Fast and secure Composer for PHP dependencies

I am going to introduce you two small tweaks that will help you to use composer. Every PHP developer should know Composer – it’s really useful tool for managing dependencies in your PHP projects. But it’s not perfect as is. Composer is really slow (and sometimes there’s a lot of memory consumption). You can really fix this issue by installing prestissimo. Just run this command:

composer global require "hirak/prestissimo:^0.3"

Your composer is as fast as hell now but there is one other thing. You may install libraries with known security bugs and you are not going to get noticed on this. That’s probably not what you want at all. And we can fix that as well.

You may use security advisories by Friends of PHP (was developed by Fabien Potencier / Symfony). This is pretty great tool but you have to download it and run the security checker to check if your composer.lock does not contain any libraries with security vulnerabilities. It’s not problem to hook this action to precommit hook in GIT but I think it’s not really comfortable. I am using Roave Security Advisories and I recommend you to use this library too.

This package should not be installed globally, so you have to add this as requirement for all your projects where you want to use it:

composer require roave/security-advisories:dev-master

Since that it won’t let you install library with known vulnerabilities and that’s exactly what you want. It will look like this:

7 tools every PHP developer should know

GIT | Bitbucket | GitHub

Distributed revision control and source code management system is what wikipedia says about GIT.  GIT is powerful tool giving you an opportunity to version your code and much more (for example deployment – try it and you’ll love it).

Bitbucket and GitHub are web based hosting services for your repos. Bitbucket gives you unlimited number of private repos (up to 5 users) and GitHub is mostly used for open sourced projects (public repos), so you are able to find there almost every source code you need.

Do you still use Subversion? It’s time to give a try to a GIT.  Are you not versioning your files? You should start with GIT right away!

FTP | Filezilla

GIT deployment is totally cool, but there’s sometimes situation you are not able to use it. For these moments there is the Filezilla – great FTP client supporting linux and windows. Go ahead.

IDE | PhpStorm

Of course you are going to need an IDE. And in my opinion the best one is PhpStorm. For a reasonable price you will get kick ass tool. Integrates GIT, FTP client and terminal, so you really don’t need to switch to other apps during the development. Really worth a try.

Framework | Nette Framework

There’s a lot of PHP frameworks. You probably know Symfony or Zend, but the slickest one is not so widely known framework called Nette. If nothing you should at least check out Tracy (debugging tool), Tester (do you write tests, right?) or Latte (amazing template engine).

Tracy in action
Tracy in action

Dependencies | Composer

You don’t know Composer? And how do you maintain your projects libraries? Go for it right now. This is the future of PHP development.

Hosting | Digital Ocean

If you are maintaining a lot of web apps or websites you should consider to buy a VPS. Just because it’s cheaper and you have the whole environment under your control. There’s no problem with old version PHP, the PHP is set up the way u want to and because you can set up the GIT deployment.

I recommend to try Digital Ocean – it’s working on SSD and servers are really fast and surprisingly cheap. Starts at $5/month, simply scalable.

Server & Database | Nginx + Postgresql

You are probably familiar with Apache (web server) and MySQL. Check out MariaDB (MySQL fork, for now it’s compatible) – it might be better match for your projects. Anyway there’s a lot of great stuff in web servers too. Earlier this year I was trying Lighty (lighttpd) but afterall, the nginx looks like true love for me and I am trying to use this one for all projects from now on. Why? It saves me a lot of server resources and it’s highly configurable.

And at last but not least the PostgreSQL. MySQL is great but not compared to PostgreSQL. If you need to work with JSONs or geodata and you still want to use object-relational database, this is the one.

 Resume

Lot of interesting tools were mentioned above but there’s still lot of them out there. Share your favorite tools in comments. Really looking forward for your opinions.