Hey, let me introduce you some of the libraries & tools I've been using in many PHP projects running in production.
I'm used to build my own framework by picking up libs in the below list each time I start a new PHP project. But to be honest, I must admit that I still use a micro-framework for basic HTTP stuff: Slim.
📝 I use no ORM and I mainly build backend apps with Web APIs.
Libraries
1. Slim Framework
🙋 Purpose: Micro-Framework intended to build Web APIs
🌠 GitHub stars: 9,475
🔗 URL: slimphp/slim
2. Slim Framework CSRF protection middleware
Slim Framework CSRF Protection
This repository contains a Slim Framework CSRF protection PSR-15 middleware. CSRF protection applies to all unsafe HTTP requests (POST, PUT, DELETE, PATCH).
You can fetch the latest CSRF token's name and value from the Request object with its getAttribute() method. By default, the CSRF token's name is stored in the csrf_name attribute, and the CSRF token's value is stored in the csrf_value attribute.
Install
Via Composer
$ composer require slim/csrf
Requires Slim 4.0.0 or newer.
Usage
In most cases you want to register Slim\Csrf for all routes, however, as it is middleware, you can also register it for a subset of routes.
Register for all routes
use DI\Container
use Slim\Csrf\Guard;
use Slim\Factory\AppFactory;
require __DIR__ . '/vendor/autoload.php';
// Start PHP session
session_start();
// Create Container
$container = new Container…🙋 Purpose: Protect your GUI pages with a CSRF token
🌠 GitHub stars: 201
🔗 URL: slimphp/csrf
3. Slim Framework Flash Messages
slimphp
/
Slim-Flash
Slim Framework flash messages service provider
Slim Framework Flash Messages
This repository contains a Slim Framework Flash messages service provider. This enables you to define transient messages that persist only from the current request to the next request.
Install
Via Composer
$ composer require slim/flash
Requires Slim 3.0.0 or newer.
Usage
Slim 4
This example assumes that you have php-di/php-di installed.
<?php
use DI\ContainerBuilder;
use Slim\Factory\AppFactory;
use Slim\Flash\Messages;
use Slim\Routing\RouteContext;
require_once __DIR__ . '/../vendor/autoload.php';
$containerBuilder = new ContainerBuilder();
// Add container definition for the flash component
$containerBuilder->addDefinitions(
[
'flash' => function () {
$storage = [];
return new Messages($storage);
}
]
);
AppFactory::setContainer($containerBuilder->build());
$app = AppFactory::create();
// Add session start…🙋 Purpose: This enables you to define transient messages that persist only from the current request to the next request
🌠 GitHub stars: 104
🔗 URL: slimphp/flash
4. Twig
🙋 Purpose: A very popular template engine that integrates well with Slim (slimphp/twig-view)
🌠 GitHub stars: 5,705
🔗 URL: twigphp/twig
5. Monolog
Monolog - Logging for PHP 
Note This is the documentation for Monolog 3.x, if you are using older releases see the documentation for Monolog 2.x or Monolog 1.x
Monolog sends your logs to files, sockets, inboxes, databases and various web services. See the complete list of handlers below. Special handlers allow you to build advanced logging strategies.
This library implements the PSR-3 interface that you can type-hint against in your own libraries to keep a maximum of interoperability. You can also use it in your applications to make sure you can always use another compatible logger at a later time As of 1.11.0 Monolog public APIs will also accept PSR-3 log levels Internally Monolog still uses its own level scheme since it predates PSR-3.
Installation
Install the latest version with
composer require monolog/monolog
Basic Usage
<?php
use…🙋 Purpose: Sends your logs to files, sockets, inboxes, databases and various web services
🌠 GitHub stars: 13,388
🔗 URL: seldaek/monolog
6. Zend ACL permissions
zend-permissions-acl
Repository abandoned 2019-12-31
This repository has moved to laminas/laminas-permissions-acl.
Provides a lightweight and flexible access control list (ACL) implementation for privileges management.
