Library (computer science) A collection of software subprograms that provides functionality, to be incorporated into or used by a computer program.
TL;DR: Try https://phpkg.com, a new search engine for PHP dependencies.
The age of composer
Long gone is the time when you add to copy and paste thousands of lines from the internet, or download and unzip a library in your project, making updates impossible, your code base size unmanageable and your code vulnerable.
Today you just composer require any piece of code and it becomes easy to implement, version, update, and even replace if a better alternative comes along.
Why would I trust some code that I didn’t write myself?
When you add a feature to your project, you can start from scratch — also known as “reinvent the wheel”, or you can use a piece of code that has been time-tested, peer-reviewed, that has already solved all the problems you’re going to face and that already covers use cases that you may need in the future.
It’s a huge gain of time, and by looking at code that was developed by other people, you might learn a lot about programming, best practices, design patterns and so on.
You might also find a way to make the code better, and suggest your modification to the author, so that everyone can benefit from your talent.
What do you look for when you add a dependency to your project?
Here is a non-exhaustive list of questions that I ask myself each time I have to pick a dependency, in no particular order:
- Is the documentation clear?
This is surprisingly the most recurring error that authors make when they share their librairies on Github, they put a lot of effort into making amazing code, but they spend very little time making sure that other programmers can easily install and use their code.
- Will it be easy to integrate in my project?
If I have to re-compile PHP, use a specific version of Linux, spend 15 minutes waiting for the code to build, just to support one specific feature, I will reconsider.
This also applies to code that is tightly coupled to its dependencies, making features exponentially heavy.
You wanted a banana but what you got was a gorilla holding the banana and the entire jungle — Joe Armstrong, creator of Erlang
- Do I like the code style?
To each his own taste, but if I have to support and maybe debug a library in the future, I’d rather use one where I understand what the author meant, and find some familiarity in the decisions he made.
If all my code uses camelCase and is object-oriented, and the author writes PHP $like = we_used_to_in_the_nineties(), I’m going to pass.
- Does it have tests?
Tests are not infaillible, but at the very minimum they’re a clue that the author intended to do things the right way. If I use a library and I find a bug, I know I can write a test that reproduces the behavior and make it easier to fix.
Sometimes it’s also a good way to understand how you are meant to use the library the way the author intended to do a specific action.
Those are very important, but they’re hard to spot automatically with accuracy. In contrast, the following questions are easy to answer, and they’re available at one glance in the search engine I’m presenting to you in this post.
- Has it been around for a long time?
Why would you trust any product that’s been around for a longer time than another?
This is about the survival of the fittest, a product that just came out in the market hasn’t yet faced all the obstacles that a product with a longer life has, so you can’t predict whether it will be able to solve them in the future.
You also don’t know if the author will support it in the near future, or abandon it and leave you with an incomplete piece of code that can potentially become incompatible or vulnerable.
- Has it been updated recently?
Computer programming evolves fast, PHP has made tremendous changes in the last years, and code quickly becomes obsolete. Code that takes advantage of the newest features and optimizations that PHP offers gets bonus points. And don’t get me started on PHP7 Typing!
Vulnerabilities are also a point of concern, the longer a piece of code has been around, the longer a malicious person has had the time to find a security hole.
- Does the author acknowledge the issues?
The bigger a library gets, the more users adopt it on their own projects, the more feedback it gets. Whether the author acknowledges the users’ feature requests, suggestions and bug reports or ignores them should make a big impact on your decision.
Remember, you may be one of the hundreds of users complaining about the same bug in the future.
- Is it popular?
This is controversial and I kept it last in full conscience, but to me, again considering the survival of the fittest, the popularity of a project often comes as a token of viability.
Of course this is unfair, because projects with more exposure will automatically get more stars, someone working in a big company with thousands of developers will get an unfair advantage just by asking his/her colleagues to vote for him/her, while an independent package author will start with 0 stars and strive to get every new star.
I am fully aware of this, being a victim of this myself, but at the same time, it doesn’t mean that stars are meaningless and that popular projects don’t deserve their amount of stars. For example, I will happily star projects with less than ten stars, and almost never star huge projects who don’t need it, and I’m thinking I’m not the only one, which counter-balances the problem.
Before you read more, I suggest you to try it by yourself. If you’ve ever used Packagist or Github to search for packages in the past — which I think you do since you’ve read this far — you should instantly understand the benefits.
- Google-like instant search functionality
- Built with speed in mind
- Dedicated to PHP dependencies
- Displays date since creation, last update and number of issues
- Provides the composer require command in one click
Why don’t you use Packagist?
PHPkg is not trying to replace Packagist, its only focus is speed and convenience when searching for a package.
Also, I find it very frustrating that I can’t sort Packagist results by Downloads or Stars. PHPkg’s sorting system is straight to the point. And its logo is a bit sexier.
Why don’t you use Github? or X? or Y?
Because PHPkg is exactly the search engine I was looking for, it does one thing, and it does it the best and the fastest it can.
There’s nothing wrong with the alternatives, but I believe PHPkg could make the life of PHP developers easier.
Thank you for reading, and don’t hesitate to add your comments and suggestions to make it better.