Composer & virtual packages

Composer & virtual packages

Composer has been a blessing for the PHP community, and many many people use it today. However most people don’t know all it can do – i for certain every now and then learn something new. A few days ago i stumbled over a “virtual package” on packagist – and found it to be a feature that i was actually missing in composer. Turns out, composer can do it, its just not so well documented.

So what is this about? Virtual packages allow you to have a more loose dependency. Rather than depending on a specific package, you depend on a virtual one, which can be fulfilled by all packages that provide the virtual one. Sounds confusing? Lets have a look at an example.

Lets assume you are building a library, lets call it example/mylib, and this library makes use of a PSR-3 compatible logger. Now obviously your package will depend on “psr/log” in version 1.0.0, so you have the psr/log interfaces available. Now you don’t want to depend on a specific implementation, because you don’t want a user of your lib to be forced to use that one. But since you are building your lib so it needs a log provider injected (and if it is a NullLog), you want your dependencies to reflect that. So, what you do is: you require “psr/log-implementation” in version 1.0.0, just the same way you would require a regular package. “psr/log-implementation” doesn’t exist as a package though, but there are several packages which provide this virtual package so if someone who depends on your library depends on one of those as well, all of his depedencies will be met.

How does a library provide a virtual package? Simple, by using the provide keyword in its composer.json.

Lets look at a hand full of composer.json examples:

Example 1: example/mylib composer.json – our own project that requires a logger

  "name": "example/mylib",
  "description": "...",
  "require": {
    "psr/log": "1.0.0",
    "psr/log-implementation": "1.0.0"

In Example 1 we define our example/mylib to require the (existing) package “psr/log”, and a virtual package “psr/log-implementation”, where the way how require those is exactly the same. To be used our lib now requires that a “psr/log” 1.0.0 and a “psr/log-implementation” 1.0.0 package are available when we install it in any application.

Example 2: somelog/logger composer.json – a random psr/log implementation

  "name": "somelog/logger",
  "description": "...",
  "require": {
    "psr/log": "1.0.0"
  "provide": {
    "psr/log-implementation": "1.0.0"

In Example 2 we have a random psr-compliant logger, and it defines that it provides a “psr/log-implementation” 1.0.0 package (besides providing “somelog/logger”), so if we require this package anywhere, we automatically get an “psr/log-implementation” on 1.0.0 requirement fulfilled. Packages can also have more than one virtual package that they fulfill in their “provide” section, allowing one package to fulfill more than one requirement.

Example 3: myapp/myapp composer.json – an application using our library

  "name": "myapp/myapp",
  "description": "...",
  "require": {
    "example/mylib": "1.0.0",
    "somelog/logger": "1.0.0"

Example 3 shows an application requiring the library and fulfilling the libraries derived requirement for a psr/log-implementation by requiring “somelog/logger”.

This whole thing can do a few very nifty tricks, where you can have the users of your lib customize their stack and still work with your library – basically you raise the interoperability while still hinting on what you need. I wish more projects would make use of this.

a small follow up…

Quite a few people have read my post where i criticized an article about harassment in the gaming industry, now i’d like to follow up on that post.

There has been some discussion on my post on facebook and some people had problems understanding why I felt it necessary to criticize such an public stance against harassment – while i felt the article was portraying problems as a women-only problem, which i don’t think is correct.

Today i signed an open letter to the gaming community against harassment. This letter in my opinion shows a much better way of adressing the issues than the article that i criticized in my original post, and signing it should leave no doubts on what i think about certain ways of behaving.

Please read this open letter:



a few hints for the PHP crowd..

hello, i thought its time again for a small PHP related post (haven’t done alot of those in ages).

Today, i want to link you a hand full of tools that can make your life a lot more simple (rember: simple is good). This is not going to be a very long post, as you can find enough information about those tools on the net anyways – the idea is more to just point you there in case you haven’t heard of ‘em yet.

