By Bruno Skvorc

Sourcehunt PHP: Contribute to Crypto, Validation, Payments…

By Bruno Skvorc
Help us help you! You'll get a... FREE 6-Month Subscription to SitePoint Premium Plus you'll go in the draw to WIN a new Macbook SitePoint 2017 Survey Yes, let's Do this It only takes 5 min


Last month, we introduced a new effort called Sourcehunt – a category of post intended to direct attention to less popular open source projects that show promise and need exposure.

We’ve called for new submissions and accumulated an impressive list.

Sourcehunt logo

AsgardCMS [103 ★]

Asgard is an open source, multi-language modular CMS platform. Despite a rather uninspiring name and design, its big selling point is being based on Laravel 5.1 (the LTS version) rather than 5.0 like similar projects.

The CMS has been alive for a while now, but unfortunately failed to amass a decent following. To help, besides being mentioned in Sourcehunt, we’ll also have a more in-depth look at it soon, attempting to recreate some non-trivial site examples to see how it stacks up against competition.

memio/spec-gen [21 ★]

The code generation library Memio, which we’ve covered before, has a spinoff project called spec-gen a code generation extension for the PhpSpec testing framework.

PhpSpec can generate class stubs for you if you’re testing something that doesn’t exist yet (in true TDD fashion), and this plugin makes it a bit more powerful. Granted, it’s a specific use case which would explain the project’s low adoption rate – but we feel like it deserves more eyes. With the PHP community waking up to testing more and more, we’re sure this will see some takers among you!

thunderer/shortcode [59 ★]

If you ever used WordPress for more than just publishing default posts, you’ll be familiar with shortcodes. thunderer/shortcode is a package aiming to bring them into the rest of the PHP world.

Now you can add custom “civilian-friendly” shortcodes into your own CMS / app / templating engine and have the designers and content writers get right to work without having to deal with method calls and mustache ({{ }}) surroundings.

Granted, this library doesn’t do much a simple extension to a template engine couldn’t do – but it’s engine/library-agnostic and can be plugged into any other content parser easily, which certainly is an advantage.

The Blink framework is “a micro web framework for building long-running and high performance services [… and] is also an application server that can serve requests directly in PHP, without php-fpm or Apache’s mod_php[… It uses] the Swoole extension as the underlying networking library.

Translation: Blink is another solution in the form of long-running PHP servers written in PHP (think ReactPHP, AppServer…), but this time with an embedded framework and battle tested on some high traffic Chinese sites. The Swoole extension they reference is a C extension for PHP which allows for long-running apps, effectively preventing the complete recompilation and memory purge of a PHP app after a response is served. This opens new doors to danger, but that’s where immutability can help – a discussion for another time. Further clarifications can be found in this Reddit thread.

Rest assured, a tutorial introducing the Blink framework is coming up – but in the meanwhile, why not give it a spin so you can help up peer review it?

Agent [662 ★]

Agent helps you find out information about a User Agent. No more manual parsing of UA strings to find out whether the visitor is on mobile, desktop, Firefox or Safari – Agent takes care of all this with a very user friendly interface.

It’s a simple tool, but one that will find a home in many a project. While already very popular (it kind of exploded on Reddit), it could still use some contributions.

PHP Humanizer [915 ★]

Humanizer makes values that are readable only for developers more civilian-friendly. See this example:

use Coduo\PHPHumanizer\String;

echo String::humanize('field_name'); // "Field Name"
echo String::humanize('user_id'); // "User"
echo String::humanize('field_name', false); // "field name"

More examples in their README, but you get the gist – it’s a fun tool that’s admittedly more popular than one might expect, but given the two issues they need help with and several pull requests that need reviewing, it’s safe to assume the project is looking for more contributors.


Particle/Validator [79 ★]

An extremely simple implementation of common validation practices, Particle/Validator was recently tagged as version 2.0 and is looking for early adopters and contributors. Validating is as simple as:

$v = new Validator;

$v->required('user.first_name')->lengthBetween(2, 50)->alpha();
$v->required('user.last_name')->lengthBetween(2, 50)->alpha();

$result = $v->validate([
    'user' => [
        'first_name' => 'John',
        'last_name' => 'D',
    'newsletter' => true,

$result->isValid(); // bool(false).
 * array(1) {
 *     ["user.last_name"]=> array(1) {
 *         ["Length::TOO_SHORT"]=> string(53) "last_name is too short and must be 2 characters long."
 *     }
 * }

It’s a high-code-quality full-test-coverage library that’s looking to make its mark on the PHP world, and with the framework and library agnostic approach it’s taking, we feel like it deserves more than a good shot.

pascaldevink/shortuuid [119 ★]

shortuuid is a simple php library that generates concise, unambiguous, URL-safe UUIDs.

