Thursday, January 6, 2022

[FIXED] How to check that a dev dependency is not needed in production?

      , ,      No comments   

Issue

Since our project needs a library to run tests, this package is listed in the require-dev section of composer.json.

{
    //...
    "require": {
        "php": "^7.4|^8.0",
    },
    "require-dev": {
        "cache/array-adapter": "^1.1"
    },
    //...
}

During a manual code review, I realised that this library is being used in our production code too.

The fix is easy, we moved the corresponding package from the require-dev section to the require section.

{
    //...
    "require": {
        "php": "^7.4|^8.0",
        "cache/array-adapter": "^1.1"
    },
    "require-dev": {
    },
    //...
}

I'm searching an automatic way/test to avoid this kind of problem. I guess that our manual test during staging can avoid these kind of problem, but it isn't enough.

How to check that a dev-dependency isn't needed in our core-code?


Solution

You could implement this using PHPStan (or Psalm, or any other static analyzer): if you removed the dev dependencies and then run such a tool, it would notify you about missing classes from such a dependency.

But be warned: even if this helps to write more strict code, it might need some work in the beginning to implement proper return types all over your application

Another idea: also remove dev dependencies and run a usual test suite like PHPUnit or Behat.



Answered By - Nico Haase

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...