Topic: Composer & Packagist for htmLawed

Hello there,

We use htmLawed in some open source project:
- h*tps://github.com/j0k3r/graby
- h*tps://github.com/SSilence/selfoss
- h*tps://github.com/wallabag/wallabag

And we noticed that you didn't publish your package on Packagist.

For some background, Composer is a package manager for PHP projects (think of a npm / pip for PHP). It allow projects to retrieve libraries without taking care of manually updating them.
Composer use Packagist as a main repository where all libraries are published. When someone publish a new release of its library, Packagist is updated (this can be automatised from GitHub or manually) and everyone who use that library can retrieve the update.

Since you didn't publish htmLawed on Packagist, there are a lot of cloned project: https://packagist.org/search/?q=HTMLawed

The main problem is that they don't often update them. For example, the "most" starred project is up to date from February only.

Is there any chance you add a composer.json in your project and then publish it on Packagist?
Here is an example: https://github.com/fossar/HTMLawed/blob/master/composer.json

Let me know if you have any questions regarding Composer / composer.json or Packagist I'll be happy to answer them :)


Re: Composer & Packagist for htmLawed

Thank you for the suggestion to publish on Packagist.

I am wondering if it will be useful at this point if there already are clone packages on Packagist. I mean, how would one distinguish the official package from others? Any thought on how to publish the package so that it will be easy for others to identify the official package will be helpful.


Re: Composer & Packagist for htmLawed

I think the main advantage is that you'll be able to publish the new version as soon as you release it.
Unofficial package need to check for new version and most the time they forget to check so the package isn't up to date on Packagist.

I think this composer.json should be a good start:

  "name": "php-labware/htmlawed",
  "description": "htmLawed Official package - Process text with HTML markup to make it more compliant with HTML standards and with administrative policies",
  "keywords": ["html", "strip", "HTMLtidy", "tags", "sanitize"],
  "homepage": "http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php",
  "license": [
  "authors": [{
    "name": "Santosh Patnaik",
    "homepage": "http://www.bioinformatics.org/people/index.php?user_hash=558b661f92d0ff7b",
    "role": "Developer"
  "require": {
    "php": ">4.4.0"
  "replace": {
    "htmlawed/htmlawed": "*"
  "autoload": {
    "files": ["htmLawed.php"]

Then we'll (or you'll) need to contact https://github.com/kesar to indicate its package is now deprecated and people should use the new one.

It seems hard to publish a package on packagist when the repos isn't public.

Do you have a public url of your repository? So Packagist can clone (if you use git) or checkout (if you use svn) ?


Re: Composer & Packagist for htmLawed

Thanks again for helpful information.

I have looked into Packagist, and you are right that it appears unusable if source code is not on GitHub but on a self-hosted site.

This website (bioinformatics.org/phplabware) is the public site for htmLawed, and I don't intend to create a  GitHub repository. Maintaining such a repository will be extra work that I am short on time for. May be in future I will close this website and move to GitHub.


Re: Composer & Packagist for htmLawed

This is sad but I can definitely understand the decision.
We are going to maintain a repository in sync with your website here: https://github.com/fossar/HTMLawed

Last question, how can I be notified when you release a new version?


Re: Composer & Packagist for htmLawed

Regarding notification of new release, I welcome any suggestion you may have. I can create a small 'API' using which the htmLawed site can be queried to get current release version and date, and may be severity of issues it fixes. Or I can create an Atom/RSS feed about releases.


Re: Composer & Packagist for htmLawed

A RSS feed ça be a great idea.
Someone pointed to me that your package doesn't need to be published on Packagist to be available using Composer.
Composer can handle VCS repository.
Which means your repository needs to be publicly readable. Is it?


Re: Composer & Packagist for htmLawed

There is now an RSS/Atom feed for htmLawed releases – bioinformatics.org/phplabware/internal_utilities/htmLawed/releases_RSS.php.

Regarding your previous post, I did not understand what you meant by '...your repository needs to be publicly readable'. All htmLawed releases are available as zip files with unique and public URLs on htmLawed site.

The current/latest htmLawed release always has a fixed URL: http://www.bioinformatics.org/phplabware/downloads/htmLawed.zip.


Re: Composer & Packagist for htmLawed

I was not talking about a zip file.
I was talking about the ability to retrieve the source code by cloning it (if you use git) or checkout it (if you use svn).
The code seems to be available but only from an html page. Is it more clear?


Re: Composer & Packagist for htmLawed

Thanks for clarifying.

There is no formal version control system like Git or SVN for htmLawed... seems silly for a small, single-file software that is maintained by one person.


Re: Composer & Packagist for htmLawed

See follow-up in this post.