Composer – I asume you already know and use composer. If you don’t, chances are that besides checking out composer you also might want to read PHP the right way, which gives you a lot of links on stuff you should look up.

other links usefull when working with composer are – the public repository composer is using (also available opensource you can build your own repository based on it), Satis – a much more simple and smaller tool to build simple own repositories, and hosted private repositories at gemfury. Then, to have it mentioned there is also toran proxy a tool you can setup that will mirror packages you use a lot for you localy, to speed up your development process.

phar-composer – this is a very nifty tool if you have php based command line tools, basically what it does it can create a runable phar file from your composer project. So if you have a command line tool, and you want to install it in a way that you can simply run it – or you want to distribute your command line tool as a single executable, this will make things easy for you. Even better: if the composer project from which it is building the phar file is on packagist, you can even use phar-composer to get it installed. (“phar-composer install liip/rmt” for example). As a note on how it works / which script will be executed: the first bin in your composer.json is the one that becomes the executed script.

RMT – this is a little release management tool, what it does is that it will run several checks (defined by your config) like your unittests, a working copy check and a few others, and then generate a new version number, update version strings in your files (if you want), add your commit messages to a changelog file and tag the release in git or mercurial – which when working together with composer creates a new release package. It comes with a semantic versioning based versioner (but you can use other ways of creating versions too.. but why would you? ;)).

one last trick (i think the manual doesn’t mention it yet) is: you can install an RMT executable by running “sudo phar-composer install liip/rmt” (sudo as it will by default install it in /user/local/bin/rmt).

that post about harassment in the gaming industry…

For a long time i have tried to keep the gender discussion out of my blog, as this is a very sensitive subject, and people tend to be very strongly opinionated in either direction – so maybe to avoid some of the stuff that i’m mentioning here as well, and i didn’t want people to feel negatively about other stuff i’m writing here simply because they disagree with this subject. But I’ve commenting on other blogs, forums and commenting systems on this subject before.

In the last two days I’ve seen this article about harassment in the gaming industry linked a lot. The original Post does not allow comments (on purpose) which i personally feel is a bad thing todo when you want to discuss a subject. Don’t get me wrong, I’m not saying “everyone should be able to flame away” (the comments on my blog are moderated as well), but i feel that if you make such strong allegations against a huge group of people, you should at least give the opportunity to reply in a civilized manner.
I did comment a few times on Facebook, when friends of mine where discussing it, but seeing how far spread it is, i decided to copy my longest comment on that from Facebook to here.

To give a bit more of context, i wrote this in response to a friend who wrote about how angry it would make him that people are denying that there is a problem, but i think most of what i wrote stands quite well on its own:

Sorry, but i have a hard time agreeing there – simply because that article describes a (actually several) problem in ways that seem far off from what i personally see.
I’m not saying there is no problem. I just need to look at the study about salary in the business that was published yesterday, so there is a gender equality problem.

But the harassment in the industry, which the article was supposedly about? Yes if someone gets harassed that is a problem, but for that you need to define harassment, what is harassment, what isn’t? And looking at the cases made in that article, i’m having a problem with taking that as a basis for making a “the industry has a problem”-argument. In fact, seeing myself as part of the industry, i have to say that i feel unfairly attacked through that article.

Take Case 1, someone made a Tumblr post and through Reddit a lot of negative response came, some of which, well usually only 14 year olds with no sense of decency would make. How is that even related to the game industry?
And further more, it then makes the claim in that case that this is proof for men don’t have that problem?

Well, that is simply not true.

As soon as you put yourself, or your opinion in the public you are a target for others, especially if what you write might be polarizing or in disagreement with the public opinion. The internet has made it easy for people to respond in a lot of lets call it disturbing ways, and so they will.
In my own experience, and you know, i’m not a woman, i have had feedback on stuff that i wrote that ranged from rather harmless bashing including, but not limited to for example that i’m fat, over people who wrote they’d put me to hospital, up to people who wrote exactly stuff like “i will rape you and your family”, and further in the highest escalation a guy who waited at the door of my apartment for me telling me to take down an article about some right wing band i wrote or else.
Now as i said, i’m not a woman, but i think this is good examples for how I’ve very much gotten comparable responses, and by this in my opinion is not really a gender problem.

