you a great deal of time should you decide to work with it.

The library is called Alice, after the common Alice and Bob placeholder names, and you can of course find it on GitHub, including extensive documentation.

Let me know what you think of it!

October 29, 2012 by Jordi Boggiano in Development, News // Tags: , , 18 Comments

A Tour of Go

Last week we had to write what a small specialized HTTP client that connects to a server and issues GET requests to fetch data. Simple enough.

The only issue is that the data provider required us to use maximum one connection at any time, using HTTP pipelining to issue all the GET requests in the same connection and then block until they respond with new data. In practice this is not very complex, but PHP (our go-to hammer) is not really shining in this area.

All the HTTP abstractions around curl/http streams like Buzz or Guzzle do not seem to support pipelining (if I missed that, let me know), and doing it by hand is not particularly fun. The http extension does support that through some undocumented feature though, but I didn’t have that extension at hand, so I skipped that. In any case, PHP is not really the best tool for doing this sort of long running script, although it has gotten much better in recent years. So we looked for something else, and long story short, we decided to try Go. It is a new-ish language that is aiming to replace C/C++/Java for systems programming, mixing and matching features from everywhere while focusing on language terseness.

So what about Go?

Well it is interesting. I just opened an editor and within a few hours I had a first prototype running, a few more hours of polishing and tweaking later I had a finished product that has now been running for a week. It handled a few tens of thousands of entries, and especially did not crash once ;) The standard library is quite complete for what I wanted to do here, and there is already quite a large ecosystem of extra libs available for more specific tasks.

The documentation. It is not awful but it is a young language, and it could benefit from having more examples and cross-references. On the other hand I started coding without reading any of the basics, so I had to learn a few things the hard way. One big plus though is that the documentation links to the sources, so you can very easily check out what something does behind the scenes.

Static typing is a big change coming from PHP which abstracts away a lot of this. However thanks to their light approach to typing, you don’t feel it too much. Basically using := for assignment you can define a variable and have its type automatically inferred by the value you assign it. That gives you typing without the verbosity. Then of course you get compile-time errors based on all this which is great for debugging. Overall this saved me from doing a bunch of mistakes, and did not cause so much pain.

The recover function is also quite a nice fit for the use case at hand. It allows you to recover from any fatal error, and then keep running some code. Using this I made sure the program never dies, because if anything bad happens it will error out and restart doing its job instantly. It reacts much faster than monit or similar watchdog programs would typically do since it is triggered by the application failure.

Finally I want to quickly touch on goroutines. It allows you to do parallel processing very very easily. All you have to do is prefix a function call with the go keyword, and it turns into a background task of sorts. You can then use channels to communicate and block between multiple goroutines. It is a great model and should allow people to write parallelized programs without the pain usually associated.

To sum up, Go is quite fun. I would not use it to build a large web app though. I don’t think the tools are there yet and we have a great ecosystem in PHP for that. But for simple utils I would definitely recommend it to anyone that feels like trying something new.

June 22, 2012 by Jordi Boggiano in Development // Tags: , , 3 Comments

An Appeal to All Package Managers

I work on Composer – a new PHP dependency manager – and it is now working quite well for managing PHP packages. We have a decent amount (and growing fast) of packages on Packagist. All is well. Yet, most PHP projects are websites, and they need some frontend libraries, be it JavaScript or CSS – I will use jQuery as an example that everyone can grasp easily. In some frameworks, you have plugins that bundle a copy of jQuery. Some people have also used Composer to hack together jQuery packages so that they can download it, and then they have some scripts to copy or symlink the files in the proper location. That is all very flaky, you end up with multiple copies of jQuery and if you are lucky you even get various different versions.

I have been thinking about it for a few months, and it seems like nothing exists out there. Every language out there has its own package manager, but everyone seems to be stuck with the same problem of frontend code. Obviously jQuery is used by virtually everyone. They can’t support Composer, Bundler, npm, pip and god knows what. Building a package manager for JS/CSS could work, but the community is huge and scattered and getting broad adoption is going to be very difficult.

