Magento 2 code quality tools

If you are planning to publish an extension to Magento’s marketplace, it will have to pass a few quality gates before getting published. Magento did provide some tools to allow you testing locally before submitting the extension.

First, there is https://github.com/magento/magento-coding-standard . While this tool is mostly centered around code formatting, it can catch some nastier stuff too, like loading a model in a loop or using deprecated libraries. Assuming that you will be testing your extension in the context of a Magento website, you first need to add to your composer.json file, somewhere at root level:

"scripts": {
    "post-install-cmd": [
        "([ $COMPOSER_DEV_MODE -eq 0 ] || vendor/bin/phpcs --config-set installed_paths ../../magento/magento-coding-standard/)"
    ],
    "post-update-cmd": [
        "([ $COMPOSER_DEV_MODE -eq 0 ] || vendor/bin/phpcs --config-set installed_paths ../../magento/magento-coding-standard/)"
    ]
}

Then install the coding standards package:

composer require --dev magento/magento-coding-standard

Then run the checker:

vendor/bin/phpcs --standard=Magento2 app/code/My/Extension

This will provide an output like:

FOUND 0 ERRORS AND 16 WARNINGS AFFECTING 12 LINES
--------------------------------------------------------------------------------------------------------------------------------
  7 | WARNING | [x] Opening brace of a class must be on the line after the definition
 11 | WARNING | [x] The first parameter of a multi-line function declaration must be on the line after the opening bracket
 12 | WARNING | [x] Multi-line function declaration not indented correctly; expected 8 spaces but found 32
 13 | WARNING | [x] Multi-line function declaration not indented correctly; expected 8 spaces but found 32
 13 | WARNING | [x] The closing parenthesis of a multi-line function declaration must be on a new line
 14 | WARNING | [x] The closing parenthesis and the opening brace of a multi-line function declaration must be on the same line
 45 | WARNING | [ ] Expected "if (...) {\n"; found "if(...) {\n"
 45 | WARNING | [x] Expected 1 space(s) after IF keyword; 0 found
 45 | WARNING | [x] No space found after comma in function call
 47 | WARNING | [x] Expected 1 space after closing brace; newline found
 48 | WARNING | [ ] Expected "} else {\n"; found "}\n        else {\n"
 55 | WARNING | [ ] Line exceeds 120 characters; contains 125 characters
 56 | WARNING | [x] No space found after comma in function call
 56 | WARNING | [x] No space found after comma in function call
 59 | WARNING | [ ] Code must not contain multiple empty lines in a row; found 2 empty lines.
 64 | WARNING | [x] Expected 1 newline at end of file; 0 found
--------------------------------------------------------------------------------------------------------------------------------
PHPCBF CAN FIX THE 12 MARKED SNIFF VIOLATIONS AUTOMATICALLY
--------------------------------------------------------------------------------------------------------------------------------

You can fix some of the issues automatically:

vendor/bin/phpcbf --standard=Magento2 app/code/My/Extension

Finally, Magento also offers https://github.com/magento/marketplace-tools . This is not a quality tool per se, just a little helper to check that the archive you are about to upload is correct. Use it like:

./validate_m2_package.php app/code/My/Extension/Extension.zip

While Magento 2 does more checks against your extension so it can still get rejected, the above should catch the obvious issues before starting the submission process. I also find them useful to quickly check the quality of a 3rd party extension.

 

The current state of the Magento Marketplace

One of the best reasons to use Magento are the community extensions. Free or paid, they augment Magento’s core features and save a lot of development time. Magento always supported this effort by offering a curated extension list. In the old days, this was called Magento Connect. It was simply an extension directory, Magento did not intermediate support or purchasing the extension. It still had value though as it did include a review list which of course, was more relevant than the 5-star reviews on the vendor’s site.

