php[architect] logo

Want to check out an issue? Sign up to receive a special offer.

Community Corner: My Picks From Packagist

Posted by on June 1, 2018
By James Titcumb

Most people are aware of how the Composer revolution came about, and the goal of getting everyone to play nicely together. For the most part, it seems to have worked, and more and more developers are coming on board with avoiding “Not Invented Here” and embracing the more than 1.2 million versions of packages available today. With so many packages it can sometimes be difficult to know where to begin. I’m going to look at some packages from the open source community you might find useful if you’re not already using them!

This article was published in the May 2018 issue of php[architect] magazine. You can see how it looks as part of the magazine in the Free Article PDF. Check out our subscription options to become one today. We have digital and print options starting at $4.99 per month.


Infection is a mutation testing tool, which is a technique allowing you to test whether your tests are testing—yes, you read that right. Mutation testing will run your unit tests after having tweaked your code to try and break it. If the tests fail, that’s good. If the tests still pass, it means the breakage wasn’t captured by your unit tests. Most of the time, Infection can simply be added to your require-dev dependencies and run in your CI pipeline as part of a unit test health check step.

Symfony Console

Hopefully, this package needs no introduction. For me, at least, this is the go-to package for writing command line interface applications beyond a simple shell script. Argument parsing is always a pain to do by hand, and the Symfony Console component makes this a real no-brainer, as well as including a whole host of other useful features like interactivity, output formatting, password hiding, and a bunch more. The documentation is well written, and a great reference for getting started writing CLI tools.


PHP-Mock is a handy tool which allows you to mock built-in PHP functions. There is a caveat though. If you’re importing functions explicitly (e.g., use function time; or at call time with $t = \time()) it won’t work, as it takes advantage of the fact the namespace qualification was not made. There are other ways, but you’ll need to use a PHP extension like Joe Watkins’ UOPZ extension.


Another tool along the testing lines I’ve found instrumental is vfsStream. It’s a virtual file system that can be used to replace interactions with a real filesystem. It provides a stream wrapper which allows filesystem reads/writes to be done in memory instead of on disk, meaning you can control the testing environment much better.


You might not have heard of Faker before, but it’s a tool to generate fake data, for example populating a database with realistic-looking but fake data or anonymizing data from your production environment. It can generate names, addresses, lorum ipsum text, dates, and much more, as well as featuring internationalization for a bunch of countries. You could generate a random realistic(ish) address in India (en_IN), Jordan (ar_JO), or Japan (ja_JP). It’s very comprehensive set of fake data!

Roave Security Advisories

This package doesn’t have any code! It’s just a Composer package you can add to require-dev that contains a huge amount of generated conflict definitions which will cause Composer to not install packages with known security vulnerabilities. The information about vulnerabilities is extracted from the FriendsOfPHP/security-advisories repository. As long as that is up to date, whenever you run composer update, you can rest a little easier knowing you won’t get any obvious security vulnerabilities installed along with your dependencies!


Assert is an assertion library which contains a load of useful guard methods for function or method input validation. It’s designed to be thin, lightweight, and fast. It can replace all those pesky checks of parameter restrictions with simple throwing of exceptions.


PHPStan is a static analysis tool—another command to add to your CI pipeline, which looks for errors and bugs in your code before they make it into production. For example, things like checking types are correct, ensuring correct visibility of called methods, and extra arguments that are passed to functions and so on. You can configure PHPStan to check at various “levels” for more strict checks if you wish.


This nifty, but perhaps niche, little tool will take a load of source code—including dependencies if you wish—and move it to a unique namespace. The age-old problem in PHP of not being able to load two classes with the same name (unless you use an extension like RunKit) means when using a tool distributed as a PHAR, there is a chance the code will conflict with dependencies installed using Composer. In other words, you’re using the PHAR version of PHPUnit as well as having installed it with Composer. Therefore, the PHP-Scoper tool is designed primarily for creating and distributing PHAR files to avoid this conflict.


A handy and powerful code generation tool from the Zend Framework team, zend-code allows you to generate code in an easy-to-understand way—whether it’s creating new code, or modifying existing code. An honorary mention should go to Nikita Popov’s PHP Parser (nikic/php-parser) library, which also allows you to generate code by constructing AST nodes as the primary mechanism.

PHP dotenv

Storing configuration in environment variables is a standard adopted in many applications, with a healthy side-effect of not committing sensitive credentials to your source code repository. PHP dotenv is based on Ruby’s dotenv and is a handy library which extracts environment variables for development environments from a .env file into the environment variables and $_SERVER superglobals.


This must be the de-facto standard for generating UUIDs in projects that utilize them. Providing a comprehensive UuidInterface to allow compatible implementations and Liskov Substitution Principle to be followed, as well as ways to generate UUID version 1, 3, 4 and 5.

Go and Explore!

This is by no means a fully exhaustive list of useful packages—I just wanted to highlight a few which crossed my path recently—or indeed, a staple part of my PHP toolchain. The sheer number of packages available on Packagist is mind-boggling, and there are no doubt thousands of very creative and useful packages I’ve missed here. If you’re not already using packages like the ones I’ve listed, and are wondering what’s out there—go and explore. Take a look at what’s available. You never know, you might save yourself hours of development time when you find someone has already written exactly what you need!

James is a consultant, trainer and developer at Roave. He is a prolific contributor to various open source projects and is a Zend Certified Engineer. He also founded the UK based PHP Hampshire user group and PHP South Coast conference. @asgrim


Leave a comment

Use the form below to leave a comment: