What is Composer and Why use it?
Composer is a Dependency Manager for PHP which gives you the ability to use packages to help streamline your workflow as a developer.
I use Composer to lint and scan my various WordPress Projects to ensure quality code and to adhere to modern day best practices and coding standards.
While developing DevWP which is a Custom WordPress Hybrid Theme, I use composer to analyze my code and to show others the benefits of using Static and Dynamic Analysis Tools.
- Official Composer Website
- Official Getting Started Guide
- Official Documentation
- Composer for Windows Video
- Composer for macOS Video
- WordPress Coding Standards Video
Windows Installation
Make sure PHP is in your path. Follow the steps mentioned in the XAMPP Docs file.
Go to the official Composer Download page and download the Composer-Setup.exe installer for Windows.
In your downloads folder, double-click the Composer-Setup.exe to start the installation process and follow the on-screen prompts.
You should already have XAMPP or a similar solution installed on your system, and composer will attempt to locate the php.exe file.
Use Composer globally, so you can type out the shorter command of just composer.
Once you installed Composer, run the following command in your terminal:
composer --version
macOS Installation
Make sure PHP is in your path.
You should already have MAMP or a similar solution installed on your system.
Use the code snippet in the code text area. Copy it and paste it into your terminal.
On Mac via terminal:
mv composer.phar /usr/local/bin/composer
If you need to use sudo, then use the command below instead.
sudo mv composer.phar /usr/local/bin/composer
Depending on your system, you may need to use the following snippet. Only run it if you get a Permission Denied message on your system. The following command makes it executable.
chmod +x /usr/local/bin/composer
Once you installed Composer, run the following command in your terminal:
composer --version
Packages to Install
If you create the file in the root of the theme, and paste in the code, you can just run the command via terminal composer install
We will be using various packages that will help us lint and scan our code to ensure best practices are used and that the code is of high quality.
Dealer Direct PHP Code Sniffer Composer Installer
This composer installer plugin allows for easy installation of PHP_CodeSniffer coding standards (rulesets).
No more symbolic linking of directories, checking out repositories on specific locations, or changing the phpcs configuration.
composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer require --dev dealerdirect/phpcodesniffer-composer-installer
nunomaduro/phpinsights
Instant PHP quality checks from your console.
composer require nunomaduro/phpinsights --dev
PHP Phan
A static analyzer for PHP.
composer require --dev phan/phan skaut/wordpress-stubs
./vendor/bin/phan --init
php-parallel-lint
This tool checks the syntax of PHP files about 20x faster than a serial check.
composer require --dev php-parallel-lint/php-parallel-lint
PHP Compatibility WP
Using PHPCompatibilityWP, you can analyze the codebase of a WordPress-based project for PHP cross-version compatibility.
composer require --dev phpcompatibility/phpcompatibility-wp:"*"
PHPMD aka PHP Mess Detector
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well-known Java tool PMD.
composer require --dev phpmd/phpmd
PHPStan
PHP Static Analysis Tool
composer require --dev phpstan/phpstan szepeviktor/phpstan-wordpress phpstan/extension-installer
PHPUnit
The PHP Unit Testing framework. Note: we need to use version 9.6 in order to work effectively with WordPress code.
composer require --dev phpunit/phpunit:^9.6.19 yoast/phpunit-polyfills:^2.0.1 wp-phpunit/wp-phpunit:^6.5.2
Roave Security Advisories
This package ensures that your application doesn’t have installed dependencies with known security vulnerabilities.
composer require --dev roave/security-advisories:dev-latest
vimeo/psalm
A static analysis tool for finding errors in PHP applications.
composer require --dev vimeo/psalm
composer require --dev humanmade/psalm-plugin-wordpress
./vendor/bin/psalm-plugin enable humanmade/psalm-plugin-wordpress
wp-cli/wp-cli-bundle
WP-CLI bundle package with default commands.
composer require --dev wp-cli/wp-cli-bundle
WordPress Coding Standards
PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions.
composer require --dev wp-coding-standards/wpcs:"^3.1.0"
Misc Commands
vendor/bin/phpcs -i
composer update
composer self-update
composer update --lock
composer show
Composer Scripts
These are the scripts we use to lint and scan.
