Sourcehunt: PHP7-Only Alternative to Laravel, HPKP, and More

Bruno Skvorc
Bruno Skvorc

Time to promote some open source projects again! This time we’ve got an alternative to Laravel, but one that requires PHP7 (awesome!), some packages that really care about request validation and query param filtering, HPKP (security upgrades for everyone!), a package that makes your objects stricter and finally, a treat from the people who made Symfony!

Sourcehunt logo

paragonie/hpkp-builder [15 ★]

This library aims to make it easy to build HTTP Public-Key-Pinning headers in your PHP projects, and requires at least PHP 7.

HTTP Public Key Pinning, or HPKP, is a security policy delivered via a HTTP response header much like HSTS and CSP. It allows a host to provide information to a user agent about which cryptographic identities it should accept from the host in the future. This can protect a host website from a security compromise at a Certificate Authority where rogue certificates may be issued for your hostname.

Read more about HPKP here.

Rican7/incoming [137 ★]

Incoming is a PHP library designed to simplify and abstract the transformation of loose, complex input data into consistent, strongly-typed data structures.

// Create our incoming processor
$incoming = new Incoming\Processor();

// Process our raw form/request input into a User model
$user = $incoming->process(
    $_POST,            // Our HTTP form-data array
    new User(),        // Our model to hydrate
    new UserHydrator() // The hydrator above

Explaining it to any great detail is outside the scope of this short post, but in essence it allows us to precisely define what kind of input information goes through and hydrates our model, rejecting, filtering, or transforming everything else.

It’s like Fractal, backwards. (Fractal makes sure the output matches a set structure, rather than input)

The library currently has one outstanding issue – and it’s a discussion around a feature – but could definitely use some users and feedback! Maybe even a SitePoint post about it?

LinioIT/input [18 ★]

Yet another input filtering mechanism, this component of the Linio framework (?!) aims to abstract HTTP request input handling, allowing a seamless integration with your domain model. The component is responsible for:

  • Parsing request body contents
  • Validating input data
  • Hydrating input data into objects

So, in a way, just like Incoming above.

You use input handlers to specify which data you’re expecting from requests:

class RegistrationHandler extends InputHandler
    public function define()
        $this->add('referrer', 'string');
        $this->add('registration_date', 'datetime');

        $user = $this->add('user', 'Linio\Model\User');
        $user->add('name', 'string');
        $user->add('email', 'string');
        $user->add('age', 'integer');

and then reference that in a controller:

class RegistrationController
    public function registerAction(Request $request): Response
        $input = new RegistrationHandler();

        if (!$input->isValid()) {
            return new Response($input->getErrorsAsString());

        $data = $input->getData();
        $data['referrer']; // string
        $data['registration_date']; // \DateTime
        $data['user']; // Linio\Model\User

        return new Response(['message' => 'Valid!']);

The library also supports types, constraints, transformers, and more – all about which you can read in the docs.

mpscholten/request-parser [18 ★]

On a similar note, request-parser does something more lightweight.

public function index()
    $page = $this->queryParameter('page')->int()->required();
    $order = $this->queryParameter('order')->oneOf(['asc', 'desc'])->required();
    $createdAt = $this->queryParameter('createdAt')->dateTime()->defaultsTo(null);

Simple, right? Define required and optional parameters, with types, directly on your current request. There’s more to it, of course, but this is the gist of it.

With a mere 18 stars, this library could definitely use some attention – both in terms of users, and in terms of contributors / testers.

opulencephp/Opulence [322 ★]

Opulence could be the competition Laravel has been waiting for. It’s a full stack framework with a minimum requirement of PHP 7.0. As the docs say:

Opulence is a PHP web application framework that simplifies the difficult parts of creating and maintaining a secure, scalable website. With Opulence, things like database management, caching, ORM, page templates, and routing are a cinch. It was written with customization, performance, and best-practices in mind. Thanks to test-driven development (TDD), the framework is reliable and thoroughly tested. Opulence is split into components, which can be installed separately or bundled together.

Like Laravel, it comes with its own components all around and its author is very determined to keep it cutting edge.

Opulence blew up on Reddit the other day, collecting generally favorable reviews, so the star count isn’t as low as on other projects we’re mentioning in this post, but it could still use contributors if we want to give it the inertia needed to bite at Laravel’s heels.

zeeshanu/yell [7 ★]

Yell is a PHP package to make your objects strict and throw exceptions when you try to access or set some undefined property in them.

use Zeeshanu\Yell\Scream;

class Person
    use Scream;

    public $name;
    public $age;

$person = new Person();

$person->name = 'John Doe';
$person->age = 23;

// An exception will be thrown when showing message "Trying to set undefined property $profession in class Person"  
$person->profession = 'Teacher';

sensiolabs-de/deptrac [355 ★]

Deptrac is a new tool from Sensiolabs (Symfony), and is a static code analysis tool that helps to enforce rules for dependencies between software layers. What does this mean specifically? For example, you can define a rule like “controllers may not depend on models”. To ensure this, deptrac analyzes your code to find any usages of models in your controllers and will show you where this rule was violated.

As an introduction, here’s a handy video they prepared:

Admittedly, this package is a little less indie than the others, but seems interesting enough to warrant promotion – we’d definitely like to see some use cases for it in tutorials. Care to write some?

That’s it for June – as always, please throw your links at us with the hashtags #sourcehunt and #php – here’s the link to the combination. Naturally, if you’d like to sourcehunt a project written in another language, alter accordingly.

Happy coding!