A short history of the marketplace

Magento Connect had a lot of down sides though. The approval time was very long. All the focus was on the marketing. You had to have pretty images and descriptions, but you could get away with very low quality, or even broken code. What was the worst though is that Magento heavily promoted the idea that you can go to the marketplace, get an extension, upload it via SFTP to your server and use it. Magento was not (and it isn’t to date), that kind of system. This resulted in a large number of bad reviews from non-technical merchants (“This extension breaks your site”, “I am not able to upload, PLS HELP!”, “Not good! Do not USE!”). Magento’s approach frustrated the open source community. It’s one thing to charge for the extension and provide support to merchants that cannot afford a developer. A totally different thing to provide free software, but having to deal with installing the extension/fix incompatible merchant stores. This resulted in a large number of open source developers simply pulling off their extensions from Magento Connect and keeping them on Github only, where the audience is more technical. I found myself searching for an extension on Github first and on connect second, which defeated the whole purpose of the effort to have an extension directory.

Fast forward to Magento 2, the approach was changed completely and Magento Connect was replaced by Magento Marketplace. There were major improvements right from the start:

  • Magento intermediates the purchasing (and charges a fee to the extension vendor). Now I can at least address Magento for a refund instead of obscure vendors.
  • You can no longer post a review unless you actually purchased the extension.
  • Better experience overall (more relevant searches, more relevant extension description pages to name a few).

What did not improve from the start was the extension quality. Actually, initially the quality was worse than on the old Magento Connect. Probably Magento needed to have a big number of extensions to offer, so they accepted pretty much anything (as long as you had pretty pictures and descriptions!). Vendors tried to release their Magento 1 extensions for Magento 2 asap, ignoring all coding standards and architectural approaches.

Luckily, Magento worked hard and improved this. Here is how the current process looks like:

Screen Shot 2018-11-04 at 11.32.32 AM

First, there are now two parallel, completely separate tracks – Marketing and Technical.

Marketing

The marketing flow is about the pretty pictures and description. Magento actually made this part really useful…

  • you need to add screenshots. Really important as they are the easiest way to understand quickly if the extension does what you need it todo.
  • the description has stricter guidelines so that it’s focused on the feature set, not on the sales pitch.
  • you have to submit a installation and user manual.
  • you have to clearly specify Magento version compatibility and pricing, including whether the extension relies on another third party subscriptions.

Technical

This is very important for a developer/agency. Personally, I try my best to write good quality code in my projects. Then the merchant buys an extension from the official marketplace and I am puzzled at how low quality it is. Or at least, this is how it used to work. Now there is a technical review. Mainly, it has three steps:

  • an automated code sniffer. It catches quite a few things. It even caught a few things in my code even I consider myself “seasoned”. While it’s still just an automated checker, you cannot do blatant mistakes anymore.
  • a Varnish test. Basically, check that the extension does not break caching. I had to ask for refunds on extensions in the past due to their architecture simply disabling caching and relying on it.
  • a manual QA test. While I am not sure what happens there, I like to think that a real person actually checks the basic flows of the extension and maybe looks over the code too.

I am sure the above works. First, there is no way to bypass the review process. If the automated code tester finds issues, you have to fix them. Then, I can simply feel how the quality has increased. It’s becoming the exception that I buy an extension and have a bad experience. Actually, I am currently only using the marketplace to buy extensions as I trust Magento’s reviews. At least for me, the Magento-owned marketplace concept finally worked.

Why is it better

Besides the above, there are a few not-so-obvious improvements that really helped:

  • the manual review team seems a bit more trained. I did not get my extensions rejected for silly reasons in a while.
  • the review process is faster. No more waiting for months.
  • the documentation is better on how the submission should look like, at least on the marketing side.

What’s still missing

While the extension markeplace is better, it’s still a long way from great imho. Here is what I’d like to see in the future:

  • A Magento-owned demo site so I can check the extension before buying. The vendors now take care of the demos, but not all of them do it properly.
  • A git repo for the extension. Being able to see the commit history helps me a lot.
  • Magento should own security issues. Sadly, vendors do a poor job at communicating a security issue. I’d like to be able to submit a form to Magento when I have one, Magento should work with vendor to correct, then all extension owners should be notified. This is left at the discretion of the vendor now. Most of them simply release a new version but forgot about the patch, or even about mentioning the upgrade fixes a critical security issue.
  • As an extension vendor, I’d love to see subscription-based pricing.

Conclusion

In the last year, I started to trust the marketplace as an authoritative entity in the extension world. While there are a few things to improve, Magento is definitely moving in the right direction. I expect that by then end of 2019, we will have an even better marketplace.