How to Patch a Package in Vendor, Yet Allow its Updates
Tomas Votruba explains how you can create composer patches.
Read more [tomasvotruba.com]
Posts tagged with dependency
Don't use illuminate/support in framework agnostic packages
In our framework agnostic packages we sometimes pull in illuminate/support. This package that's part of the core of Laravel provides some nice string and collection functions. But unfortunately a lot of other stuff gets pulled in as well. In a post on his blog Matthew Allen explains the downsides of requiring illuminate/support.
A lot of framework agnostic Composer packages (PHP) pull in illuminate/support, which contains helper functions and general purpose code used by the Laravel framework. Usually it’s because the support package has nice helper functions like array_get, or because of the nice collection class.The helpers functions are nice, but I don’t think developers appreciate the ramifications of choosing to pull that package in. Everyone is afraid to get criticized for reinventing the wheel, so packages are pulling in 6000+ lines of code to avoid writing isset($arr[$k]) ? $arr[$k] : null themselves.
http://mattallan.org/2016/dont-use-illuminate-support/
One of the most useful functions of illuminate/support is the Collection class. In a thread on Reddit Taylor Otwell, the creator of Laravel, seems to agree that requiring illuminate/support isn't a good idea and that the Collection class could be extracted to it's own package. Let's hope that'll happen in the near future.
In the new major versions of our framework agnostic packages we'll swap out illuminate/support in favor of packages like the ones mentioned at the end of Matthew's post.
EDIT: Meanwhile Tighten has released a Collections-only split from Laravel's Illuminate Support.
Join 9,500+ smart developers
Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
"Freek’s newsletter is one of the best ways to stay updated with the Laravel and PHP ecosystem. It consistently highlights useful packages, tools, and ideas from the community, especially the amazing work coming from Spatie. As a Laravel developer building SaaS and web platforms, I find it extremely helpful to discover practical tools and insights that improve my development workflow."
Drunk with the power of composer plugins
Christopher Pitt posted a tutorial on creating composer plugins on the Sitepoint blog.
Composer is the sharpest tool in the toolbox of the modern PHP developer. The days of manual dependency management are in the distant past, and in their place we have wonderful things like Semver.http://www.sitepoint.com/drunk-with-the-power-of-composer-plugins/...
Recent changes have made it much easier to develop Composer plugins.
Handling composers "lock file out of date" warning
Lorna Jane Mitchell explains on her blog which options you have when you see "lock file out of date" warning.
The `composer.lock` also includes a hash of the current `composer.json` when it updates, so you can always tell if you've added a requirement to the `composer.json` file and forgotten to install it.http://www.lornajane.net/posts/2016/handling-composer-lock-file-out-of-date-warningIn that case, you'll see an error message like:
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.You now have three options: upgrade everything, figure it out, or do nothing.