The plan

As far as I can see, and given the way Composer works, it would be fairly easy to build a central package repository – similar to Packagist – where people can submit package definitions for frontend libs. For instance I could go and add a twitter bootstrap package, define the URL where you can download it including some placeholder for the version. Then all we need is a list of version that’s maintained. We could start by doing that by hand, or we can just point it to the git repo and it reads tags. That’s how Packagist works – except that it reads the composer.json file in the git repo to get all the metadata that in this case would be entered manually.

If we do this, we then end up with a central repository of CSS and JS packages, and we can integrate it in Composer, so that Composer packages can depend on jQuery and it just works. That would be a good start, but the great thing would be to get everyone on board. And I don’t mean everyone writing PHP. I mean everyone. The Ruby folks, the Python ones, Java, .NET, you name it. You all have package managers. All we have to do is agree on the API of the central package repository and on what metadata is needed. Then you can just add support for it in your package manager of choice, and we all benefit from the manual work put in to list packages. If it works, I’m sure some of the frontend packages will then add the metadata directly in their git/svn/.. repos so that we save on manual work. This would be a huge thing for everyone.

There are of course a few more details to settle regarding security and trust as well as exact package metadata, but I wanted to gauge the interest first, and then discuss further. I opened a frontend-packaging google group for that purpose, so if you are interested please join in. All it takes is a few open minded people and we could start one of the largest cross-language collaboration project ever. Sounds like fun!

May 31, 2012 by Jordi Boggiano in Development // Tags: , , , , 8 Comments

Nelmio is hiring

You might have heard of us. If not, here is
who we are:

We are a little company in Zürich, Switzerland. Our clients trust us. Our projects are technically challenging and mostly use cutting edge technologies such as Backbone.js, Symfony2, Redis and CouchDB. By keeping the company small we have the ability to carefully choose the projects we want to work on. This also gives us time to attend many conferences, both as speakers and attendees. And starting this autumn, we will be working on our product as well!

Right now, we would like to grow by one person.

Problems we currently solve are:

  • Finding best practices for pure JS applications using Backbone.js.
  • Writing REST APIs in Symfony2
  • Optimizing CouchDB and MySQL to cope with large amounts of data.
  • Web of things – Connecting physical sensors with the web. This is particularly fun and hard.
  • DevOps – Automating deployments and server setup.

Things we do:

  • Code. Code. Code.
  • Learn from clients.
  • Teach and empower our clients.
  • Learn from each other. A lot!
  • Care about the little things that make a difference.
  • Fun things, because.

Things we don’t know:

  • Designing beautiful sites. But we know people who do this very well.
  • Ruby, Python, Dart, … We write mostly JS and PHP, and contribute a lot to make sure these stay in the game.
  • CMS. We only work on tailored solutions.

So, what do you think? Would you like to join our team?

  • We do work mostly in English even if there is always someone who throws in some French or German words.
  • You should have good communication skills, and be able to act autonomously. The ability to learn and think is more important than your existing knowledge.
  • Remote work could be an option. You would need to be in roughly the same time zone and can come work in Zürich for a few weeks in the beginning. That way we could get to know each other.

Send us your CV, GitHub account or anything you think is relevant to hello@nelm.io.

May 30, 2012 by Pierre Spring in News // Tags: , , , 1 Comment

Nelmio is coming to a conference near you

Here is a quick update on conferences we will attend and speak at in the next couple months. If you are attending any, feel free to come and say hi!

Next week our entire team will be at jsDay and phpDay in Verona, Italy. If you haven’t got tickets yet, hurry up because it is about to be sold out.

Pierre will talk about Backbone.js, Igor has two talks about realtime apps with websockets and the Silex microframework and I myself will be talking about managing your dependencies with Composer.