- File issues at https://github.com/zendframework/zend-permissions-acl/issues
- Documentation is at https://docs.zendframework.com/zend-permissions-acl/
🙋 Purpose: Provides a lightweight and flexible access control list (ACL) implementation for privileges management
🌠 GitHub stars: 55
🔗 URL: zendframework/zend-permissions-acl
7. Guzzle
Guzzle, PHP HTTP client
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services.
- Simple interface for building query strings, POST requests, streaming large uploads, streaming large downloads, using HTTP cookies, uploading JSON data etc...
- Can send both synchronous and asynchronous requests using the same interface.
- Uses PSR-7 interfaces for requests, responses, and streams. This allows you to utilize other PSR-7 compatible libraries with Guzzle.
- Supports PSR-18 allowing interoperability between other PSR-18 HTTP Clients.
- Abstracts away the underlying HTTP transport, allowing you to write environment and transport agnostic code; i.e., no hard dependency on cURL PHP streams, sockets, or non-blocking event loops.
- Middleware system allows you to augment and compose client behavior.
$client = new \GuzzleHttp\Client()
$response = $client->request('GET', 'https://api.github.com/repos/guzzle/guzzle');
echo $…🙋 Purpose: Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services
🌠 GitHub stars: 15,355
🔗 URL: guzzlehttp/guzzle
8. PDO
🙋 Purpose: PHP extension to build and execute secured SQL prepared statements
🔗 URL: PDO
9. Zend XML-RPC
zendframework
/
zend-xmlrpc
XmlRpc component from Zend Framework
zend-xmlrpc
Repository abandoned 2019-12-31
This repository has moved to laminas/laminas-xmlrpc.
From its home page, XML-RPC is described as a ”...remote procedure calling using HTTP as the transport and XML as the encoding. XML-RPC is designed to be as simple as possible, while allowing complex data structures to be transmitted, processed and returned.”
Zend\XmlRpc provides support for both consuming remote XML-RPC services and
building new XML-RPC servers.
- File issues at https://github.com/zendframework/zend-xmlrpc/issues
- Documentation is at https://docs.zendframework.com/zend-xmlrpc/
🙋 Purpose: Provides support for both consuming remote XML-RPC services and building new XML-RPC servers
🌠 GitHub stars: 14
🔗 URL: zendframework/zend-xmlrpc
10. PHPMailer
PHPMailer – A full-featured email creation and transfer class for PHP
Features
- Probably the world's most popular code for sending email from PHP!
- Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more
- Integrated SMTP support – send without a local mail server
- Send emails with multiple To, CC, BCC, and Reply-to addresses
- Multipart/alternative emails for mail clients that do not read HTML email
- Add attachments, including inline
- Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings
- SMTP authentication with LOGIN, PLAIN, CRAM-MD5, and XOAUTH2 mechanisms over SMTPS and SMTP+STARTTLS transports
- Validates email addresses automatically
- Protects against header injection attacks
- Error messages in over 50 languages!
- DKIM and S/MIME signing support
- Compatible with PHP 5.5 and later, including PHP 8.2
- Namespaced to prevent name clashes
- Much more!
Why you might need it
Many PHP developers need to send email from their code. The only…
🙋 Purpose: A full-featured email creation and transfer class for PHP
🌠 GitHub stars: 12,422
🔗 URL: phpmailer/phpmailer
11. Firebase / PHP-JWT
PHP-JWT
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519.
Installation
Use composer to manage your dependencies and download PHP-JWT:
composer require firebase/php-jwt
Optionally, install the paragonie/sodium_compat package from composer if your
php env does not have libsodium installed:
composer require paragonie/sodium_compat
Example
use Firebase\JWT\JWT
use Firebase\JWT\Key;
$key = 'example_key';
$payload = [
'iss' => 'http://example.org',
'aud' => 'http://example.com',
'iat' => 1356999524,
'nbf' => 1357000000
];
/**
* IMPORTANT:
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
*/
$jwt = JWT::encode($payload, $key, 'HS256');
$decoded = JWT::…🙋 Purpose: A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519
🌠 GitHub stars: 4,574
🔗 URL: firebase/php-jwt
12. Hassankhan / Config
hassankhan
/
config
Config is a lightweight configuration file loader that supports PHP, INI, XML, JSON, and YAML files
Config
Config is a file configuration loader that supports PHP, INI, XML, JSON YML, Properties and serialized files and strings.
