Get DevWP - WordPress Development Theme
How to Setup and Use Composer PHP Dependency Manager

How to Setup and Use Composer PHP Dependency Manager


What is Composer and Why use it?

Composer is a Dependency Manager for PHP which gives you the ability to use packages to help streamline your workflow as a developer.

I use Composer to lint and scan my various WordPress Projects to ensure quality code and to adhere to modern day best practices and coding standards.

While developing DevWP which is a Custom WordPress Hybrid Theme, I use composer to analyze my code and to show others the benefits of using Static and Dynamic Analysis Tools.

Windows Installation


Make sure PHP is in your path. Follow the steps mentioned in the XAMPP Docs file.

Go to the official Composer Download page and download the Composer-Setup.exe installer for Windows.

Download Composer

In your downloads folder, double-click the Composer-Setup.exe to start the installation process and follow the on-screen prompts.

You should already have XAMPP or a similar solution installed on your system, and composer will attempt to locate the php.exe file.

Use Composer globally, so you can type out the shorter command of just composer.

Once you installed Composer, run the following command in your terminal:

composer --version

macOS Installation


Make sure PHP is in your path.

You should already have MAMP or a similar solution installed on your system.

Use the code snippet in the code text area. Copy it and paste it into your terminal.

Download Composer

On Mac via terminal:

mv composer.phar /usr/local/bin/composer

If you need to use sudo, then use the command below instead.

sudo mv composer.phar /usr/local/bin/composer

Depending on your system, you may need to use the following snippet. Only run it if you get a Permission Denied message on your system. The following command makes it executable.

chmod +x /usr/local/bin/composer

Once you installed Composer, run the following command in your terminal:

composer --version

Packages to Install

If you create the file in the root of the theme, and paste in the code, you can just run the command via terminal composer install

We will be using various packages that will help us lint and scan our code to ensure best practices are used and that the code is of high quality.

Dealer Direct PHP Code Sniffer Composer Installer

This composer installer plugin allows for easy installation of PHP_CodeSniffer coding standards (rulesets).

No more symbolic linking of directories, checking out repositories on specific locations, or changing the phpcs configuration.

  • Dealer Direct on Packagist
  • composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
    composer require --dev dealerdirect/phpcodesniffer-composer-installer

nunomaduro/phpinsights

Instant PHP quality checks from your console.

PHP Phan

A static analyzer for PHP.

php-parallel-lint

This tool checks the syntax of PHP files about 20x faster than a serial check.

PHP Compatibility WP

Using PHPCompatibilityWP, you can analyze the codebase of a WordPress-based project for PHP cross-version compatibility.

PHPMD aka PHP Mess Detector

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well-known Java tool PMD.

PHPStan

PHP Static Analysis Tool

PHPUnit

The PHP Unit Testing framework. Note: we need to use version 9.6 in order to work effectively with WordPress code.

  • PHPUnit on Packagist
  • composer require --dev phpunit/phpunit:^9.6.19 yoast/phpunit-polyfills:^2.0.1 wp-phpunit/wp-phpunit:^6.5.2

Roave Security Advisories

This package ensures that your application doesn’t have installed dependencies with known security vulnerabilities.

vimeo/psalm

A static analysis tool for finding errors in PHP applications.

  • vimeo/psalm on Packagist
  • composer require --dev vimeo/psalm
    composer require --dev humanmade/psalm-plugin-wordpress
    ./vendor/bin/psalm-plugin enable humanmade/psalm-plugin-wordpress
    
    

wp-cli/wp-cli-bundle

WP-CLI bundle package with default commands.

WordPress Coding Standards

PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions.

Misc Commands

  • PHP_CodeSniffer Wiki
  • vendor/bin/phpcs -i
    composer update
    composer self-update
    composer update --lock
    composer show

Composer Scripts

These are the scripts we use to lint and scan.

"scripts": {
    "lint:php": "parallel-lint --exclude .git --exclude vendor --exclude node_modules .",
    "lint:wpcs": "phpcs",
    "fix:wpcs": "phpcbf",
    "make-pot": "./vendor/bin/wp i18n make-pot . languages/devwp.pot",
    "phpstan": "phpstan analyse . --memory-limit=2048M",
    "phpmd": "phpmd . text phpmd.xml",
    "phpphan": "./vendor/bin/phan --allow-polyfill-parser",
    "phppsalm": "./vendor/bin/psalm",
    "psalmcache": "./vendor/bin/psalm --clear-cache",
    "unittest": "./vendor/bin/phpunit",
    "phpinsights": "./vendor/bin/phpinsights --flush-cache"
  }