In June there are two notable events. The first is SwissJeese. A local JavaScript-oriented conference co-organized by Pierre that will be in Bern. It is free and on a Saturday so there is really no excuse not to come if you have an interest in JavaScript. Register for free on eventbrite!

The second a week later is Symfony Live in Paris which we are always looking forward to.

If you get a chance to go to both phpDay and Symfony Live, you can follow Igor’s second talk about Silex, which will be more advanced given the audience is already more familiar with the Symfony Components. If you miss Verona you can catch up on my Composer talk in Paris as well. William will hold an introduction to the Propel2 ORM and even you have no interest in PHP I will present the Redis key-value store so you can come anyway ;)

We sure hope to see some old friends and make new ones there, so if you were hesitant to come, just register before it’s too late!

May 11, 2012 by Jordi Boggiano in News // Tags: , , , 1 Comment

An Update On Composer

This weekend we have been busy hacking on Composer in our office together with Nils Adermann and Volker Dusch. We wanted to push the project forward a bit faster than the odd free evenings usually allow, and I would now like to introduce the changes we made.

Development versions handling

The former master-dev and similar *-dev versions we used to have were causing quite a few issues, so we decided to overhaul that behavior in a way that allowed us to get more consistency and fix a few long standing issues. For example dev versions can now be locked to exact commit revisions, and they will update to the latest revision when you do an update, no need to delete them from disk beforehand.

Basically dev releases are now simply branch names with a dev suffix – for numeric branches which are comparable – or a dev prefix for textual names that are not comparable, like feature branches and master. There is no way to specify the version manually anymore in your repository’s composer.json, since that was causing potentially dangerous issues with feature branches conflicting with the original ones.

If your package depended on a master-dev version, you should now depend on dev-master. If your package depended on something like the Symfony2 2.1.0-dev version, this one also is now dev-master since it is in the master branch. Older feature branches like 2.0-dev which is the 2.0 branch and not master are unaffected by this change.

This change will break many packages out there that rely on -dev packages of any kind, and we hope everyone will update their composer.json files as swiftly as possible to make the transition less painful.

The Packagist version database had to be reset for this change, so things will look at bit empty for a couple of hours while everything is re-crawled. None of the packages are lost and you should not have to do anything except having a bit of patience.

Dependency solver stability

Nils and Volker have been doing big progress on bugfixing and testing the solver. Those are mostly highly technical details that I will not dive into here. But long story short many old bugs should be fixed, and then some. It may obviously have introduced regressions, so if you encounter any issues please report them with your composer.json file so we can easily reproduce.

Documentation

Igor has spent quite a bit of time on documentation, which you can see on github for now, and which should be migrated to getcomposer.org soon.

Packagist / GitHub integration

Another great new feature coming from a pull request by Beau Simensen is the ability to let GitHub tell Packagist when you push new code to your repository. This should make package updates almost instant. It should be integrated into the GitHub Service Hooks soon enough, so if you don’t want to set it up by hand you can wait a bit, otherwise you can grab your API hook URL on your Packagist profile page, and add it in your repository.

Repositories configuration

It seemed that the way custom repositories are configured was confusing, so we took the chance to make it a bit clearer. Basically names are dropped and it’s all stored in a flatter structure that’s easier to remember. Documentation has been updated on Packagist.

All in all it has been quite a productive week-end and we will continue working on a few things today.

February 20, 2012 by Jordi Boggiano in Development, News // Tags: , 6 Comments

Composer: Part 2 – Impact

In the first part of this post I introduced Composer & Packagist. If you are not familiar with them please read part 1 first.

Impact

In this second part I would like to talk about a few things Composer could do for you, and the PHP community at large, once it is broadly adopted.

Common APIs and Shared Interfaces

You may have noticed that quite a lot of people are talking of and asking for more interoperability and cooperation between frameworks. It seems some PHP developers finally got tired of reinventing the wheel. That is great news. One way to provide this interoperability is through shared interfaces. The two main candidates there in my opinion are logging and caching. Two boring things that should just work, and where you always need tons of flexibility and tons of different backends, drivers, or whatever you want to call those. Almost every major framework and CMS out there have their own implementations of that stuff, yet none of them support all the options since there are too many.

