Separate Printer and ComposerJson

Author: janedbal

README.md

@@ -1,19 +1,22 @@
 # Composer dependency analyser
 
-This package aims to detect shadowed composer dependencies in your project, fast!
-See comparison with existing projects:
+This package aims to detect composer dependency issues in your project, fast!
 
-| Project                                                                               | Analysis of 13k files |
-|---------------------------------------------------------------------------------------|-----------------------|
-| shipmonk/composer-dependency-analyser                                                 | 2 secs                |
-| [maglnet/composer-require-checker](https://github.com/maglnet/ComposerRequireChecker) | 124 secs              |
+For example, it detects shadowed depencencies similar to [maglnet/composer-require-checker](https://github.com/maglnet/ComposerRequireChecker), but **much faster**:
+
+| Project                               | Analysis of 13k files |
+|---------------------------------------|-----------------------|
+| shipmonk/composer-dependency-analyser | 2 secs                |
+| maglnet/composer-require-checker      | 124 secs              |
 
 ## Installation:
 
 ```sh
 composer require --dev shipmonk/composer-dependency-analyser
 ```
 
+*Note that this package itself has zero composer dependencies.*
+
 ## Preconditions:
 - To achieve such performance, your project needs follow some `use statements` limitations
 - Disallowed approaches:
@@ -61,18 +64,21 @@ Found shadow dependencies!
 
 You can add `--verbose` flag to see first usage of each class.
 
-## How it works:
-This tool extracts dependencies and autoloader paths from your composer.json and detects:
+## What it does:
+This tool reads your `composer.json` and scans all paths listed in both `autoload` sections while analysing:
 
 - Shadowed dependencies
-  - This stop working if such package gets removed in one of your dependencies
+  - Those are dependencies of your dependencies, which are not listed in `composer.json`
+  - Your code can break when your direct dependency gets updated to newer version which does not require that shadowed dependency anymore
+  - You should list all those classes within your dependencies
 - Dev dependencies used in production code
-  - Those stop working if you ever run your application with `composer install --no-dev`
+  - Your code can break once you run your application with `composer install --no-dev`
+  - You should move those to `require` from `require-dev`
 
-## Shadow dependency risks
-You are not in control of dependencies of your dependencies, so your code can break if you rely on such transitive dependency and your direct dependency will be updated to newer version which does not require that transitive dependency anymore.
+It is expected to run this tool in root of your project, where the `composer.json` is located.
+If you want to run it elsewhere, you can use `--composer_json=path/to/composer.json` option.
 
-Every used class should be listed in your `require` (or `require-dev`) section of `composer.json`.
+Currently, it only supports those autoload sections: `psr-4`, `psr-0`, `files`.
 
 ## Future scope:
 - Detecting dead dependencies

bin/composer-dependency-analyser

@@ -3,10 +3,12 @@
 
 use Composer\Autoload\ClassLoader;
 use ShipMonk\Composer\ComposerDependencyAnalyser;
+use ShipMonk\Composer\ComposerJson;
 use ShipMonk\Composer\Error\ClassmapEntryMissingError;
 use ShipMonk\Composer\Error\DevDependencyInProductionCodeError;
 use ShipMonk\Composer\Error\ShadowDependencyError;
 use ShipMonk\Composer\Error\SymbolError;
+use ShipMonk\Composer\Printer;
 
 $usage = <<<EOD
 
@@ -32,30 +34,13 @@ foreach ($autoloadFiles as $autoloadFile) {
     }
 }
 
-$colorMap = [
-    "<red>" => "\033[31m",
-    "<green>" => "\033[32m",
-    "<orange>" => "\033[33m",
-    "<gray>" => "\033[37m",
-    "</red>" => "\033[0m",
-    "</green>" => "\033[0m",
-    "</orange>" => "\033[0m",
-    "</gray>" => "\033[0m",
-];
-
-$colorize = static function (string $input) use ($colorMap): string {
-    return str_replace(array_keys($colorMap), array_values($colorMap), $input);
-};
-
-$echo = static function (string $input) use ($colorize): void {
-    echo $colorize($input) . PHP_EOL;
-};
+$printer = new Printer();
 
 /**
  * @return never
  */
-$exit = static function (string $message) use ($echo): void {
-    $echo("<red>$message</red>" . PHP_EOL);
+$exit = static function (string $message) use ($printer): void {
+    $printer->printLine("<red>$message</red>" . PHP_EOL);
     exit(255);
 };
 
@@ -90,7 +75,6 @@ if ($composerJsonRawData === false) {
     $exit("Failure while reading $composerJsonPath file.");
 }
 
-/** @var array{require?: array<string, string>, require-dev?: array<string, string>} $composerJsonData */
 $composerJsonData = json_decode($composerJsonRawData, true);
 
