What is Composer and Why use it?
Composer is a Dependency Manager for PHP which gives you the ability to use packages to help streamline your workflow as a developer.
I use Composer to lint and scan my various WordPress Projects to ensure quality code and to adhere to modern day best practices and coding standards.
While developing DevWP which is a Custom WordPress Hybrid Theme, I use composer to analyze my code and to show others the benefits of using Static and Dynamic Analysis Tools.
- Official Composer Website
- Official Getting Started Guide
- Official Documentation
- Composer for Windows Video
- Composer for macOS Video
- WordPress Coding Standards Video
Windows Installation
Make sure PHP is in your path. Follow the steps mentioned in the XAMPP Docs file.
Go to the official Composer Download page and download the Composer-Setup.exe installer for Windows.
In your downloads folder, double-click the Composer-Setup.exe to start the installation process and follow the on-screen prompts.
You should already have XAMPP or a similar solution installed on your system, and composer will attempt to locate the php.exe file.
Use Composer globally, so you can type out the shorter command of just composer.
Once you installed Composer, run the following command in your terminal:
composer --versionmacOS Installation
Make sure PHP is in your path.
You should already have MAMP or a similar solution installed on your system.
Use the code snippet in the code text area. Copy it and paste it into your terminal.
On Mac via terminal:
mv composer.phar /usr/local/bin/composerIf you need to use sudo, then use the command below instead.
sudo mv composer.phar /usr/local/bin/composerDepending on your system, you may need to use the following snippet. Only run it if you get a Permission Denied message on your system. The following command makes it executable.
chmod +x /usr/local/bin/composerOnce you installed Composer, run the following command in your terminal:
composer --versionPackages to Install
If you create the file in the root of the theme, and paste in the code, you can just run the command via terminal composer install
We will be using various packages that will help us lint and scan our code to ensure best practices are used and that the code is of high quality.
Dealer Direct PHP Code Sniffer Composer Installer
This composer installer plugin allows for easy installation of PHP_CodeSniffer coding standards (rulesets).
No more symbolic linking of directories, checking out repositories on specific locations, or changing the phpcs configuration.
composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer require --dev dealerdirect/phpcodesniffer-composer-installernunomaduro/phpinsights
Instant PHP quality checks from your console.
composer require nunomaduro/phpinsights --devPHP Phan
A static analyzer for PHP.
composer require --dev phan/phan skaut/wordpress-stubs
./vendor/bin/phan --initphp-parallel-lint
This tool checks the syntax of PHP files about 20x faster than a serial check.
composer require --dev php-parallel-lint/php-parallel-lintPHP Compatibility WP
Using PHPCompatibilityWP, you can analyze the codebase of a WordPress-based project for PHP cross-version compatibility.
composer require --dev phpcompatibility/phpcompatibility-wp:"*"PHPMD aka PHP Mess Detector
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well-known Java tool PMD.
composer require --dev phpmd/phpmdPHPStan
PHP Static Analysis Tool
composer require --dev phpstan/phpstan szepeviktor/phpstan-wordpress phpstan/extension-installerPHPUnit
The PHP Unit Testing framework. Note: we need to use version 9.6 in order to work effectively with WordPress code.
composer require --dev phpunit/phpunit:^9.6.19 yoast/phpunit-polyfills:^2.0.1 wp-phpunit/wp-phpunit:^6.5.2Roave Security Advisories
This package ensures that your application doesn’t have installed dependencies with known security vulnerabilities.
composer require --dev roave/security-advisories:dev-latestvimeo/psalm
A static analysis tool for finding errors in PHP applications.
composer require --dev vimeo/psalm
composer require --dev humanmade/psalm-plugin-wordpress
./vendor/bin/psalm-plugin enable humanmade/psalm-plugin-wordpress
wp-cli/wp-cli-bundle
WP-CLI bundle package with default commands.
composer require --dev wp-cli/wp-cli-bundleWordPress Coding Standards
PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions.
composer require --dev wp-coding-standards/wpcs:"^3.1.0"Misc Commands
vendor/bin/phpcs -i
composer update
composer self-update
composer update --lock
composer showComposer Scripts
These are the scripts we use to lint and scan.
