WordPress Performance Team Proposes Developing a New Plugin Checker Tool – WP Tavern
WordPress’ Efficiency group is kickstarting a proposal for growing a plugin checker software much like the theme check plugin, which ensures themes are assembly the most recent requirements and greatest practices.
In 2021, WordPress’ Meta group built a code scanner that detects potential safety dangers, corresponding to unescaped SQL queries in plugin code, with the objective of lowering the Plugin Staff’s load by automation. That individual software wasn’t developed to encourage greatest practices however moderately to make sure plugins coming into the listing meet the naked minimal requirements crucial for safety.
The Efficiency group is proposing constructing a unique sort of plugin that will flag any violations of the plugin improvement necessities and recommend greatest practices with errors or warnings.
“It ought to cowl numerous elements of plugin improvement, from primary necessities like appropriate utilization of internationalization capabilities to accessibility, efficiency, and safety greatest practices,” Google-sponsored contributor Felix Arntz mentioned. He recognized three important objectives for the plugin:
- Present plugin builders with suggestions on necessities and greatest practices throughout improvement.
- Present the wordpress.org plugin assessment group with a further automated software to determine sure issues or weaknesses in a plugin forward of a guide assessment.
- Present technical web site homeowners with a software to evaluate plugins primarily based on these necessities and greatest practices.
The Efficiency group recommends the plugin additionally work from the command line (utilizing WP-CLI) and that it transcend static code evaluation to incorporate runtime checks that execute code.
The proposal has obtained combined suggestions to date. A number of members within the dialogue welcome improvement on such a software and can be keen to make use of it with their very own plugins. Others are frightened in regards to the checks turning into too heavy-handed and negatively impacting the plugin ecosystem.
“Having a plugin to automate these checks sounds nice,” WordPress developer Michael Nelson said. “I fear although that finally this can imply WP plugin creator devs might want to undertake WP’s code model too, which might be fairly annoying.”
WordPress developer Josh Pollock commented that he shares these considerations and is frightened about how these requirements could also be utilized in direction of plugins that weren’t created to assist PHP5, use composer for dependency administration and automation, and share PHP code with different frameworks.
“If this HELPS plugin builders, then high-quality, however whether it is used as a weapon to insist on requirements, then I believe will probably be a nail in WP’s coffin,” plugin developer Robin W said.
“If you wish to insist on stuff that’s not safety important, then the present documentation is way from helpful to rookies.
“Now if the software rewrote the code to plain, so the dev obtained a ‘this can be a higher model’ then I’d be on board.
“However one which simply says ‘you aren’t escaping your code appropriately’ after which makes the plugin dev attempt to discover what and the place it’s unsuitable will simply drive much less innovation.”
The Efficiency group is requesting suggestions from the neighborhood, notably plugin builders, plugin reviewers, and the meta group. If they can attain a consensus, Arntz mentioned the following step is to design the infrastructure for the plugin checker in a GitHub repository.
“The efficiency group can be excited to take the lead on this undertaking, however it’s important that extra contributors from different groups assist with its improvement, particularly on the subject of defining and implementing the completely different checks,” Arntz mentioned.
“That is definitely an formidable undertaking, and it isn’t the primary time {that a} plugin checker has come up. It additionally must be clarified that it’s going to possible take a couple of months not less than to get to a primary model. Nonetheless, we’re optimistic that with a strong basis and collaboration from the beginning, we are able to create a software that may meet the necessities for dependable automated plugin checks.”