Open webdevnerdstuff opened 2 years ago
I mostly agree.
Installing as non-dev dependency has some pros:
I agree though, for most people, installing as dev-dependency might be a better choice. We should probably change the default instructions to use --dev, or at least prominently mention that option.
There's also a very real problem with people running their apps with APP_DEBUG
enabled in production, which would be mostly fixed by this. I'm also considering changing the default to require both APP_DEBUG
enabled and check for whether the app is running on localhost.
Re: https://underground.works/clockwork/#docs-installation
Since this is primarily a development only tool and shouldn't be on production, is there any specific reason why the documentation does not show the default install command for require-dev?
composer require --dev itsgoingd/clockwork
Personally I like the better safe than sorry approach. Sometimes a miscommunication with DevOps might have them set the .env variable as true, which can expose a production env. This actually happened with one of ours sites. Luckily I caught it soon enough, but that could have caused major problems if I didn't.
Another thing I noticed, is that for the same site, the
APP_DEBUG
was set as false, butCLOCKWORK_ENABLE
was set as true. So in this case, setting debug to false was ignored. Perhaps it could be more clearly obvious in the documentation on this page thatCLOCKWORK_ENABLE
has priority overAPP_DEBUG
.https://underground.works/clockwork/#docs-collected-data