Yes I am extremely familiar with RPM and have been packaging RPMs since the
Red Hat 6.0 days (pre Fedora)
But they don't address this issue. For example, the RPMs that exist for
roundcube mail include jQuery and other 3rd party JS in the roundcube RPM
itself because their is no standard way to for roundcube to say it needs
jQuery X.
PHP class dependencies can be in separate packages thanks to autoloaders,
but not the JavaScript
On Thursday, March 1, 2018 at 5:29:39 PM UTC-8, Alice Wonder wrote:
>
> Hello,
>
> I have a php class that generates an HTML5 audio player with support for
> WebVTT captions and chapters and is very accessible.
>
> It's a personal class, I am not distributing it as FLOSS and I probably
> won't, but it uses jQuery and its own JavaScript and it's own CSS (in an
> external file, I do not allow the style attribute in my code) and its own
> webfont that is used kind of like an image sprite but better IMHO than
> using an image sprite (for the interface buttons).
>
> Anyway one of the things that literally bothers me about so many web
> applications is they bundle scripts many of which (e.g. jQuery) are third
> party to the web application.
>
> I was thinking it would be good for something *like* PSR-4 to exist for
> non-php resources.
>
> What I mean is Web Application A requires jQuery >= 3 but doesn't need to
> bundle it itself, where the bundled often often becomes stale.
>
> Instead there could be a PSR class interface defined so that when the web
> application needs to add jQuery to the (x)html document head - it could call
>
> $whatever::addJavaScript("jQuery:jQuery", "3.0");
>
> Class $whatever would then look in virtual vendor namespace "jQuery" for a
> script that meets the name definition of "jQuery" with minimum version
> "3.0" and returns the appropriate URI to add to the script node.
>
> For people who use composer it may not make much difference, they will end
> up with stale version over time (or initially if a composer.lock file is
> used) just like they often end up with stale unpatched vulnerable versions
> of class libraries - but for those who actually update their installs
> periodically (or use an actual package manager which composer is not) it
> could be of a great benefit.
>
> I already do something similar for my own private web apps, it could IMHO
> be a huge benefit if there was a standardized way of doing it.
>
> Thoughts?
>
--
You received this message because you are subscribed to the Google Groups "PHP
Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to php-fig+unsubscr...@googlegroups.com.
To post to this group, send email to php-fig@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/php-fig/212bd45f-816d-4287-a79c-5d6735fe1427%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