Full composer.json file code

{
  "name": "pixemweb/devwp",
  "description": "DevWP is a WordPress theme focused on helping people learn how to develop themes using _s and Bootstrap along with additional resources.",
  "type": "wordpress-theme",
  "license": "GPL-3.0-or-later",
  "homepage": "https://www.pixemweb.com/devwp-wordpress-development-training-theme/",
  "require": {
    "php": "^7.4 || ^8.0"
  },
  "config": {
    "platform": {
      "php": "7.4"
    },
    "allow-plugins": {
      "dealerdirect/phpcodesniffer-composer-installer": true,
      "phpstan/extension-installer": true
    }
  },
  "require-dev": {
    "dealerdirect/phpcodesniffer-composer-installer": "^1.0.0",
    "nunomaduro/phpinsights": "^2.11",
    "phan/phan": "^5.4.3",
    "skaut/wordpress-stubs": "^2.8.1",
    "php-parallel-lint/php-parallel-lint": "^1.4.0",
    "phpcompatibility/phpcompatibility-wp": "^2.1.5",
    "phpmd/phpmd": "^2.15",
    "phpstan/phpstan": "^1.10.67",
    "phpstan/extension-installer": "^1.3.1",
    "szepeviktor/phpstan-wordpress": "^1.3.4",
    "phpunit/phpunit": "^9.6.19",
    "wp-phpunit/wp-phpunit": "^6.5.2",
    "yoast/phpunit-polyfills": "^2.0.1",
    "roave/security-advisories": "dev-latest",
    "vimeo/psalm": "^5.24.0",
    "humanmade/psalm-plugin-wordpress": "^3.1.1",
    "wp-cli/wp-cli-bundle": "^2.10.0",
    "wp-coding-standards/wpcs": "^3.1.0"
  },
  "extra": {
    "phpstan": {
      "includes": [
        "extension.neon"
      ]
    }
  },
  "scripts": {
    "lint:php": "parallel-lint --exclude .git --exclude vendor --exclude node_modules .",
    "lint:wpcs": "phpcs",
    "fix:wpcs": "phpcbf",
    "make-pot": "./vendor/bin/wp i18n make-pot . languages/devwp.pot",
    "phpstan": "phpstan analyse . --memory-limit=2048M",
    "phpmd": "phpmd . text phpmd.xml",
    "phpphan": "./vendor/bin/phan --allow-polyfill-parser",
    "phppsalm": "./vendor/bin/psalm",
    "psalmcache": "./vendor/bin/psalm --clear-cache",
    "phpinsights": "./vendor/bin/phpinsights --flush-cache && ./vendor/bin/phpinsights analyse",
    "unittest": "./vendor/bin/phpunit"
  }
}

Running Scripts from `composer.json`

The composer.json file allows you to define custom scripts that can be run using the composer command followed by the script name. These scripts can automate various tasks and streamline your development workflow and save us from developing carpal tunnel syndrome.

  1. lint:php: Runs the parallel-lint command to perform syntax checking on all PHP files in the project, excluding the .git, vendor, and node_modules directories.
    composer lint:php
  2. lint:wpcs: Runs the phpcs command to check the code against the WordPress Coding Standards (WPCS).
    composer lint:wpcs
  3. fix:wpcs: Runs the phpcbf command to automatically fix coding standard violations according to the WordPress Coding Standards (WPCS).
    composer fix:wpcs
  4. make-pot: Runs the wp i18n make-pot command from the vendor/bin/wp executable to generate a POT (Portable Object Template) file for translations. The generated POT file will be saved in the languages/devwp.pot file.
    composer make-pot
  5. phpstan: Runs the phpstan command to perform static analysis on all PHP files in the project using PHPStan. The --memory-limit=2048M option sets the memory limit to 2048MB.
    composer phpstan
  6. phpmd: Runs the phpmd command to perform code analysis using PHP Mess Detector (PHPMD). The . represents the current directory, and the text format and phpmd.xml ruleset are used for the analysis.
    composer phpmd
  7. phpphan: Runs the phan command from the vendor/bin/phan executable to perform static analysis using Phan. The --allow-polyfill-parser option is used to allow the use of a polyfill parser.
    composer phpphan
  8. phppsalm: Runs the psalm command from the vendor/bin/psalm executable to perform static analysis using Psalm.
    composer phppsalm
  9. psalmcache: Runs the psalm command from the vendor/bin/psalm executable with the --clear-cache option to clear the Psalm cache.
    composer psalmcache
  10. phpinsights: Runs the phpinsights command from the vendor/bin/phpinsights executable to analyze the code using PHP Insights. The --flush-cache</ code> option is used to clear the cache before running the analysis. <pre><code class="language-bash line-numbers">composer phpinsights
  11. unittest: Runs the phpunit command from the vendor/bin/phpunit executable to execute unit tests.
    composer unittest

To run any of these scripts, make sure you have Composer installed globally or in your project. Open your terminal, navigate to the project directory containing the composer.json file, and use the composer command followed by the script name. For example:

composer lint:php

This command will execute the lint:php script, which runs the parallel-lint command to perform syntax checking on all PHP files in the project.

Before running these scripts, ensure that you have run composer install to install all the required dependencies defined in the composer.json file.

These scripts help maintain code quality, detect issues, and automate various tasks in your PHP project.

By following this guide, you can set up Composer and a suite of helpful packages to streamline your development workflow. This setup ensures that you have all the necessary tools to build, watch, and deploy your WordPress themes efficiently.



Leave a Reply

View Our Themes