There are many arguments against sequential IDs in URLs, especially in API design, so hiding them with unique URL-friendly strings only makes sense.

The library goes out of its way to be very simple to use, and highly unambiguous as far as similar characters are concerned so that, for example, similar-looking characters such as l, 1, I, O and 0 are completely omitted and cannot be mistyped.

vinkla/climb [218 ★]

How do you check for new versions of your Composer packages? Run composer update and hope for the best? Do dry runs?

Climb scans your project and lists newer versions of dependencies than what your composer.json allows – simple as that:

alt-three/logger                1.0.2      →     1.1.0
graham-campbell/exceptions      5.0.0      →     5.1.0
jenssegers/optimus              0.1.4      →     0.2.0
vinkla/hashids                  1.1.0      →     2.2.0

flashtag/subsplit-service [218 ★]

Ever wondered how those big projects like Zend or Symfony separate their components out into read-only sub repositories? For example, the Symfony Yaml component is a read only component repo, but can also be found in the main framework.

Some teams have hacked together solutions that automate this, but Flashtag’s subsplit-service takes it to the next level by hooking into github’s webhooks or being triggered by cronjobs. Usage is quite straightforward when you’re the tool’s target audience, and we’re planning an in-depth look at the tool and a comparison with alternatives real soon. Stay tuned!

Payum [503 ★]

Payum is one of those packages that starts out innocent enough, but then everyone starts using it because it just rockets past the often too-specific, too-locale-bound, too slow competition.

It’s a payment processor for Paypal, Stripe, Omnipay, and many more services, easily integrated with any library and framework, featuring a consistent and well tested API and rather extensive docs.

Payum recently reached version 1.0.0, and could use your help in test driving it and contributing by handling some issues and PRs. If you can’t help with code, we encourage you to help with documentation as English is (rather obviously) not the team’s native language.

bernard [389 ★]

Bernard is to job queue engines what HTTPlug is to HTTP clients in PHP.

It abstracts the specific implementations and makes it possible to use various background job engines for all your PHP queueing needs.

Bernard is far from a new project, but development has been picked up in the past few days again and the library got a second wind. Due to its potential, we felt it necessary to direct some attention to it – can you contribute?

paragonie/halite [125 ★]

Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations.

Halite depends on the excellent libsodium (so it and its PHP extension counterpart are prerequisites) and provides symmetric and asymmetric encryption and authentication. For example, here’s how one would encrypt/decrypt a file:

use \ParagonIE\Halite\File;
// Encrypt a file with symmetric-key cryptography
File::encrypt($inputFile, $outputFile, $encryption_key);

// Decrypt a file with symmetric-key cryptography
File::decrypt($inputFile, $outputFile, $encryption_key);

// Encrypt a file with asymmetric-key cryptography
File::seal($inputFile, $outputFile, $enc_public);

// Decrypt a file with asymmetric-key cryptography
File::unseal($inputFile, $outputFile, $enc_secret);

// Get the checksum of a file
$checksum = File::checksum($filename);

// Get the cryptographic signature of a file's checksum
$signature = File::sign($filename, $sign_secret);

// Verify the authenticity of a digitally signed file
$valid = File::verify($filename, $sign_public, $signature);

This may be a bit unclear unless you’re very security conscious, so we’re preparing a proper tutorial on Halite for you in the coming weeks, one dealing with a real use case. We think you’ll like it.

That’s it for this month’s Sourcehunt! If you’re struggling with finding projects to contribute to, please re-read the list above and see if anything strikes your fancy. Let us know if you do send a PR or two, and we’ll feature them in the next Sourcehunt when we report on the activity!

To suggest projects you’d like to see on this list next month, just shout out tweets with hashtags #sourcehunt and #php – here’s the link to the combination. Naturally, if you’d like to sourcehunt a project written in another language, alter accordingly.

Login or Create Account to Comment
Login Create Account
Get the latest in PHP, once a week, for free.