The PHP Standards Group, an open mailing list discussing these interoperability questions has seen a recent proposal for a Cache Interface. One question raised was: How can those interfaces be distributed in each project that uses or implements them?

This is where I see Composer helping. Composer supports advanced relationships between packages, so to solve this issue you would need three parts (read carefully):

  • The psr/cache-interface package contains the interfaces, and requires a psr/cache virtual package.
  • Implementors of the interfaces (many libraries) all require the psr/cache-interface and also provide the psr/cache virtual package.
  • A framework that needs a cache library requires psr/cache-interface and hints the interface in its method signatures.

Then the user of that framework comes in, decides that he wants to use the Doctrine\Common cache implementation for example. By requireing doctrine/common, the psr/cache requirement of the psr/cache-interface would be satisfied. Both doctrine and the framework would use the interfaces from the psr/cache-interface package. No code duplication all over the place and everyone is happier. All those require and provide have version constraints on them, so the interfaces can easily be versioned so that Composer will not let you install things that do not work together.

Plugin Installs for Frameworks and Applications

Composer is built to be embedded in other frameworks, CMSs or other applications. Some parts are still a bit rough for that use case, but it is something that will be supported and encouraged. Reinventing the package management wheel is another thing that really should stop. Who am I to say this you ask? It is true, we are building a shiny new wheel as well. Yet I take comfort in the fact that we are trying to build a generic solution which will work for everybody.

Packages are easy to build – for those who insist on not reading the first part of this post: you drop a simple composer.json file and add the VCS repository to packagist.org. The goal is that building packages should be accessible. I would love it if TYPO3, Drupal or WordPress to name a few would use Composer as a library internally to handle their dependencies. The list of required packages does not have to be in a composer.json file, it can sit in a database just fine. That would mean that suddenly the WordPress plugin you are developing could depend on an external library to do some work, and you don’t have to embed the whole library code in your plugin’s repository. Autoloading would make it work magically as long as everyone respects PSR-0. Which brings me to my next point.

Promoting Standards

A few months back I was on IRC and someone linked his new library, who or what it was does not matter. I just noticed he used a home-made autoloader and asked him why he was not following the PSR-0 standard. The answer was “I just use a smarter autoloader, with fallback feature“. Now that’s great, maybe his solution is smarter in the way that it allows files and classes to be anywhere. But it messes with everybody else. No one can use that library unless they declare another autoloader just for it. Autoloading should really be a commodity that you do not have to lose time fixing.

By adopting and promoting the standard, I hope Composer will help raise awareness about it. If you follow PSR-0, Composer autoloads your packages. If you don’t, you are on your own. The more users start to rely on this, the more they will get annoyed when a package requires manual configuration to be autoloaded, which will put some pressure on the PSR-0 offenders.

Promoting Code Re-use

It is probably obvious, but having easy to use package management means you will use it more, and the more it is used, the more people will re-use and share code. I really hope to see many libraries pop up out there instead of the massive frameworks we had until recently.

This shift is already happening, the larger frameworks like Symfony2 and Zend Framework 2 have decoupled their internal components and it is now possible to use pieces of them individually. They start to look more like the PEAR repository, which is an aggregate of libraries that work well together, some depending on each other, but not all.

Single libraries out there are great but I see some value in these larger organizations enforcing some quality guidelines on their own code-base. In a way they act like brands. You know that if you use one of their packages you can expect a certain quality.

Renewed Interest in PHP

Overall, I believe that libraries like Buzz, Imagine and others can create a sort of DSL on top of the (sometimes really bad) PHP APIs. Many people have criticized PHP as a language for its inconsistencies and awkwardnesses. Fine. I am not going to argue with that. But I hope many of those people, if they are being honest, will agree that PHP as a platform is great. It runs everywhere, it does not require much configuration, it has an immense developer base.

