That’s roughly what I was thinking, yes. There’s still a certain appeal to the easy install process but the gap is a lot lower now, the classic PHP way famously lead to security issues, and there’s a vicious flip where once you need to customize anything it goes from easier to harder than the average containerized Node/Python deployment since you need to learn how to run things like FPM rather than just installing a web server package. That also shows up with Composer - the standard library is big but once you need something else, the experience is worse than NPM or PyPI.
The fatal flaw in my opinion was not taking the language itself more seriously 20 years ago. The culture of laxness around things like type coercion, ignoring errors by default, being inconsistent about positional arguments and typing or nomenclature, etc. is so deeply ingrained that major improvement are much harder and will likely require advanced automated tooling. I left the community in the mid-2000s after getting burned out by the endless stream of security and correctness bugs caused by the language and culture – my favorite was the time a detailed bug report for functionality not matching the documentation was WONTFIXed since it was working as the core developers intended & they didn’t feel like updating the docs – but having had the misfortune of being involved with a PHP project again, the only big improvement I can think of was that register_globals isn’t the default. You still routinely see bugs caused by e.g. inconsistent array function parameter ordering causing errors which are silently suppressed despite our configuration having logging enabled for that class of error and the built-in linter won’t report. There was no reason to waste time on that in 2003, much less 2023.
The fatal flaw in my opinion was not taking the language itself more seriously 20 years ago. The culture of laxness around things like type coercion, ignoring errors by default, being inconsistent about positional arguments and typing or nomenclature, etc. is so deeply ingrained that major improvement are much harder and will likely require advanced automated tooling. I left the community in the mid-2000s after getting burned out by the endless stream of security and correctness bugs caused by the language and culture – my favorite was the time a detailed bug report for functionality not matching the documentation was WONTFIXed since it was working as the core developers intended & they didn’t feel like updating the docs – but having had the misfortune of being involved with a PHP project again, the only big improvement I can think of was that register_globals isn’t the default. You still routinely see bugs caused by e.g. inconsistent array function parameter ordering causing errors which are silently suppressed despite our configuration having logging enabled for that class of error and the built-in linter won’t report. There was no reason to waste time on that in 2003, much less 2023.