"scripts": {
"lint:php": "parallel-lint --exclude .git --exclude vendor --exclude node_modules .",
"lint:wpcs": "phpcs",
"fix:wpcs": "phpcbf",
"make-pot": "./vendor/bin/wp i18n make-pot . languages/devwp.pot",
"phpstan": "phpstan analyse . --memory-limit=2048M",
"phpmd": "phpmd . text phpmd.xml",
"phpphan": "./vendor/bin/phan --allow-polyfill-parser",
"phppsalm": "./vendor/bin/psalm",
"psalmcache": "./vendor/bin/psalm --clear-cache",
"unittest": "./vendor/bin/phpunit",
"phpinsights": "./vendor/bin/phpinsights --flush-cache"
}
Full composer.json file code
{
"name": "pixemweb/devwp",
"description": "DevWP is a WordPress theme focused on helping people learn how to develop themes using _s and Bootstrap along with additional resources.",
"type": "wordpress-theme",
"license": "GPL-3.0-or-later",
"homepage": "https://www.pixemweb.com/devwp-wordpress-development-training-theme/",
"require": {
"php": "^7.4 || ^8.0"
},
"config": {
"platform": {
"php": "7.4"
},
"allow-plugins": {
"dealerdirect/phpcodesniffer-composer-installer": true,
"phpstan/extension-installer": true
}
},
"require-dev": {
"dealerdirect/phpcodesniffer-composer-installer": "^1.0.0",
"nunomaduro/phpinsights": "^2.11",
"phan/phan": "^5.4.3",
"skaut/wordpress-stubs": "^2.8.1",
"php-parallel-lint/php-parallel-lint": "^1.4.0",
"phpcompatibility/phpcompatibility-wp": "^2.1.5",
"phpmd/phpmd": "^2.15",
"phpstan/phpstan": "^1.10.67",
"phpstan/extension-installer": "^1.3.1",
"szepeviktor/phpstan-wordpress": "^1.3.4",
"phpunit/phpunit": "^9.6.19",
"wp-phpunit/wp-phpunit": "^6.5.2",
"yoast/phpunit-polyfills": "^2.0.1",
"roave/security-advisories": "dev-latest",
"vimeo/psalm": "^5.24.0",
"humanmade/psalm-plugin-wordpress": "^3.1.1",
"wp-cli/wp-cli-bundle": "^2.10.0",
"wp-coding-standards/wpcs": "^3.1.0"
},
"extra": {
"phpstan": {
"includes": [
"extension.neon"
]
}
},
"scripts": {
"lint:php": "parallel-lint --exclude .git --exclude vendor --exclude node_modules .",
"lint:wpcs": "phpcs",
"fix:wpcs": "phpcbf",
"make-pot": "./vendor/bin/wp i18n make-pot . languages/devwp.pot",
"phpstan": "phpstan analyse . --memory-limit=2048M",
"phpmd": "phpmd . text phpmd.xml",
"phpphan": "./vendor/bin/phan --allow-polyfill-parser",
"phppsalm": "./vendor/bin/psalm",
"psalmcache": "./vendor/bin/psalm --clear-cache",
"phpinsights": "./vendor/bin/phpinsights --flush-cache && ./vendor/bin/phpinsights analyse",
"unittest": "./vendor/bin/phpunit"
}
}
Running Scripts from `composer.json`
The composer.json
file allows you to define custom scripts that can be run using the composer
command followed by the script name. These scripts can automate various tasks and streamline your development workflow and save us from developing carpal tunnel syndrome.
- lint:php: Runs the
parallel-lint
command to perform syntax checking on all PHP files in the project, excluding the.git
,vendor
, andnode_modules
directories.composer lint:php
- lint:wpcs: Runs the
phpcs
command to check the code against the WordPress Coding Standards (WPCS).composer lint:wpcs
- fix:wpcs: Runs the
phpcbf
command to automatically fix coding standard violations according to the WordPress Coding Standards (WPCS).composer fix:wpcs
- make-pot: Runs the
wp i18n make-pot
command from thevendor/bin/wp
executable to generate a POT (Portable Object Template) file for translations. The generated POT file will be saved in thelanguages/devwp.pot
file.composer make-pot
- phpstan: Runs the
phpstan
command to perform static analysis on all PHP files in the project using PHPStan. The--memory-limit=2048M
option sets the memory limit to 2048MB.composer phpstan
- phpmd: Runs the
phpmd
command to perform code analysis using PHP Mess Detector (PHPMD). The.
represents the current directory, and thetext
format andphpmd.xml
ruleset are used for the analysis.composer phpmd
- phpphan: Runs the
phan
command from thevendor/bin/phan
executable to perform static analysis using Phan. The--allow-polyfill-parser
option is used to allow the use of a polyfill parser.composer phpphan
- phppsalm: Runs the
psalm
command from thevendor/bin/psalm
executable to perform static analysis using Psalm.composer phppsalm
- psalmcache: Runs the
psalm
command from thevendor/bin/psalm
executable with the--clear-cache
option to clear the Psalm cache.composer psalmcache
- phpinsights: Runs the
phpinsights
command from thevendor/bin/phpinsights
executable to analyze the code using PHP Insights. The--flush-cache</ code> option is used to clear the cache before running the analysis. <pre><code class="language-bash line-numbers">composer phpinsights
- unittest: Runs the
phpunit
command from thevendor/bin/phpunit
executable to execute unit tests.composer unittest
To run any of these scripts, make sure you have Composer installed globally or in your project. Open your terminal, navigate to the project directory containing the composer.json
file, and use the composer
command followed by the script name. For example:
composer lint:php
This command will execute the lint:php
script, which runs the parallel-lint
command to perform syntax checking on all PHP files in the project.
Before running these scripts, ensure that you have run composer install
to install all the required dependencies defined in the composer.json
file.
These scripts help maintain code quality, detect issues, and automate various tasks in your PHP project.
By following this guide, you can set up Composer and a suite of helpful packages to streamline your development workflow. This setup ensures that you have all the necessary tools to build, watch, and deploy your WordPress themes efficiently.