If we have enough libraries that abstract away some of the language issues, I strongly believe PHP as a platform will have a bright future.

December 20, 2011 by Jordi Boggiano in Development // Tags: , 19 Comments

Composer: Part 1 – What & Why

You may have heard about Composer and Packagist lately. In short, Composer is a new package manager for PHP libraries. Quite a few people have been complaining about the lack of information, or just seemed confused as to what it was, or why the hell we would do such a thing. This is my attempt at clarifying things.

This second part of this post, Impact, has now been published.

What is it?

The Composer ecosystem is made of two main parts, both are available on GitHub. The development effort is being led by Nils Adermann and myself (Jordi Boggiano), but we already have more than 20 contributors which I would like to thank a bunch for helping.

Composer

Composer is the command-line utility with which you install packages. Many features and concepts are inspired by npm and Bundler, so you may recognize things here and there if you are familiar with those tools. It contains a dependency solver to be able to recursively resolve inter-package dependencies, a set of downloaders, installers and other fancy things.

Ultimately as a user, all you have to do is drop a composer.json file in your project and run composer.phar install. This composer.json file defines your project dependencies, and optionally configures composer (more on that later). Here is a minimal example to require one library:

{
    "require": {
        "monolog/monolog": "1.0.0"
    }
}

If we look at the package publisher side, you can see that there is some more metadata you can add to your package. This is basically to allow Packagist to show more useful information. One thing that is great though is that if your library follows the PSR-0 standard for class and files naming, you can declare it here (see the last two lines below) and Composer will generate an autoloader for the user that can load all of his project dependencies.

{
    "name": "monolog/monolog",
    "description": "Logging for PHP 5.3",
    "keywords": ["log","logging"],
    "homepage": "http://github.com/Seldaek/monolog",
    "type": "library",
    "license": "MIT",
    "authors": [
        {
            "name": "Jordi Boggiano",
            "email": "j.boggiano@seld.be",
            "homepage": "http://seld.be"
        }
    ],
    "require": {
        "php": ">=5.3.0"
    },
    "autoload": {
        "psr-0": {"Monolog": "src/"}
    }
}

Composer is distributed as a phar file. While that usually works out, if you can’t even get it to print a help with php composer.phar, you can refer to the Silex docs on pitfalls of phar files for steps you can take to make sure your PHP is configured properly.

Packagist

Packagist is the default package repository. You can submit your packages to it, and it will build new packages automatically whenever you create a tag or update a branch in your VCS repository. At the moment this is the only supported way to publish packages to it, but eventually we will allow you to upload package archives directly, if you fancy boring manual labor. You may have noticed in the composer.json above that there was no version, and that is because Packagist takes care of it, it creates (and updates) a master-dev version for my GitHub repo’s master branch, and then creates new versions whenever I tag.

You can run your own copy of Packagist if you like, but it is built for a large amount of packages, so we will soon release a smaller tool to generate repositories that should be easier to setup for small scale repositories.

If you have no interest in using Packagist with Composer, or want to add additional repositories, it is of course possible.

Why(s)?

Why do I need a package manager?

There is a huge trend of reinventing the wheel over and over in the PHP world. The lack of a package manager means that every library author has an incentive not to use any other library, otherwise users end up in dependency hell when they want to install it. A package manager solves that since users do not have to care anymore about what your library depends on, all they need to know is they want to use your stuff. Please think about it real hard, let it sink, I will get back to that in the next post.

So we started working on Composer because there is no satisfactory solution at the moment for PHP, and that is quite unacceptable in this day and age. Of course with such a bold statement, you may be wondering:

Why not use PEAR?

While PEAR was and remains a viable option to some people, many have also been dissatisfied with it for various reasons. Composer has a very different philosophy, and it probably will not please everybody either. The main aspect that differs is that PEAR started as a system-wide package manager, much like apt-get or other similar solutions.

