Hey, let me introduce you some of the libraries & tools I've been using in many PHP projects running in production.
I'm used to build my own framework by picking up libs in the below list each time I start a new PHP project. But to be honest, I must admit that I still use a micro-framework for basic HTTP stuff: Slim.
π I use no ORM and I mainly build backend apps with Web APIs.
Libraries
1. Slim Framework
π Purpose:Micro-Framework intended to build Web APIs
π GitHub stars:9,475
π URL:slimphp/slim
This repository contains a Slim Framework CSRF protection PSR-15 middleware. CSRF protection applies to all unsafe HTTP requests (POST, PUT, DELETE, PATCH).
You can fetch the latest CSRF token's name and value from the Request object with its getAttribute() method. By default, the CSRF token's name is stored in the csrf_name attribute, and the CSRF token's value is stored in the csrf_value attribute.
Install
Via Composer
$ composer require slim/csrf
Requires Slim 4.0.0 or newer.
Usage
In most cases you want to register Slim\Csrf for all routes, however, as it is middleware, you can also register it for a subset of routes.
This repository contains a Slim Framework Flash messages service provider. This enables you to define transient messages that persist only from the current request to the next request.
Install
Via Composer
$ composer require slim/flash
Requires Slim 3.0.0 or newer.
Usage
Slim 4
This example assumes that you have php-di/php-di installed.
π Purpose:This enables you to define transient messages that persist only from the current request to the next request
π GitHub stars:104
π URL:slimphp/flash
4. Twig
π Purpose:A very popular template engine that integrates well with Slim (slimphp/twig-view)
π GitHub stars:5,705
π URL:twigphp/twig
Sends your logs to files, sockets, inboxes, databases and various web services
Monolog - Logging for PHP
Note This is the documentation for Monolog 3.x, if you are using older releases
see the documentation for Monolog 2.x or Monolog 1.x
Monolog sends your logs to files, sockets, inboxes, databases and various
web services. See the complete list of handlers below. Special handlers
allow you to build advanced logging strategies.
This library implements the PSR-3
interface that you can type-hint against in your own libraries to keep
a maximum of interoperability. You can also use it in your applications to
make sure you can always use another compatible logger at a later time
As of 1.11.0 Monolog public APIs will also accept PSR-3 log levels
Internally Monolog still uses its own level scheme since it predates PSR-3.
π Purpose:Provides a lightweight and flexible access control list (ACL) implementation for privileges management
π GitHub stars:55
π URL:zendframework/zend-permissions-acl
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and
trivial to integrate with web services.
Simple interface for building query strings, POST requests, streaming large
uploads, streaming large downloads, using HTTP cookies, uploading JSON data
etc...
Can send both synchronous and asynchronous requests using the same interface.
Uses PSR-7 interfaces for requests, responses, and streams. This allows you
to utilize other PSR-7 compatible libraries with Guzzle.
Supports PSR-18 allowing interoperability between other PSR-18 HTTP Clients.
Abstracts away the underlying HTTP transport, allowing you to write
environment and transport agnostic code; i.e., no hard dependency on cURL
PHP streams, sockets, or non-blocking event loops.
Middleware system allows you to augment and compose client behavior.
$client = new \GuzzleHttp\Client()
$response = $client->request('GET', 'https://api.github.com/repos/guzzle/guzzle');
echo$response->getStatusCode();
π Purpose:Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services
π GitHub stars:15,355
π URL:guzzlehttp/guzzle
8. PDO
π Purpose:PHP extension to build and execute secured SQL prepared statements
π URL:PDO
From its home page, XML-RPC is described as a β...remote procedure calling using
HTTP as the transport and XML as the encoding. XML-RPC is designed to be as
simple as possible, while allowing complex data structures to be transmitted,
processed and returned.β
Zend\XmlRpc provides support for both consuming remote XML-RPC services and
building new XML-RPC servers.
π Purpose:Provides support for both consuming remote XML-RPC services and building new XML-RPC servers
π GitHub stars:14
π URL:zendframework/zend-xmlrpc
π Purpose:A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519
π GitHub stars:4,574
π URL:firebase/php-jwt
π Purpose:Config is a lightweight configuration file loader that supports PHP, INI, XML, JSON, and YAML files
π GitHub stars:749
π URL:hassankhan/config
Tools
As a PHP craftsman, the tools below are mandatory in my toolkit. Most of them (except shellcheck) are installable through composer, which allows you to add them as dev dependencies to your project's composer.json.
1. Composer
π Purpose:Essential PHP dependency manager, and much more
π GitHub stars:18,049
π URL:Composer
2. PHPUnit
π Purpose:Awesome unit tests framework with mocking features
π GitHub stars:12,785
π URL:PHPUnit
PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.
Requirements
PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.
If you're using PHP_CodeSniffer as part of a team, or you're running it on a CI server, you may want to configure your project's settings using a configuration file.
Installation
The easiest way to get started with PHP_CodeSniffer is to download the Phar files for each ofβ¦
π Purpose:The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities
π GitHub stars:1,397
π URL:sensiolabs/security-checker
A compact command line linting tool for validating YAML files.
yaml-lint
A compact command line linting tool for validating YAML files, using the parsing facility of
the Symfony Yaml Component.
Usage
usage: yaml-lint [options] [input source]
input source Path to file(s), or "-" to read from standard input
-q, --quiet Restrict output to syntax errors
-h, --help Display this help
-V, --version Display application version
Install
Composer
To get started using yaml-lint in a project, install it with Composer:
composer require --dev j13k/yaml-lint
It can then be run from the project's vendor/bin directory.
To set up yaml-lint globally, install it in the Composer home directory:
composer global require j13k/yaml-lint
It can then be run from the bin directory of Composer home (typically ~/.composer/vendor/bin).
Binary
A binary edition , yaml-lint.phar, is available for download
with each release. This embeds the latest stable version of the Symfony
Yaml component that is current at the time of the release.
A rule based 'linter' for Dockerfiles. The linter rules can be used to check file syntax as well as arbitrary semantic and best practice attributes determined by the rule file writer
The linter can also be used to check LABEL rules against docker images.