Also, it is not a game industry problem either – let me put up the theory that actually people in the games industry are a minority on Reddit, so why is this used as example to talk about how people in our industry allegedly behave? No, this is a society problem, and a problem with the internet, and how people think they can behave there. And yes, i have a strong dislike for parts of the internet subcultures, like Reddit, 4chan or something awful (and yes i know that not all users on those three examples are like this, but quite often i hear shit from that direction), where people spread the idea that its OK to use this kind of language, no matter if it is rape jokes, racism or just very strong insults “because its the internet”.

The next example is about videos from pax east (a consumer fair), and their YouTube comments (which i bet are mostly not from people in the industry either, i’d guess its fans-on-the-internet again). Also, negative comments about the looks? I’ve gotten that a lot, during school, when appearing on some videos.. not a gender problem either, that’s happening to men too.

Anyway, i don’t want to go through the complete article now, the rest is in a very similar tone, with the sugar of “men tell us how to feel about this while this never happens to them…” added. Sorry, but that’s just not fair.

I think it is a good thing to speak about the problems that are there in this net culture, and maybe even further (even before the net there where hurtful letters to the editor, stalkers etc), and i’d love to see an article about that. But i don’t like to get a share of blame just because i’m male and working in the gaming industry.

Composer global config & private repositories

I’m using composer for what feels ages now. Composer is a great tool, and in my opinion everyone should use it.

That said, there are quite a few things about it not that well documented, in some cases because it is not that well organised, in others because it doesn’t mention everything.

For example, did you know that composer has a global configuration? And, do you actually know what you can configure there?
I knew it was there for a while, but i had not ever looked into what can be done with it.

Today i was looking for a way for the company i work for to add our private repository in a way that we don’t have to add it to every single composer.json file, but can configure the repository once and then just use it.

Googling for a solution actually led to a lot of places, but most of them just mentioned you can add it to your composer.json – so i decided to have a look what is actually in the global config:

composer config -g -l

the list of options configured then gave me a hint on what to google for, and i ended up with the right page in the composer manual:

i’m not sure why i didn’t find it before, maybe because with assuming the configs being in ~/.composer/ i was looking for configuration, not for the cli documentation

you can edit the global config by doing

git config -g -e

or, if you want to solve the same problem as i wanted to solve, you can simply use this command and it will add it to your config yourself:

composer config -g repositories.myrepository composer http://myrepositoryhost/

I guess if you are using composer in a company/private environment this is a quite useful information.

I might or might not make another post with a few more hints on the other options.

picture by Roosh Inf3ktion

2014 Project Cleanup

The header image was shared by Roosh Inf3ktion under Creative Commons. Thanks for that.

Over the years i have started and maintained quite a few projects, some of them OpenSource, some not. Also some found quite some usage, others didn’t.

Looking at the sheer amount of (freetime)-projects that i have atm, i’ve decided to clean up a bit.

Pheal / PhealNG (simple PHP Lib for the EVE API)

My simple PHP lib for the EVE Online API. It started with Pheal as a port of my Ruby Lib EAAL, then a few years ago i refactored it into PhealNG. Ever since there have been two projects to maintain – where PhealNG is the one getting the most love. Now today we live in times where everyone should have switched to PHP 5.3 already. PHP 5.5 is currently stable, PHP 5.6 is already in beta 2. Pheal and PhealNG both don’t need much maintenance, but since still people come up with “which one should i use” (and decide for the wrong one), i’ve decided to drop all support for Pheal. Pheal should be considered deprecated and will no longer be maintained.

Use PhealNG instead.

Also this is a good moment to bump PhealNG to 1.0.0 release, so this will happen during the next few days (maybe earlier).

EAAL (simple Ruby Lib for the EVE API)

EAAL has not seen many changes lately at all. Basically all work i’ve put into it in the last few years was to merge in the work of others. This is mostly due to me not using Ruby anymore.

