A first proof of concept version of Mozart is now available for public testing. Mozart is a command line tool for wrapping PHP packages inside your own namespace. This is the least bad solution for solving most dependency management issues inside the WordPress ecosystem.
The fundamental lack of dependency management support inside the WordPress ecosystem has lead to a number of issues. Wrapping (third party) PHP packages inside your own namespace is something some developers already started doing on their own. Mozart simplifies and automates this process.
Say you want to use the Pimple package in your WordPress plugin. This package runs from the Pimple namespace. What Mozart does, is convert the files from the Pimple package, to use your own namespace, CoenJacobs\TestPlugin\Pimple for example. Your plugin can then use this package, inside your own namespace, so you always use the exact version you want. Continue reading Mozart monkey patches WordPress’ lack of dependency management
It’s been a while since I last posted something about the whole dependencies horror that I’m still trying to deal with in the WordPress ecosystem. Justin Sternberg’s post on the future of the CMB2 library got the discussion going again and soon after, we were at the dependencies discussion again.
The video of my presentation about the Love-Hate Relationship Between Composer and WordPress at WordCamp Netherlands this year has been published on WordPress.tv:
You can find the slides on Speakerdeck. It was a great audience with some really good questions that have given me plenty of food for thought regarding the whole subject. It’s too much to cover in this post, so I’ll be going in some more detail in separate posts soon. I think there is a bright future for Composer in the WordPress ecosystem, there are some things that need to change first though.
Today I published the pre launch page for my side project Lapisense. In case you missed it, it’s a hosted activation and updates API for WordPress based products. If you don’t like running a plugin that does this for you, Lapisense might be a nice fit for your products.
There is a lot of confusion in the WordPress ecosystem when it comes to the issues around bundling dependencies. Peter Suhm has published a detailed post about this exact issue: A Warning About Using Composer With WordPress, where I have left the following (partial) comment:
So imagine both of us loading library x in our plugins, both requiring a version that’s incompatible with each other. No matter how well tested your plugin is, if I get a chance to load my autoloader before yours, I can load a version of the library that is not compatible with yours and your plugin will break (at least, the end user will see it like that and the horror of finding the culprit begins)…
This obviously is not a Composer issue, but related to the way WordPress loads its plugins. It’s also not a well known issue, since Composer isn’t used a lot in the WordPress ecosystem (yet!), especially not in distributed plugins. But as Composer becomes more used, more collisions like this will happen. Without a proper dependency management system in place, this is really hard to solve.
My WordPress Composer Installer proof of concept is as close to solving this issue as I’ve ever been. If there is anyone more experienced with the plugins installer in WordPress and maybe knows their way around Composer as well, I could use some help. 🙂
I’ve been working on a proof of concept for solving dependency management in WordPress plugins for a while now. It was in a private repository on GitHub, where I would invite some people in to work out the most obvious issues, while keeping it a bit on the down-low (this is a big change, potentially, after all).
Now it’s time though. The WordPress Composer Installer repository is now open to the public. Note that this is not more than a proof of concept, albeit it a working one. There are some hoops to jump through to get this working, but all these steps can be automated once I make this a fully featured plugin.
The number one remark I heard when I launched WPupdatePHP, is that users shouldn’t be bothered with this. In an ideal world, this is true, but in reality this isn’t going to stand for long. Allow me to explain why:
The core WordPress team can’t get every single hosting company to comply. I admire their intentions, but in reality this is not going to help everybody.
At the time of this writing, PHP 5.4 is actually already nearing its EOL date and we’re still figuring out how to make PHP 5.2 and 5.3 platforms go away…
The end user is one of our most important, but underestimated, assets in this battle. They have the strongest voice in this all.
WordPress has PHP 5.2 as the minimum required PHP version. For a while now, PHP 5.4 has been listed as the recommended version. That’s a big step in the right direction, but I feel we can do more to help push the requirements forward.
At Radish Concepts we work with a lot of different platforms, frameworks and even languages. Most of our PHP projects are based on the Laravel framework, but we also do a lot of WordPress projects. When writing code for Laravel based projects, we obviously use namespaces and such, something we can’t do in publicly available WordPress plugins (since namespaces require PHP 5.3).
What we’d really love to do is be able to use namespaces for example, in our WordPress plugins as well. In addition to that, PHP 5.2 and 5.3 are really, really old. Even though lots of the Linux distributions tend to backport security fixes, it’s never a reassuring thought to read that PHP 5.2 has been unsupported for over 4 years now. We need to move on, as a community. Continue reading Time to update your PHP version
Tim Nash has published his predictions for the next year. The entire piece is worth a read, since I think Tim’s predictions are not far off, but the Bumping up PHP 5.2 part obviously sparked my interest:
[…] should we be aiding hosting companies, in supporting out of date potential security black holes. It’s clear that until hosting companies are forced to update they are not going to. So if WordPress was to change it’s minimum version number then hosting companies have no choice but to upgrade.
This is about the same as Anthony Ferrara has been telling us (also read his followup post: Being A Responsible Developer). I truly believe that the hosting companies are in a demand driven market. They will update their PHP versions as soon as large open source software projects like WordPress announce that they will bump their PHP version requirement for future releases.
If you like to read predictions for the new year (like I do), go read the full list of Tims predictions for 2015. As I said before, he’s not far off and I’m sure it will be a great inspiration for future projects or things to learn, like it was for me.