Some of the finding from this article are interesting https://blog.lepine.pro/en/php-ecosystem-deep-dive-code-quality-landscape/ even though I do not share the same conclusions as the article. Spoiler alert I have 2 packages in the 136 packages
#php #ecosystem
> 23% appear abandoned, making dependency audits essential.
How do you know that the package is abandoned versus it is just stable and needs little to no maintenance
Also have "only" 136 package instead of a gazillon of package seems to show strong stable basis.
Among those 136 packages that represents 50% of all monthly downloads the percentage of PSR related interfaces (and implementation) is a fascinating thing to see. For all the bashing the PHP-FIG is receiving everytime someone mention them aka the PHP-FIG should just stop existing vs its real deep impact on the ecosystem just says a lot about myth vs reality
@nyamsprod The concept of feature-complete is elusive to many people.
@afilina @nyamsprod "it hasn't been updated for two years so is probably unmaintained and full of vulnerabilities" - in reality it is a validation library and there are only so many times you can rewrite a check for string length before it gets ridiculous. I suppose updating a change log each week with, "still no need for a change" is a solution to satisfy the need some have for something new every week.