Now i know that a lot of People are still using EAAL (i just need to look at the download numbers) so i obviously won’t kill it. However i’ve decided to open up to the Idea of handing the Maintainer Robe to someone else – so if you want to take over maintenance of this Project, please contact me.


Kingboard was my toy project for the last about 4 years. Personally i was able to use it as a test balloon for a variety of technologies (MongoDB, TokuMX, Stomp, and many more) and probably a private fork of it will continue to fill that role for me. But as an OpenSource project it failed – it never managed to attract more Developers – those who looked at it got scared away by the use of Mongo as a DB or by the use of my own little Framework over something better known. as the primary running installation never really kicked off either, more than 80% of its traffic are search engine bots.

So, as of today, the development of the OpenSource Kingboard is stopped. will have its source base switched to a private fork, and might get changes that are a lot less stable.


my own little framework – it has been in development for a few years now, and i’ve kept refactoring it every now and then – most of my private projects and websites base on it, so it is here to stay. With my focus freed from Kingboard and switched to some other Projects (which also use King23) there might actually come a few more changes, and i might finally be able to put it in a documented and tested structure (probably till the end of the year). seems to get less and less new projects submitted, which personally saddens me. However i do want to improve on the navigation options and maybe incorporate a proper search, the goal for that is set to August.

Also lately a few folks have asked me about editing their entries, sadly the edit function is still waiting for an authentication method to be implemented. My original Plan was to use CCP’s oauth2 sso for that, but over the last 3 years there has been no real movement on that front. So i might be looking into other solutions soon.

EVE: Supers do Die!

One of my small little android apps. It seems it has its best times behind it, and i don’t feel like putting more work into it, adding additional featuers. It will stay as it is, not get any updates anymore, until it dies when eve-kill switches to some other kb software.

The current “You might not need jQuery” Hype..

lately i’ve seen a lot of people Tweet of Facebook about, infact, right now the github repository used to maintain that site is place three in the most trending repositories.

Now  i’m a bit surprised on how many people that i know are jumping on that train. I looked into what the website says, and i disagree with the basic idea of it.

First of all it asks you “What’s the oldest version of IE you need to support?”, and lets you chose between 8, 9 and 10. I was a bit surprised since it didn’t seem that long ago to me that people where requiring stuff to still run with IE6. Should that glorious implication be true, and the abominations named IE6 & IE7 have been purged from the net? Reality sais no. I went to Google Analytics and checked the stats for some sites i run, and while i have mostly users (Games, Coders and other  Nerds) on those sites that are prone to use a proper Browser (read: not IE), or at least have the latest version of it, i still found that more than 9% of the IE users on my site are using a pre-8 Version.

jQuery 1.* handles this fine for me, i don’t need to think about it. Now obviously i could say “i don’t care about those users” (and frankly, i don’t), but then i’m just running some small scale private sites there. If i was looking at it from a commercial aspect, especially with a target audience that is less tech-savvy than my users, i might not want to keep those customers out.

The other thing that this website is not talking about is maintainability. jQuery actually makes JavaScript code easier to read (just look at the examples that there are on the “you might not need jQuery” website),  and by that easier to maintain.

With literally thousands of extensions and plugins to jQuery you also have an amazing resource of Code, where you can save effort that you’d have to put into reinventing the wheel, and focus on those things that you need to get done. I personally don’t see a reason to build yet another solution for auto-complete, tooltips etc.

jQuery is less than 100kb in size which with modern broadband is nothing (not even on a mobile device), and you can load it through several CDN’s which make sure it will reach your user as fast as possible. You can use large browser-side cache times easy with it (in fact when you are using a CDN for it, chances are that your user is already having it in his cache), and if you use a gzip handler the size transfered shrinks to even less. So this can’t be the reason why the authors of that website don’t want us to us jQuery – which leads me to another thing the site doesn’t talk about:



Get every new post delivered to your Inbox.