"scripts": {
"lint:php": "parallel-lint --exclude .git --exclude vendor --exclude node_modules .",
"lint:wpcs": "phpcs",
"fix:wpcs": "phpcbf",
"make-pot": "./vendor/bin/wp i18n make-pot . languages/devwp.pot",
"phpstan": "phpstan analyse . --memory-limit=2048M",
"phpmd": "phpmd . text phpmd.xml",
"phpphan": "./vendor/bin/phan --allow-polyfill-parser",
"phppsalm": "./vendor/bin/psalm",
"psalmcache": "./vendor/bin/psalm --clear-cache",
"unittest": "./vendor/bin/phpunit",
"phpinsights": "./vendor/bin/phpinsights --flush-cache"
}Full composer.json file code
{
"name": "pixemweb/devwp",
"description": "DevWP is a WordPress theme focused on helping people learn how to develop themes using _s and Bootstrap along with additional resources.",
"type": "wordpress-theme",
"license": "GPL-3.0-or-later",
"homepage": "https://www.pixemweb.com/devwp-wordpress-development-training-theme/",
"require": {
"php": "^7.4 || ^8.0"
},
"config": {
"platform": {
"php": "7.4"
},
"allow-plugins": {
"dealerdirect/phpcodesniffer-composer-installer": true,
"phpstan/extension-installer": true
}
},
"require-dev": {
"dealerdirect/phpcodesniffer-composer-installer": "^1.0.0",
"nunomaduro/phpinsights": "^2.11",
"phan/phan": "^5.4.3",
"skaut/wordpress-stubs": "^2.8.1",
"php-parallel-lint/php-parallel-lint": "^1.4.0",
"phpcompatibility/phpcompatibility-wp": "^2.1.5",
"phpmd/phpmd": "^2.15",
"phpstan/phpstan": "^1.10.67",
"phpstan/extension-installer": "^1.3.1",
"szepeviktor/phpstan-wordpress": "^1.3.4",
"phpunit/phpunit": "^9.6.19",
"wp-phpunit/wp-phpunit": "^6.5.2",
"yoast/phpunit-polyfills": "^2.0.1",
"roave/security-advisories": "dev-latest",
"vimeo/psalm": "^5.24.0",
"humanmade/psalm-plugin-wordpress": "^3.1.1",
"wp-cli/wp-cli-bundle": "^2.10.0",
"wp-coding-standards/wpcs": "^3.1.0"
},
"extra": {
"phpstan": {
"includes": [
"extension.neon"
]
}
},
"scripts": {
"lint:php": "parallel-lint --exclude .git --exclude vendor --exclude node_modules .",
"lint:wpcs": "phpcs",
"fix:wpcs": "phpcbf",
"make-pot": "./vendor/bin/wp i18n make-pot . languages/devwp.pot",
"phpstan": "phpstan analyse . --memory-limit=2048M",
"phpmd": "phpmd . text phpmd.xml",
"phpphan": "./vendor/bin/phan --allow-polyfill-parser",
"phppsalm": "./vendor/bin/psalm",
"psalmcache": "./vendor/bin/psalm --clear-cache",
"phpinsights": "./vendor/bin/phpinsights --flush-cache && ./vendor/bin/phpinsights analyse",
"unittest": "./vendor/bin/phpunit"
}
}Running Scripts from `composer.json`
The composer.json file allows you to define custom scripts that can be run using the composer command followed by the script name. These scripts can automate various tasks and streamline your development workflow and save us from developing carpal tunnel syndrome.
- lint:php: Runs the
parallel-lintcommand to perform syntax checking on all PHP files in the project, excluding the.git,vendor, andnode_modulesdirectories.composer lint:php - lint:wpcs: Runs the
phpcscommand to check the code against the WordPress Coding Standards (WPCS).composer lint:wpcs - fix:wpcs: Runs the
phpcbfcommand to automatically fix coding standard violations according to the WordPress Coding Standards (WPCS).composer fix:wpcs - make-pot: Runs the
wp i18n make-potcommand from thevendor/bin/wpexecutable to generate a POT (Portable Object Template) file for translations. The generated POT file will be saved in thelanguages/devwp.potfile.composer make-pot - phpstan: Runs the
phpstancommand to perform static analysis on all PHP files in the project using PHPStan. The--memory-limit=2048Moption sets the memory limit to 2048MB.composer phpstan - phpmd: Runs the
phpmdcommand to perform code analysis using PHP Mess Detector (PHPMD). The.represents the current directory, and thetextformat andphpmd.xmlruleset are used for the analysis.composer phpmd - phpphan: Runs the
phancommand from thevendor/bin/phanexecutable to perform static analysis using Phan. The--allow-polyfill-parseroption is used to allow the use of a polyfill parser.composer phpphan - phppsalm: Runs the
psalmcommand from thevendor/bin/psalmexecutable to perform static analysis using Psalm.composer phppsalm - psalmcache: Runs the
psalmcommand from thevendor/bin/psalmexecutable with the--clear-cacheoption to clear the Psalm cache.composer psalmcache - phpinsights: Runs the
phpinsightscommand from thevendor/bin/phpinsightsexecutable to analyze the code using PHP Insights. The--flush-cache</ code> option is used to clear the cache before running the analysis. <pre><code class="language-bash line-numbers">composer phpinsights - unittest: Runs the
phpunitcommand from thevendor/bin/phpunitexecutable to execute unit tests.composer unittest
To run any of these scripts, make sure you have Composer installed globally or in your project. Open your terminal, navigate to the project directory containing the composer.json file, and use the composer command followed by the script name. For example:
composer lint:phpThis command will execute the lint:php script, which runs the parallel-lint command to perform syntax checking on all PHP files in the project.
Before running these scripts, ensure that you have run composer install to install all the required dependencies defined in the composer.json file.
These scripts help maintain code quality, detect issues, and automate various tasks in your PHP project.
By following this guide, you can set up Composer and a suite of helpful packages to streamline your development workflow. This setup ensures that you have all the necessary tools to build, watch, and deploy your WordPress themes efficiently.