ProductivityProgrammingTechnologyWeb Development

Recent years have seen the proliferation of high-quality package management tools for a wide range of web development languages. Ruby’s gems were always a key selling point of that platform, allowing for a sort legendary developer productivity which is now, thankfully, widely available regardless of platform.


But dependency management is an art unto itself, one that many give little thought to until something breaks catastrophically, leaving developers scrambling to patch some obscure dependent module they didn’t even know they had, as the left-pad debacle did for Node.js developers earlier this year.

If, as developers discovered that day, your project is only as strong as your weakest dependency, it’s prudent to have a handle on what you’re pulling in, from whom, and how you’re doing it.


Big names like Facebook were caught off-guard as everyone else, and the desire to be in control of their dependencies has doubtlessly led to the creation of yarn, a new JavaScript package manager, which we, too, are very excited about.

Operating alongside npm, meant as a drop-in replacement, Facebook touts the following benefits:

  1. Speed
  2. Reliability
  3. Security

The latter two benefits are tied to a .lock file, something that PHP users of Composer are likely familiar with, but which npm lacks:

The magic clue behind it? Whenever you run yarn install, the yarn.lockfile has precedence over the package.json.

If the yarn.lock file exists, the (exact) versions defined in it will be used.

If no yarn.lock exists, the (loosely defined) versions defined inpackage.json will be used, and a yarn.lock is generated.


Dependency Management for PHP

Package management on the PHP side seems comparatively safe and manageable. PHP has an extensive standard library, and we’re unlikely to pull in 100 packages to boot a simple application. It’s much easier to survey the landscape of an application’s dependencies and get a feel for what’s there and why it’s there.

Features that yarn aims to bring to the table for JavaScript developers, such as that lock file, have always been part of our workflow. So, perhaps you haven’t thought about it too deeply.

In fact, you might have questions which are worth reviewing.

Why the composer.lock file matters

How precisely does it relate to composer.json? Should I commit it to version control? How do I manage conflicts?

Managing PHP Dependencies Properly

What should I pull in as a dependency, and what as a dev dependency? Should I need to modify a dependency, what’s the correct way to go about it? How do I optimize my package usage for production?


Above all, be mindful of what you pull in, what that which you pull in pulls in, and the faculties your toolchain offers to allow you to manage these, lest today’s convenience lands you in an uncomfortable situation down the line.

YEG PHP 2.0

A place for Edmonton-area PHP developers to meet and collaborate. Administered by www.pandarose.ca

EducationProductivityTechnologyWeb Development

A client who wants a web app, and their internal IT told them they should use Ruby on Rails. During our initial exploratory period, we discovered that there was no existing quality libraries or Ruby Gems that covered their needs in Ruby. Now, Ruby is not a terrible language by far, but there simply wasn’t the tools to build this at this time.

Now, if we were a Ruby-only house, we would just charge them more to develop everything from scratch, and charge them to maintain it for the foreseeable future. Great short-term business model for us, but not so perfect for them; In other words, precisely why we are not that way; we want to save our customers money because when they succeed, we succeed.

How do we help you reach your goals? Well, we are your dedicated CTO, we are not just a Ruby-only house. In our exploratory meetings, we had our PHP and Node.js experts on hand. Both of whom quickly pointed out that there were specialty libraries that were established and clean in their languages, and that we could implement this entire system in likely half the time using those software libraries.

So, we finished off the work outline document with a quote for Ruby which ended up being almost double the quote for developing the same app in Node.js or PHP. We explained the reasons we felt that we did not need to stick with Ruby; They wanted to use a cloud service that supported Ruby, and there were similar, equally-priced ones that supported other languages. Moreover, we explained why we felt that using PHP or Node.js would save money in the long run.

If we were a one-trick pony house, but exquisite at that one trick, you would not get the best options.

25 views
ProductivityProgrammingTechnologyWeb Development

PHP, one of many languages Panda Rose has experts for.

A very common question that goes by my desk is “What programming language does your team specialize in?” I always find that question amusing for a variety of reasons, the biggest being that while I understand the adage “A Jack of all trades is a master of none.” I also appreciate the fact that if I am hiring a law firm, I do not just hire one person within that law firm. Nor, I hope, do I hire a large law firm where everyone who works for it is only familiar with one statute of the field of law.

Would you hire a patent law firm, if all they knew was the patent law specifically around inventions made in the 1990s?

Would you hire a real estate law firm, if all they knew was property law in the Montreal area?

Yes, there are very specific circumstances where that would be useful, but many would hire them as specialists to aid your usual lawyer, and not as the go-to for everything law.

So why would you hire a software development firm who only knows how to install WordPress, and install a few plugins, a theme, and ensure that the whole house of cards does not collapse until after you pay their contract?

They may save you money in the short-term, but the long-term costs could be massive, in some cases far more than you had originally budgeted.

As I have considered this over the years, I came the conclusion that a software consultancy should not follow the “Jack of all trades” adage as a firm. Yes, we have specialists who know the deep intricacies of the programming languages they work in, but we have more than one of them, and they do not all overlap on a single language. This way, we provide the service that best fits you.

So to answer that question, “Which programming language do you specialize in?” We specialize in the language that will help you succeed.

We are your dedicated CTO.

31 views