Requirements
Config requires PHP 7.4+.
IMPORTANT: If you want to use YAML files or strings, require the Symfony Yaml component in your
composer.json.
Installation
The supported way of installing Config is via Composer.
$ composer require hassankhan/config
Usage
Config is designed to be very simple and straightforward to use. All you can do with it is load, get, and set.
Loading files
The Config object can be created via the factory method load(), or
by direct instantiation:
use Noodlehaus\Config
use Noodlehaus\Parser\Json;
// Load a single file
$conf = Config::load('config.json');
$conf = new Config('config.json');
// Load values from multiple files
$conf = new Config(['…🙋 Purpose: Config is a lightweight configuration file loader that supports PHP, INI, XML, JSON, and YAML files
🌠 GitHub stars: 749
🔗 URL: hassankhan/config
Tools
As a PHP craftsman, the tools below are mandatory in my toolkit. Most of them (except shellcheck) are installable through composer, which allows you to add them as dev dependencies to your project's composer.json.
1. Composer
🙋 Purpose: Essential PHP dependency manager, and much more
🌠 GitHub stars: 18,049
🔗 URL: Composer
2. PHPUnit
🙋 Purpose: Awesome unit tests framework with mocking features
🌠 GitHub stars: 12,785
🔗 URL: PHPUnit
3. PHP Code Sniffer
squizlabs
/
PHP_CodeSniffer
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
Warning
This repository has been abandoned. Its successor is PHPCSStandards/PHP_CodeSniffer
See issue #3932 for more information.
About
PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.
Requirements
PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.
If you're using PHP_CodeSniffer as part of a team, or you're running it on a CI server, you may want to configure your project's settings using a configuration file.
Installation
The easiest way to get started with PHP_CodeSniffer is to download the Phar files for each of…
🙋 Purpose: Static analysis tool to detect & fix coding standard violations
🌠 GitHub stars: 5,915
🔗 URL: squizlabs/php_codesniffer
4. PHP Mess Detector aka phpmd
🙋 Purpose: Static analysis tool to detect code smells, bad design, bugs, unused parameters, etc.
🌠 GitHub stars: 1,315
🔗 URL: phpmd/phpmd
5. PHP Coding Standard Fixer aka php-cs-fixer
🙋 Purpose: Automatically fixes coding standard violations
🌠 GitHub stars: 7,036
🔗 URL: friendsofphp/php-cs-fixer
6. SensioLabs Security Checker
🙋 Purpose: The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities
🌠 GitHub stars: 1,397
🔗 URL: sensiolabs/security-checker
7. XML Linter
Sclable XML Lint
A php tool to lint and validate xml files from the commandline.
XML Lint checks the syntax of any xml files and validates the file against the XSD schema defined in the file.
Usage
Installation with Composer
If you'd like to include this library in your project with composer, simply run:
composer require "sclable/xml-lint"
Command Line Usage
To lint a single xml file:
vendor/bin/xmllint path/to/file.xml
To lint a directory and all its subdirectories:
vendor/bin/xmllint path/to/dir
Help
xmllint has built in cli help screen:
vendor/bin/xmllint --help
Options
-
-vbe verbose, display the filename of the current file to lint -
-r 0don't search recursive (if the argument is a directory) -
-e nameexclude files or directories containing 'name' -
-sskip the xsd validation
Development
Run tests
# check code style
php tools/php-cs-fixer/vendor/bin/php-cs-fixer fix --dry-run -v
# run tests
php vendor/bin/phpunit
php vendor/bin/behat
Using docker:
# Example
docker…🙋 Purpose: A PHP tool to lint and validate XML files from the command line
🌠 GitHub stars: 6
🔗 URL: sclable/xml-lint
8. YAML Linter
yaml-lint
A compact command line linting tool for validating YAML files, using the parsing facility of the Symfony Yaml Component.
