Just about any code written depends on third party libraries. These libraries, in the form of plug-ins, themes, frameworks, technologies and other files are the dependencies of the project.
Until recently, PHP developers made a list of all such plug-ins, frameworks, technologies and other dependencies to be included in the project, downloaded the code of such dependencies into the project, and setup autoloading for each one before starting the actual coding. Composer is a “dependency manager”, which allows the developer to declare, install and manage the dependencies of a project. The developer defines the dependencies required for the project to work in a composer.json file, created in the root of the project. This file downloads the dependency files and autoloads all dependencies.
Some of the popular dependency managers that pre-dated Composer are Bundler for Ruby, npm for node.js, and pip for Python. Of late, Composer has seen a surge in popularity. Apart from the fact that it makes things very easy, there are several reasons for the soaring popularity of this dependency manager.
Code Reusability
Until Composer came along, many developers “reinvented the wheel” by developing codes by themselves instead of using a library. This was because of the problem of dependency that invoking such third-party libraries would have caused. Composer allows developing the custom plugin or theme as a standalone library, making it possible to use it not just for the project on hand, but also for projects down the road.
Using Composer, the developer can centralize libraries into a repository. The developer may set up a private Packagist server and applying tools such as Satis to channel all available themes and plug-ins into a private repository. Packagist maintains an index of the individual packages inside it, and downloads and installs the appropriate packages when the developer calls them from the code. The obvious advantage is the ability to set up the entire environment in double-quick time, and also use any plug-in for multiple projects very easily.
Composer also allows the developer to clone a repository instead of downloading a distribution package, and then work on this clone to commit changes directly from the plugin or theme itself. This allows the developer to work fluidly between branches or commits, and also define a dev branch on one installation with the assurance that the rest of the libraries are still in sync with the other developers.
An important consideration here is the need to keep certain information such as database configuration and hostname unique to each environment, while at the same time maintaining certain other aspects consistent across development instances. Composer helps to keep configuration files in sync without compromising the unique settings of the local environment.
Speed
Composer not just delivers on the basic function of dependency managers – which is to store and index third party or proprietary plugins, but while doing so also speeds up the workflow.
Composer is technically a command-line utility with which developers can install packages. Using Composer, the developer can create a manifest of all plugins and themes required in the project. It then becomes possible to install the dependencies by running just a single composer command, rather than invoking everything one by one. When running the Composer command, the compiler reads the file that lists the manifest, and then downloads and installs the relevant files depending on the configuration.
Security
Using Composer improves security. Any developer would invariably have many plug-ins, and some of them would not be appropriate for the specific production environment. While it is relatively straightforward to make sure such plug-ins are not loaded, at times even the mere presence of such plug-ins poses a security risk. In today’s age where cyber criminals operate with unbridled freedom, hackers actively seek out plug-ins and themes with vulnerabilities, and launch their attack through such dependencies. Composer allows the developer to define the specific packages being used for development, so that the unneeded plug-ins are totally excluded.
Control
Composer makes the software repositories lean and mean. Many projects suffer with the repos getting unwieldy quickly. This is because version control systems keep a copy of every file revision, including plug-ins and other libraries in its history. Composer retains only the project definition in version control. The library folders are added to the.gitignore file, with the Composer keeping it in sync. What this means is that dependencies are never inside the project’s repository, rather reside locally. This makes repositories better organized, more manageable, and increases speed as well.
Composer also Improves quality and reduces errors by automating post-installation tasks. Many plug-ins require the developer to move or edit files manually. Composer makes it possible to write post installation routines easily, to automate such processes. It is even possible to automate data routines, such as importing or syncing a database and to use the wp-cli tools to search and replace strings. This not just reduces errors and speeds up things, but also ensures complete consistency in both the code and procedure of installation across all environments. An added benefit is the ability to reuse the same process in another project without having to rewrite the whole thing.
Better Coordination
Composer makes it easier for several developers to work on the same project. Composer’s package definition includes all of the information required to build the project, and any programmer working on the code simply needs to pull it from the repo and run Composer. By doing so, they get access to the exact same codebase that the previous developer maintained, including the revisions. With such a possibility, it becomes easy and seamless to use developers anywhere in the world, with the new developer being able to take over the project and start building within a few minutes of getting started.
To sum up, Composer fills a big void when developing applications using PHP. Although developers have to undergo a period of assimilation before they can master Composer, integrating this handy tool into the workflow provides the opportunity for some solid efficiency and speeds up the project considerably.
Why do you need a Composer?
previous post