itsgoingd
commented
2 years ago I mostly agree.
Installing as non-dev dependency has some pros:
- You can leave some Clockwork calls in your app, without worrying about the code crashing in production when the library is not available.
- You might actually want to run Clockwork in production eg. conditionally for debugging, as sampling profiler etc. though I would recommend doing so only to people who really know what they are doing.
I agree though, for most people, installing as dev-dependency might be a better choice. We should probably change the default instructions to use --dev, or at least prominently mention that option.
There's also a very real problem with people running their apps with APP_DEBUG enabled in production, which would be mostly fixed by this. I'm also considering changing the default to require both APP_DEBUG enabled and check for whether the app is running on localhost.
Re: https://underground.works/clockwork/#docs-installation
Since this is primarily a development only tool and shouldn't be on production, is there any specific reason why the documentation does not show the default install command for require-dev?
composer require --dev itsgoingd/clockworkPersonally I like the better safe than sorry approach. Sometimes a miscommunication with DevOps might have them set the .env variable as true, which can expose a production env. This actually happened with one of ours sites. Luckily I caught it soon enough, but that could have caused major problems if I didn't.
Another thing I noticed, is that for the same site, the
APP_DEBUGwas set as false, butCLOCKWORK_ENABLEwas set as true. So in this case, setting debug to false was ignored. Perhaps it could be more clearly obvious in the documentation on this page thatCLOCKWORK_ENABLEhas priority overAPP_DEBUG.https://underground.works/clockwork/#docs-collected-data