Dependency Hygiene

This article explores the issue of unnecessary dependencies in software projects, focusing on the PHP ecosystem. The author discusses how package managers, while solving important problems, can make developers lazy about vetting their dependencies. They conducted an experiment scanning 1554 PHP projects for unused polyfill and compatibility packages, finding that 229 (about 15%) had unnecessary dependencies. The article emphasizes the importance of understanding and cleaning up dependencies to improve security and maintainability, and provides practical advice like using composer why and adding replace configurations in composer.json.