Possible update to the documentation re: require-dev

[webdevnerdstuff]

Re: https://underground.works/clockwork/#docs-installation

Since this is primarily a development only tool and shouldn't be on production, is there any specific reason why the documentation does not show the default install command for require-dev?

composer require --dev itsgoingd/clockwork

Personally I like the better safe than sorry approach. Sometimes a miscommunication with DevOps might have them set the .env variable as true, which can expose a production env. This actually happened with one of ours sites. Luckily I caught it soon enough, but that could have caused major problems if I didn't.

Another thing I noticed, is that for the same site, the APP_DEBUG was set as false, but CLOCKWORK_ENABLE was set as true. So in this case, setting debug to false was ignored. Perhaps it could be more clearly obvious in the documentation on this page that CLOCKWORK_ENABLE has priority over APP_DEBUG.

https://underground.works/clockwork/#docs-collected-data

[itsgoingd]

I mostly agree.

Installing as non-dev dependency has some pros:

• You can leave some Clockwork calls in your app, without worrying about the code crashing in production when the library is not available.
• You might actually want to run Clockwork in production eg. conditionally for debugging, as sampling profiler etc. though I would recommend doing so only to people who really know what they are doing.

I agree though, for most people, installing as dev-dependency might be a better choice. We should probably change the default instructions to use --dev, or at least prominently mention that option.

There's also a very real problem with people running their apps with APP_DEBUG enabled in production, which would be mostly fixed by this. I'm also considering changing the default to require both APP_DEBUG enabled and check for whether the app is running on localhost.