That approach does not work very well when you have many projects running on one machine, some of them 5 years old and depending on outdated versions of a library a newer project also uses. You can’t easily install both versions at the same time, and lots of frustration ensues.

Another issue is that one project’s dependencies become very fuzzy, since you code against code that is installed somewhere on your system, you can easily forget to mention in your README that your app depends on library X. Future-you or another guy comes along, tries to setup the project and is left in a run -> see error -> install lib -> run loop until all errors are gone. If he is really out of luck, he misses one dependency that is rarely used, and something fails unnoticed later on.

Composer on the other hand forces you to declare your project dependencies in a one-stop location (composer.json at the root). You just checkout the code, install dependencies, and they will sit in the project directory, not disturbing anything else on the machine. Another related feature is the composer.lock file that is generated when you install or update dependencies. It stores the exact version of every dependency that was used. If you commit it, anyone checking out the project will be able to install exactly the same versions as you did when you last updated that file, avoiding issues because of minor incompatibilities or regressions in different versions of a dependency. If you ever had bugs appear only on one team member’s machine while the others were fine because of some too-new or too-old version of something, you will know this is very useful.

Another notable difference, although some may not care about this, is that there is no approval process to have your package included on Packagist. While our vendor-name/package-name convention resembles PEAR’s channel/package, we do not have channels. All repositories contain packages that go into one big package pool, and then the solver figures out which packages fit your requirements, no matter where they come from.

Why JSON for packages?

It is a recurring question so I will answer it, hopefully for the last time. The short answer is because. The longer one is that there are many options (yaml, json, xml, php, ini, whatever.), each have their fan-base, and each have their haters. Whatever we would have picked, someone would be complaining. If you think it is a stupid decision, I am sorry to announce you are in the group selected to be the folks complaining, but it is not going to change. Please try not to focus on such a detail, and look at the bigger picture.

Where are we now?

I have delayed writing this post for quite a long time. I wanted it to be all nice and shiny before announcing anything. Unfortunately it is not as polished as I would like yet, but we are getting there. Composer can install itself (well, its dependencies) via Packagist, and many people have played with it and looking to integrate it in their work environments.

Here are the main points that still need some love, and of course if you would like to help you can join us on IRC (freenode #composer-dev) or on the mailing list.

Documentation

Documentation – or the lack thereof – is a huge problem right now. This post is a first step in that direction, and we will definitely work on more formal documentation in the future. You could too.

Solver bugs

The dependency solver is a complex beast, it has been ported from C code and it still has some rough edges. Not much to say here, we just need people to try it and report bugs. Bonus points if you can write a unit test that reproduces the issue.

Private repositories

This is a big topic that we need to address as well. Installing closed-source packages is of course necessary in most companies, and we will definitely work on it once the basics are working well and the open-source use case is covered. If you have some time or money to invest in that and want it to happen ASAP, please get in touch with us.

Global installs

As I said, we work with local installs by default, and that will not change for everything that is directly project-related. That being said, there is a whole set of CLI-tools for testing/QA or other purposes that would benefit from being installed system-wide and executable from anywhere. It is already possible to do a local install of those in your home dir and then add the bin directory of that install to your PATH of course, but we would like to support a more streamlined experience.

Part two will come next week, covering a few use cases, visions and hopes we have for Composer and PHP as a whole. To stay up to date you can follow @packagist or myself on twitter.

Update: You can now read Part2

December 8, 2011 by Jordi Boggiano in Development // Tags: , 47 Comments

Introducing the NelmioSecurityBundle

At Nelmio we love Symfony2. As contributors to the core development, we care a lot about not only the project itself, but the entire ecosystem.

And that’s why we’re thrilled to announce the immediate availability of the NelmioSecurityBundle!

This Symfony2 bundle provides security-enhancing features for your application. It is not a replacement for the core SecurityBundle, it provides generic purpose security features, not related to user management. Continue reading

August 4, 2011 by Igor Wiedler in Development // Tags: , , 3 Comments