 $jsonError = json_last_error();
@@ -99,40 +83,12 @@ if ($jsonError !== JSON_ERROR_NONE) {
     $exit("Failure while parsing $composerJsonPath file: " . json_last_error_msg());
 }
 
-$filterPackages = static function (string $package): bool {
-    return strpos($package, '/') !== false;
-};
-
-$requiredPackages = $composerJsonData['require'] ?? [];
-$requiredDevPackages = $composerJsonData['require-dev'] ?? [];
+$composerJson = new ComposerJson($composerJsonData); // @phpstan-ignore-line ignore mixed given
 
-if (count($requiredPackages) === 0 && count($requiredDevPackages) === 0) {
+if (count($composerJson->dependencies) === 0) {
     $exit("No packages found in $composerJsonPath file.");
 }
 
-// autodetect paths from composer autoload // TODO use some parser, properly resolve relative path based on where composer.json is
-if ($providedPaths === []) {
-    $relativeProductionPaths = array_merge(
-        array_values($composerJsonData['autoload']['psr-4'] ?? []), // TODO support both list & single item
-        $composerJsonData['autoload']['classmap'] ?? []
-    );
-    $relativeDevPaths = array_merge(
-        array_values($composerJsonData['autoload-dev']['psr-4'] ?? []),
-        $composerJsonData['autoload-dev']['classmap'] ?? []
-    );
-    $relativePaths = array_merge(
-        array_fill_keys($relativeProductionPaths, false),
-        array_fill_keys($relativeDevPaths, true)
-    );
-} else {
-    $relativePaths = array_fill_keys($providedPaths, true); // TODO detect from composer if that one is dev or not?
-}
-
-$dependencies = array_merge(
-    array_fill_keys(array_keys(array_filter($requiredPackages, $filterPackages, ARRAY_FILTER_USE_KEY)), false),
-    array_fill_keys(array_keys(array_filter($requiredDevPackages, $filterPackages, ARRAY_FILTER_USE_KEY)), true)
-);
-
 $loaders = ClassLoader::getRegisteredLoaders();
 if (count($loaders) !== 1) {
     $exit('This tool works only with single composer autoloader');
@@ -144,75 +100,18 @@ if (!$loaders[$vendorDir]->isClassMapAuthoritative()) {
 }
 
 $absolutePaths = [];
-foreach ($relativePaths as $relativePath => $isDevPath) {
-    $absolutePath = $cwd . '/' . $relativePath;
+foreach ($composerJson->autoloadPaths as $relativePath => $isDevPath) {
+    $absolutePath = dirname($composerJsonPath) . '/' . $relativePath;
     if (!is_dir($absolutePath) && !is_file($absolutePath)) {
-        $exit("Invalid path given, $absolutePath is not a file nor directory.");
+        $exit("Unexpected path detected, $absolutePath is not a file nor directory.");
     }
     $absolutePaths[$absolutePath] = $isDevPath;
 }
 
-$detector = new ComposerDependencyAnalyser($vendorDir, $loaders[$vendorDir]->getClassMap(), $dependencies, ['php']);
+$detector = new ComposerDependencyAnalyser($vendorDir, $loaders[$vendorDir]->getClassMap(), $composerJson->dependencies, ['php']);
 $errors = $detector->scan($absolutePaths);
 
-if (count($errors) > 0) {
-    /** @var ClassmapEntryMissingError[] $classmapErrors */
-    $classmapErrors = array_filter($errors, static function (SymbolError $error): bool {
-        return $error instanceof ClassmapEntryMissingError;
-    });
-    /** @var ShadowDependencyError[] $shadowDependencyErrors */
-    $shadowDependencyErrors = array_filter($errors, static function (SymbolError $error): bool {
-        return $error instanceof ShadowDependencyError;
-    });
-    /** @var DevDependencyInProductionCodeError[] $devDependencyInProductionErrors */
-    $devDependencyInProductionErrors = array_filter($errors, static function (SymbolError $error): bool {
-        return $error instanceof DevDependencyInProductionCodeError;
-    });
-
-    if (count($classmapErrors) > 0) {
-        $echo('');
-        $echo("<red>Classes not found in composer classmap!</red>");
-        $echo("<gray>(this usually means that preconditions are not met, see readme)</gray>" . PHP_EOL);
-
-        foreach ($classmapErrors as $error) {
-            $echo("  • <orange>{$error->getSymbolName()}</orange>");
-            if ($verbose) {
-                $echo("    <gray>first usage in {$error->getExampleUsageFilepath()}</gray>" . PHP_EOL);
-            }
-        }
-        $echo('');
-    }
-
-    if (count($shadowDependencyErrors) > 0) {
-        $echo('');
-        $echo("<red>Found shadow dependencies!</red>");
-        $echo("<gray>(those are used, but not listed as dependency in composer.json)</gray>" . PHP_EOL);
-
-        foreach ($shadowDependencyErrors as $error) {
-            $echo("  • <orange>{$error->getSymbolName()}</orange> ({$error->getPackageName()})");
-            if ($verbose) {
-                $echo("    <gray>first usage in {$error->getExampleUsageFilepath()}</gray>" . PHP_EOL);
-            }
-        }
-        $echo('');
-    }
-
-    if (count($devDependencyInProductionErrors) > 0) {
-        $echo('');
-        $echo("<red>Found dev dependencies in production code!</red>");
-        $echo("<gray>(those are not listed as dev dependency in composer.json)</gray>" . PHP_EOL);
-
-        foreach ($devDependencyInProductionErrors as $error) {
-            $echo("  • <orange>{$error->getSymbolName()}</orange> ({$error->getPackageName()})");
-            if ($verbose) {
-                $echo("    <gray>first usage in {$error->getExampleUsageFilepath()}</gray>" . PHP_EOL);
-            }
-        }
-        $echo('');
-    }
+$exitCode = $printer->printResult(array_values($errors), $verbose);
+exit($exitCode);
 
