-
-
Notifications
You must be signed in to change notification settings - Fork 505
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switching "symfony/var-dumper" in require-dev #2448
Comments
The reason for Theoretically we could move the requirement to
In the meantime while we're giving this a second thought, I'd advise to set simple pre-commit git hooks or even employ CI pipeline for such detections. In our project we're using https://github.com/phpro/grumphp with following task:
|
You're right, var_dump or print_r may be "dangerous" as well. However, Symfony's var-dumper package is intended (I guess) for debugging (only?), and is quite popular those days. If you are not too careful, you easily end up with var-dumper loaded in production ("because of" doctrine-mongodb). Eventually, there may be unpleasant surprises then. I totally understand your point of view, and the fact that this package is required by a Command. This was a suggestion, but I believe it's a relevant one. Thanks for the tip, I'll take a look at grumphp |
Or a fatal error due to an unknown function |
Feature Request
The package symfony/var-dumper is currently required in the main "require" channel.
From my research, there is no valid reason for it to be loaded outside of a dev environment (for mongodb-odm).
I think it is widely accepted that putting this package in a production environment can be dangereous.
The verbosity of the var-dumper can reveal very compromising information. For example, if a dump() or a dd() is inadvertently left in the code, and pushed to production.
Since this package requires the var-dumper in the main channel, then the var-dumper is always installed & loaded on all projects containing mongodb-odm.
Thank you for your attention, hope this can be addressed.
The text was updated successfully, but these errors were encountered: