composer-unused
is a needful tool nowadays:
it looks at your composer.json/"require"
section and checks that every declared production
dependency is used somewhere, in your code; if it doesn't it suggests to remove it.
That's great. But a declared dependency can bring along a ton of other dependencies.
Are those child dependencies necessary? Do we use them?
If we have 100% Code-Coverage, a full run of our testing framework will populate
get_included_files()
with each and
every dependency we use.
Diffing get_included_files()
output with the list of composer install --no-dev
installed packages
can show the child dependencies that we can prevent altogether to be installed in production, thanks to the
replace
section of composer.json
.
This package calculates the crc32
checksum of any variable, except closures, because we are silly.
Since we also are lazy, we leverage brick/varexporter
for our
internal operation.
The test is simple, and so is the code, reaching 100% CC is trivial:
$ vendor/bin/phpunit --coverage-text
PHPUnit 9.3.11 by Sebastian Bergmann and contributors.
...... 6 / 6 (100%)
Time: 00:00.026, Memory: 10.00 MB
OK (6 tests, 6 assertions)
Code Coverage Report:
2020-09-26 12:22:09
Summary:
Classes: 100.00% (1/1)
Methods: 100.00% (1/1)
Lines: 100.00% (1/1)
Let's now list all the installed dependencies in production:
$ composer install --no-dev
$ composer show --format=json | jq --raw-output '.installed[].name' > .installed.txt
$ cat .installed.txt
brick/varexporter
nikic/php-parser
brick/varexporter
is ok, we required it in the composer.json.
But do we need nikic/php-parser
?
We can register a shutdown function in the test suite to dump to a
file
the get_included_files()
output, see
tests/bootstrap.php
,
and a simple diff
checks everything out:
$ php composer-unused-runtime.php
The following packages will be installed in production, but are never used during the test suite:
Array
(
[1] => nikic/php-parser
)
Ok, so now we can strip the dependency out of composer.json:
"php": "^7.4",
"brick/varexporter": "^0.3"
},
+ "replace": {
+ "nikic/php-parser": "*"
+ },
"require-dev": {
"phpunit/phpunit": "^9.3"
},
Update the composer.lock and re-run the tests:
$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 0 updates, 1 removal
- Removing nikic/php-parser (v4.10.2)
Writing lock file
Generating autoload files
$ vendor/bin/phpunit
PHPUnit 9.3.11 by Sebastian Bergmann and contributors.
...... 6 / 6 (100%)
Time: 00:00.007, Memory: 6.00 MB
OK (6 tests, 6 assertions)
No more unused child dependency will lend in production from now on 🚀