-    exit(255);
 
-} else {
-    $echo("<green>No composer issues found</green>" . PHP_EOL);
-}

composer.json

@@ -31,7 +31,11 @@
             "ShipMonk\\Composer\\": "tests/"
         },
         "classmap": [
-            "tests/data"
+            "tests/vendor/",
+            "tests/app/"
+        ],
+        "exclude-from-classmap": [
+            "tests/data/"
         ]
     },
     "bin": [

src/ComposerJson.php

@@ -0,0 +1,81 @@
+<?php declare(strict_types = 1);
+
+namespace ShipMonk\Composer;
+
+use function array_fill_keys;
+use function array_filter;
+use function array_keys;
+use function array_merge;
+use function is_array;
+use function strpos;
+use const ARRAY_FILTER_USE_KEY;
+
+class ComposerJson
+{
+
+    /**
+     * Path => isDev
+     *
+     * @readonly
+     * @var array<string, bool>
+     */
+    public array $dependencies;
+
+    /**
+     * Path => isDev
+     *
+     * @readonly
+     * @var array<string, bool>
+     */
+    public array $autoloadPaths;
+
+    /**
+     * @param array{require?: array<string, string>, require-dev?: array<string, string>, autoload?: array{psr-0?: array<string, string|string[]>, psr-4?: array<string, string|string[]>, files?: string[]}, autoload-dev?: array{psr-0?: array<string, string|string[]>, psr-4?: array<string, string|string[]>, files?: string[]}} $composerJsonData
+     */
+    public function __construct(array $composerJsonData)
+    {
+        $requiredPackages = $composerJsonData['require'] ?? [];
+        $requiredDevPackages = $composerJsonData['require-dev'] ?? [];
+
+        $this->autoloadPaths = array_merge(
+            $this->extractAutoloadPaths($composerJsonData['autoload']['psr-0'] ?? [], false),
+            $this->extractAutoloadPaths($composerJsonData['autoload']['psr-4'] ?? [], false),
+            $this->extractAutoloadPaths($composerJsonData['autoload']['files'] ?? [], false),
+            $this->extractAutoloadPaths($composerJsonData['autoload-dev']['psr-0'] ?? [], true),
+            $this->extractAutoloadPaths($composerJsonData['autoload-dev']['psr-4'] ?? [], true),
+            $this->extractAutoloadPaths($composerJsonData['autoload-dev']['files'] ?? [], true),
+            // classmap not supported
+        );
+
+        $filterPackages = static function (string $package): bool {
+            return strpos($package, '/') !== false;
+        };
+
+        $this->dependencies = array_merge(
+            array_fill_keys(array_keys(array_filter($requiredPackages, $filterPackages, ARRAY_FILTER_USE_KEY)), false),
+            array_fill_keys(array_keys(array_filter($requiredDevPackages, $filterPackages, ARRAY_FILTER_USE_KEY)), true)
+        );
+    }
+
+    /**
+     * @param array<string|array<string>> $autoload
+     * @return array<string, bool>
+     */
+    private function extractAutoloadPaths(array $autoload, bool $isDev): array
+    {
+        $result = [];
+
+        foreach ($autoload as $paths) {
+            if (!is_array($paths)) {
+                $paths = [$paths];
+            }
+
+            foreach ($paths as $path) {
+                $result[$path] = $isDev;
+            }
+        }
+
+        return $result;
+    }
+
+}

src/Error/ClassmapEntryMissingError.php

@@ -34,4 +34,9 @@ public function getExampleUsageFilepath(): string
         return $this->exampleUsageFilepath;
     }
 
+    public function getPackageName(): ?string
+    {
+        return null;
+    }
+
 }

src/Error/SymbolError.php

@@ -5,6 +5,8 @@
 interface SymbolError
 {
 
+    public function getPackageName(): ?string;
+
     public function getSymbolName(): string;
 
     public function getExampleUsageFilepath(): string;