Usage
usage: yaml-lint [options] [input source]
input source Path to file(s), or "-" to read from standard input
-q, --quiet Restrict output to syntax errors
-h, --help Display this help
-V, --version Display application version
Install
Composer
To get started using yaml-lint in a project, install it with Composer:
composer require --dev j13k/yaml-lint
It can then be run from the project's vendor/bin directory.
To set up yaml-lint globally, install it in the Composer home directory:
composer global require j13k/yaml-lint
It can then be run from the bin directory of Composer home (typically ~/.composer/vendor/bin).
Binary
A binary edition , yaml-lint.phar, is available for download
with each release. This embeds the latest stable version of the Symfony
Yaml component that is current at the time of the release.
…
🙋 Purpose: Compact command line utility for checking YAML file syntax
🌠 GitHub stars: 3
🔗 URL: j13k/yaml-lint
9. Dockerfile Linter
dockerfile-lint
A rule based 'linter' for Dockerfiles. The linter rules can be used to check file syntax as well as arbitrary semantic and best practice attributes determined by the rule file writer The linter can also be used to check LABEL rules against docker images.
Table of Contents
Quickstart
- Change to directory where you have a Dockerfile
- run
-
Atomic CLI
atomic run projectatomic/dockerfile-lint atomic run projectatomic/dockerfile-lint image <imageid> -
Docker CLI
docker run -it --rm -v $PWD:/root/ \ projectatomic/dockerfile-lint \ dockerfile_lint [-f Dockerfile] docker run -it --rm -v $PWD:/root/ \ -v /var/run/docker.sock:/var/run/docker.sock \ projectatomic/dockerfile-lint \ dockerfile_lint image <imageid>
By default, the linter runs in strict mode (errors and/or warnings result in non-zero return code). Run the command with -p or --permissive to…
🙋 Purpose: Rule based Dockerfile linter
🌠 GitHub stars: 259
🔗 URL: projectatomic/dockerfile_lint
10. Shellcheck
koalaman
/
shellcheck
ShellCheck, a static analysis tool for shell scripts
ShellCheck - A shell script static analysis tool
ShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh shell scripts:
The goals of ShellCheck are
-
To point out and clarify typical beginner's syntax issues that cause a shell to give cryptic error messages.
-
To point out and clarify typical intermediate level semantic problems that cause a shell to behave strangely and counter-intuitively.
-
To point out subtle caveats, corner cases and pitfalls that may cause an advanced user's otherwise working script to fail under future circumstances.
See the gallery of bad code for examples of what ShellCheck can help you identify!
Table of Contents
🙋 Purpose: A static analysis tool for shell scripts
🌠 GitHub stars: 13,440
🔗 URL: koalaman/shellcheck
11. Swagger CLI
🙋 Purpose: Validate Swagger/OpenAPI files in JSON or YAML format
🌠 GitHub stars: 125
🔗 URL: APIDevTools/swagger-cli
All these tools can be run automatically:
- in your IDE
- in a git hook
- in your CI/CD pipeline
If you want to go further, please have a look at one of my former articles:
Thanks for reading.
See ya!
Top comments (7)
I'm used to build small to medium apps with something like 50kLoC.
I have no specific strategy so I usually end up with big routes files.
As you may know, Slim routes take a closure to handle the request and give the response:
Instead of having a big routes file, we have the possibility to define a controller class and to pass it to the \Slim\App:
I never tried that but it's well described in the official doc.
You could install a DI container and do something like this
Good libraries/tools/complements to work in a PHP project !
You said this
Could you explain me how you manage in an API a dynamic filter with a resource that have relation with othe(s) table(s) ?
I would like to recommend this tools too:
Output complex, flexible, AJAX/RESTful data structures.
Fractal
Fractal provides a presentation and transformation layer for complex data output, the like found in RESTful APIs, and works really well with JSON. Think of this as a view layer for your JSON/YAML/etc.
When building an API it is common for people to just grab stuff from the database and pass it to
json_encode(). This might be passable for "trivial" APIs but if they are in use by the public or used by mobile applications then this will quickly lead to inconsistent output.Goals
foreach()ing through and(bool)ing everythingAbstraction for local and remote filesystems
League\Flysystem
Flysystem is a filesystem abstraction which allows you to easily swap out a local filesystem for a remote one.
