Libraries/dependencies in WordPress - TinyLibraries


(Arūnas) #1

Hi! I wanted to share my latest weekend project with you. TinyLibraries is my take on duplicate library/dependencies problem in WordPress - a small plugin that would allow other plugins to declare what PHP libraries they need and automatically install the latest version of that library and keep them up to date. At the moment it’s just a proof-of-concept, with support for a handful of supported libraries - WP Backround Processing, ButterBean and the like. There are three sample plugins in the repo too, for a simple showcase of how it works.

Let me know what other libraries could be useful here and what you think of the whole concept! I’d love to see something like that in the Core one day…


#2

I opened an issue on the repo, about adding a small blurb about the public plugin repo guidelines.

Specifically, your meta-plugin conflict with #8 and #13:

8 The plugin may not send executable code via third-party systems.

Externally loading code from documented services is permitted, however all communication must be made as securely as possible. Executing outside code within a plugin when not acting as a service is not allowed, for example:

  • Serving updates or otherwise installing plugins, themes, or add-ons from servers other than WordPress.org’s
  • Installing premium versions of the same plugin
  • Calling third party CDNs for reasons other than font inclusions; all non-service related JavaScript and CSS must be included locally
  • Using third party services to manage regularly updated lists of data, when not explicitly permitted in the service’s terms of use
  • Using iframes to connect admin pages; APIs should be used to minimize security risks

and

13 The plugin should make use of WordPress’ default libraries.

WordPress includes a number of useful libraries, such as jQuery, Atom Lib, SimplePie, PHPMailer, PHPass, and more. For security and stability reasons, plugins may not include those libraries in their own code, but instead must use the versions of those libraries packaged with WordPress.

For a list of all javascript libraries included in WordPress, please review Default Scripts Included and Registered by WordPress.

You’ll want folks to have a heads up, so they can choose to use your plugin, or be listed. :slight_smile:


(Arūnas) #3

Thank you for that suggestion!

But I would argue, that using TinyLibraries would not make a plugin non-compliant with Guidelines. Because plugin author only adds a custom Plugin header line and a conditional function call. They can even use a fallback if TinyLibraries is not present. But that neither makes your plugin download external stuff (guideline 8), nor not use default WP libraries (guideline 13) - TinyLibraries is only about libraries that are NOT included in WP Core.

TinyLibraries itself, of-course, does violate Guideline 8 and I have no hope of getting it into the wp.org repo anytime soon. It also goes against the policy of not accepting framework type of plugins, too. But that should not prevent other plugins declaring compatibility with it and getting accepted to the repo.