When dealing with UUID generation in PHP, developers usually decide to use the famous ramsey/uuid library.
95% of the time the only method used is
Ramsey\Uuid\Uuid::uuid4() which generates a random UUID (the version 4 in the UUID specification). Despite I'm not fan of static methods, this does the job pretty well.
The namespace issue
A lot of applications and libraries started to use
ramsey/uuid in version 2. At that time the package had a different name (
rhumsaa/uuid) and every class was under the
Ben Ramsey renamed the package first (the
rhumsaa/uuid name is now deprecated) but only changed namespace since version 3.0. Which means libraries started using the
ramsey/uuid with version 2.x (the
Rhumsaa namespace) and make it incompatible with version 3.x (the
Thus if you want to use
ramsey/uuid: ^3.0 but one of your dependencies is still using version
2.x then you're screwed.
If the package
ramsey/uuid was created for versions
3.0+ only we could have had both requirements (like Guzzle did between version 3 and 4). But unfortunatly that's not the case.
Updating version of
ramsey/uuid in a project is an easy task: just grep and sed the
Rhumsaa namespace. But if you change the requirements on a library which uses it on its public API, then you're creating a non-BC change and need to publish a new major version of your library. That change may have huge impact on users who depend on it. And if those users depend on another lib which requires a different version of the uuid lib then it's a mess. They will need to coordinate all updates at the same time.
However it looks pretty easy to resolve this issue. We "just" need to ensure the
Rhumsaa\Uuid\Uuid class still exists.
To address this issue I created a tiny composer package which exposes the
Rhumsaa\Uuid\Uuid class (which simply inherit of
Ramsey\Uuid\Uuid) and declares to composer it can replace the
ramsey/uuid:2.x package. The package is available at
Then if you want to use
ramsey/uuid:^3.0 in your app but one of your dependencies is still using
Rhumsaa\Uuid\Uuid, then simply run:
composer require "mattketmo/uuid-2x-bridge:[email protected]"
You can read the discussion in this pull request which led me to do this hack. It's not very beautiful, but it works.
A note on package dependencies
Now that users have a way to not wait their dependencies update the
ramsey/uuid requirement, all libraries can take the time for their next major version release to do the update.
But I want to point out the risk for library maintainers to depend on specific version of a package. If you own a widly used library, try as much a possible to not require other libraries directly. Most of the time an abstraction or an adapter will be enough. For instance the team behind the Broadway library created the broadway-uuid-generator to not depend direclty on Ramsey's implementation (and also to not rely on a static method call).
In other words, think twice before forcing to your users a new dependency.