Don't try Composer, adopt it
The new edition of the ThoughtWorks Technology Radar listed for the first time a PHP-related project and it was Composer. However, they listed Composer on the Trial quadrant, while I believe it should be listed on the Adopt quadrant. And I want to tell you why.
First, it is important to state that the Technology Radar is not a list of ThoughtWorks’ approved technologies. It is a compilation of technologies made solely based on opinions and experience by senior technologists. It is a very insightful publication, and I recommend you to read.
When I think “ThoughtWorks”, PHP does not come to mind. I don’t remember any publishing by them mentioning the language. With this in mind, I was surprised by the Composer being listed. And maybe the absence of intimacy with the PHP ecosystem is the reason why they listed Composer in the Trial quadrant.
Composer was introduced in late 2011. Back then, installing dependencies in PHP projects were limited by two choices: resorting to version control system features such as SVN externals or Git submodules or, if available, through the PEAR installer.
Yet, Symfony2 was released July that year, pushing the PHP ecossystem. A wave of new libraries and tools were released, renewing the interest in the language. Composer, released months later, was the tool we were needing to easily benefit from these new libraries and tools.
In a few weeks, 227 packages were listed on Packagist (the main Composer package repository) while PEAR had 592 packages. What was astonishing was the fact these packages were for PHP 5.3+ while PEAR had only 192 for PHP 5+. The impact maybe was faster than Jordi Boggiano (one of the lead Composer developers) predicted.
Today, 45 thousand packages are registered on Packagist. Rubygems, which dates back to 2003, have 93 thousand gems. Security breaches have been discussed, fixed and alternatives have been proposed. Additional tools were released by community developers to help guarantee better security. The good documentation provides a safe starting point and there is always someone helping you to use it in the right way.
Last but not least, thousand of organizations are using Composer to manage dependencies. Millions of runs in CI environments happened and another millions of millions in developers’ environments. How not recommending a tool that is the de-facto solution of the ecosystem toolset?
Don’t make people laugh at you in the pub by telling them you don’t use Composer.
This post is available in Brazilian Portuguese too!
Want to discuss this post? Reach me at Twitter!