Goals
Installation
Documentation
Check out the documentation
Community Integrations
Want to get started quickly? Check out some of these integrations:
Adapters
Core
Officially Supported
PHP library for iteratively encoding large JSON documents piece by piece
Streaming JSON Encoder
Streaming JSON Encoder is a PHP library that provides a set of classes to help with encoding JSON in a streaming manner, i.e. allowing you to encode the JSON document bit by bit rather than encoding the whole document at once. Compared to the built in
json_encodefunction, there are two main advantages:In other words, the Streaming JSON Encoder can provide the greatest benefit when you need to handle large data sets that may otherwise take up too much memory to process.
…
Iteration primitives using generators
Iteration primitives using generators
This library implements iteration primitives like
map()andfilter()using generators. To a large part this serves as a repository for small examples of generator usage, but of course the functions are also practically quite useful.All functions in this library accept arbitrary iterables, i.e. arrays traversables, iterators and aggregates, which makes it quite different from functions like
array_map()(which only accept arrays) and the SPL iterators (which usually only accept iterators, not even aggregates). The operations are of course lazy.Install
To install with composer:
Functionality
A small usage example for the
map()andrange()functions:You can find…
All PHP functions, rewritten to throw exceptions instead of returning false
Safe PHP
Work in progress
A set of core PHP functions rewritten to throw exceptions instead of returning
falsewhen an error is encountered.The problem
Most PHP core functions were written before exception handling was added to the language. Therefore, most PHP functions do not throw exceptions. Instead, they return
falsein case of error.But most of us are too lazy to check explicitly for every single return of every core PHP function.
The correct version of this code would be:
Easy-to-use PDO wrapper for PHP projects.
EasyDB - Simple Database Abstraction Layer
PDO lacks brevity and simplicity; EasyDB makes separating data from instructions easy (and aesthetically pleasing).
EasyDB was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.
Check out our other open source projects too.
If you're looking for a full-fledged query builder, check out Latitude and Aura.SqlQuery which can be used with EasyDB.
If you'd like to use EasyDB but cache prepared statements in memory for multiple queries (i.e. to reduce database round-trips), check out our EasyDB-Cache wrapper class.
Installing EasyDB
First, get Composer, if you don't already use it.
Next, run the following command:
If you've installed Composer in
/usr/bin, you can replace/path/to/your/local/composer.pharwith justcomposer.Why Use EasyDB? Because it's cleaner!
Let's refactor a dangerous PHP snippet that previously used string concatenation to pass user input instead…
I didn't know these libs and it sounds great.
I know that thephpleague do a great job for PHP.
Regarding the ORM, I don't use it and I prefer building the SQL queries by myself. I use a mapper layer for that which is responsible for the DTO stuff. When several tables are required, I just use a JOIN statement.
It's not ideal but even with ORM, I don't see any clean way to do that.
The problem is with REST. I have to give a chance to GraphQL 😉
Great list Boris! While I knew many of these it is good to see some I was not aware of. Would you have time to checkout a little library I put together?
Wrapper library that provides normalized function interfaces for the PHP standard library.
Normie
Badges
Contributors
Description
Normie (short for Normalizer) attempts to make using the PHP Standard Library (SPL) function calls more consistent by implementing a norm_{function name}() wrapper function declarations. This library DOES NOT over ride the SPL functions in any way.
Examples
Function parameter order examples.
Arrays fn()
Normie array functions follow the 'array source X, operator Y (callback,key, needle, etc), other parameters are Z' mentality. The complete list of array functions are viewable here.
SPL: array array_map ( callable $callback, array $arr1, array $_ = null) { }
Normie: array norm_array_map( array $array, callable $callback, array $userdata = null): array
Strings fn()
Normie string functions follow the 'Search X string or Y target, replace with Z string' mentality. The complete list of string functions are viewable here.
SPL: array explode ( string $delimiter , string $string [, int $limit = PHP_INT_MAX ] )
…
Hi David,
I don't use the SPL that much and honestly, its lack of consistency doesn't bother me.
I hope PHP8 will move this in the right way.
Anyway, you made a great job for the community by providing this library.
Lean & Elegant