> I would recommend declaring the phar dependency with phive
reply+1. This eliminates a whole class of bugs in which you declared phpunit as a dev dependency but end up using a class that it brought in without declaring as a regular dependency. Without an external linter, you can’t really catch that until your production code doesn’t bring the class in and throws a fatal error.
1. Just add phpcsfixer and phpstan like any sane project
reply2. If you use phpunit class in prod code, you deserve to get a fatal error
1. Both tools will not catch it, you need something like https://github.com/maglnet/ComposerRequireChecker
reply2. That doesn’t apply to PHPUnit specifically, but if you, for example, import PHP-cs-fixer as dev dependency, it will bring symfony/console, and if you rely on that on your own code without importing it on composer.json as a regular dependency, the class will be missing when you composer install for production.
Ok I get what you're saying now, that's fair. Tbh I mainly do Symfony so most of what dev-dependencies use are already in the dependencies for me so it never happened
replyhave a phpunit.xml or something where you can document what version of PHPUnit is required to run the tests for this library. Since there are often deprecations and breakages between major versions of PHPUnit where something gets removed and such
reply