Open jissereitsma opened 4 years ago
Hi,
Yeah thats true, ill document the most exotic dependencies. In all honesty, I don't see the benefit of documenting the magento/framework dependency for example, its kind of implicit to the package type "magento2-module". What is your view on this?
WIth kind regards
I think you are missing the point that composer is used for dependency management. In magento/framework
, there have been numerous breaking changes that could impact third party extensions. If for instance a feature was removed in Magento 2.4, while your module was relying upon it, without declaring the dependency, customers will be able to upgrade to Magento 2.4 and find out that things are breaking in production.
I am definitely NOT saying that you should add the magento/framework
with a version *
. Instead, look on the Magento devdocs for all information regarding best practices.
I have heard that people complained about your module, because of basic things like this missing and 1 instance involved your module not documenting its dependencies, hence succeeding in a composer upgrade but failing in production. It is really important to realize that offering a third party extension to 1000s of developers in the Magento ecosystem requires you to be as pro-active as possible to code everything, instead of being reluctant about this. In short, read the docs of composer for best practices.
A little example: The commit https://github.com/EmicoEcommerce/Magento2Tweakwise/commit/fbb81115a75469a0e2048817b2a21b998d731d86 shows that you tried to implement a new interface that is only possible with Magento 2.4. And it is NOT introduced in the Magento 2.4 package, which is just there for marketing. Instead, it is introduced in magento/framework
version 103.0.0.
Introducing new features in new versions is not a bad thing. However, this would break with people still running Magento 2.3 or older. In short, the composer dependencies are there to determine which version of your module are matching which version of the framework.
I found out about this within 1 minute of reviewing your code. So please understand that composer dependencies are so common for some developers that it is easy to spot that this extension is missing them.
Fair enough, Ill add/update them, it is indeed better to force the correct constraints. To be honest the dependencies have not been on my mind the last few features. So please understand that composer dependencies are so common for some developers that it is easy to spot that this extension is missing them.
I am well aware of that. Your point about the missing dependencies is valid.
While the Magento extension is heavily relying upon numerous Magento modules, that could be enabled or disabled, and composer dependencies (while composer makes upgrades easier), almost none of these dependencies are documented in the
composer.json
andmodule.xml
files. A simple output of a scanning tool I built, shows the following:Is this something that could be fixed?