If you are Magento developer, be it freelancer, working for an agency or even an in-house, chances are that you have been ‘bitten’ at least one by a Magento Connect extension. In fact, there has been much talk recently in the community about the state of Magento Connect, the extension ecosystem and the quality of the extensions. Some of the strongest criticism has come from well-known members of the community. Moreover, most of the concerns and criticism are justified.
What do we do in order to move forward? How do we improve? How do we fix that which we are saying is broken?
Well, the reality is that we cannot; at least not until we know what’s wrong, can measure the changes, and make improvements if any. Now, while the community has argued that there are many problems with Magento Connect; I would like to focus on only one of those issues, the quality of the code and what that means.
Grading code and Static Code Analysis
As it happens, the tools are already available to us if we know where to look it comes to Static Code Analysis PHP CodeSniffer is the go to solution for PHP developers.
Now for the standard, this is where things get interesting since the standard defines the rules and checks that PHPCS will use to analyze the code. Magento 1.x can be unique on the way it’s coded and in the standard it’s used and it will certainly won’t play nice with any of the default rulesets.
Fortunately, the Magento ECG (Expert Consulting Group) has published a coding standard for Magento. This coding standard not only checks for issues in PHP but also adds custom checks or sniffs for common Magento problems, among them we have:
- Raw SQL queries.
- SQL queries inside a loop.
- Direct instantiation of Mage and Enterprise classes.
- Unnecessary collection loading.
- Excessive code complexity.
- Use of dangerous functions.
- Use of PHP superglobals.
Now that we have the tools and standards to measure code quality we can move forward and make changes to our extensions. However, that does not solve the problem? I would not say that is realistic for the community, especially all the developers that publish to connect, to adopt standards and tools and rewrite their code to improve it.
Moreover, it is even less likely to expect Magento to change the rules suddenly for submitting to connect and enforce the standards. So what can be done?
Well, since someone once called me the Mad Scientist of the Magento community, a title that I intended to live up to; I decided to go ahead and do something crazy!
Introducing Triplecheck.io, an experimental CI tool built specifically for Magento and currently still in development. To showcase and test part of the functionality we downloaded most of the extensions available in Magento Connect so that we could “score” them.
5838 extensions downloaded, analyzed, scored and rated; all done automatically and without any human input. The database is available online on the main site, as well the detailed results of the analysis done for each extension. Currently, scores are calculated based on the results of PHPCS and the Magento ECG Coding Standards. All the PHP and PHTML files inside each extension are analyzed, rated and the overall score is calculated using a GPA (Grade point average) ranging from 0 to 5.
Scoring might change in the future once we are more plugins and different metrics, but for now it is a good start an indicator of what the current state of connecting actually is.
Keep in mind; the results and the scoring itself are guidelines. Not hard rules, they are meant to be used as an indicator of potential problems.
How to Move the ecosystem Forward
Some of you will hate this tool, some will dislike the way things are scored and disagree on how it’s done; and I for one welcome that, it at least starts the conversation. A conversation that this community needs to have, and that the Magento ecosystem needs in order to grow and mature.