Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Psl
Assessments

Psl Laravel Package

azjezz/psl

PSL (PHP Standard Library) offers a consistent, well-typed set of safer, async-ready APIs to replace PHP primitives. Covers async, collections, networking, I/O, cryptography, terminal UI, and type-safe data validation with predictable errors.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Modularity & Reusability: PSL 6.2.1 retains its alignment with Laravel’s modular architecture, but the new HTTP/2 security fixes introduce critical considerations for Laravel applications using low-level PSL components (e.g., Psl\H2\ServerConnection). For most Laravel users, this release does not impact high-level PSL APIs (e.g., HttpClient, Validation), but direct consumers of Psl\H2 must update.
    • Security-Critical: The fix enforces RFC 9113 compliance for HTTP/2 content-length validation, which is non-negotiable for untrusted client traffic (e.g., public APIs, microservices). Laravel’s built-in HTTP server (e.g., php artisan serve) does not use Psl\H2 by default, but custom HTTP/2 implementations (e.g., Swoole, RoadRunner) might.
    • Validation & Utilities: No changes to PSL’s core validation or utility components (String, Array, Collection), so Laravel’s integration remains unchanged.
  • Laravel-Specific Synergies:
    • HTTP/2 Middleware: If Laravel apps use PSL’s Psl\H2 for HTTP/2 handling (rare), this release requires immediate action (see Technical Risk).
    • Event-Driven: PSL’s EventDispatcher (PSR-14) remains unaffected; Laravel’s event system integration is unchanged.
  • Anti-Patterns:
    • Overhead for Simple Apps: Unchanged. PSL’s value is still standardization, not feature replacement.
    • HTTP/2 Risk: Direct use of Psl\H2\ServerConnection in Laravel is discouraged unless explicitly required (e.g., custom HTTP/2 servers). Prefer Laravel’s built-in HTTP clients or Guzzle for most use cases.

Integration Feasibility

  • PSR Compliance: Unchanged. PSL 6.2.1 remains PSR-compliant (7, 11, 15, etc.), ensuring zero-conflict integration with Laravel.
  • Backward Compatibility:
    • Breaking Change: The Psl\H2 component now throws StreamException on content-length mismatches, which may break existing code relying on silent failure or partial data.
    • Non-Breaking: All other PSL components (e.g., HttpClient, Cache, Validation) are unaffected.
  • Testing & Debugging:
    • HTTP/2 Validation: Apps using Psl\H2 must now handle StreamException in tests and production. Update test cases to expect these exceptions for malformed requests.
    • No Impact on High-Level APIs: Laravel’s Http facade or Guzzle clients remain unchanged.

Technical Risk

Risk Area Assessment Mitigation Strategy
HTTP/2 Security Risk Critical: Apps using Psl\H2\ServerConnection directly are vulnerable to HTTP/2 smuggling attacks. Laravel’s default stack does not use this, but custom HTTP/2 implementations (e.g., Swoole) might. Immediate upgrade for Psl\H2 users. Replace custom HTTP/2 logic with Laravel’s built-in HTTP clients or Guzzle if possible.
Exception Handling New StreamException may crash unpatched apps if not handled. Update error handling to catch Psl\H2\Exception\StreamException and log/retire malformed requests.
Performance HTTP/2 validation adds minimal overhead but may impact high-throughput services. Benchmark only if using Psl\H2. For most Laravel apps, this is a non-issue.
Dependency Updates PSL 6.2.1 may pull in updated dependencies (e.g., react/http). Run composer update php-standard-library/psl --dry-run to check for transitive dependency changes.
Testing Overhead Apps using Psl\H2 must update tests to validate content-length enforcement. Add test cases for malformed HTTP/2 requests (e.g., mismatched content-length and DATA frames).

Key Questions

  1. Strategic Alignment:
    • Does the Laravel application directly use Psl\H2\ServerConnection for HTTP/2 handling? If yes, this release requires urgent action.
    • Are there custom HTTP/2 implementations (e.g., Swoole, RoadRunner) that rely on PSL’s H2 component?
  2. Adoption Scope:
    • Should PSL 6.2.1 be globally enforced via composer require updates, or only for services using Psl\H2?
    • Are there third-party packages in the Laravel ecosystem that depend on PSL’s H2 component?
  3. Security Impact:
    • What is the attack surface of exposing HTTP/2 endpoints? Are they internal-only (low risk) or public-facing (high risk)?
    • Are there existing HTTP/2 smuggling tests in the security pipeline? If not, add them post-upgrade.
  4. Team Readiness:
    • Does the team have experience handling HTTP/2 protocols? If not, provide documentation on StreamException handling.
    • Are developers aware of the difference between high-level PSL APIs (safe) and low-level Psl\H2 (now critical)?

Integration Approach

Stack Fit

  • Laravel Core Compatibility:
    • HTTP/2: Critical Update Required for apps using Psl\H2\ServerConnection. Laravel’s default HTTP stack (e.g., Http facade, Guzzle) is unaffected.
    • Other PSL Components: No changes to HttpClient, Cache, Validation, or utilities. Integration remains seamless.
    • Middleware: PSL’s middleware (PSR-15) is unchanged. Laravel’s middleware stack can still use PSL-compliant middleware.
  • Third-Party Ecosystem:
    • HTTP/2 Libraries: If Laravel apps use libraries like spatie/flysystem-s3 or spatie/laravel-http-client that indirectly rely on PSL’s H2, verify their compatibility.
    • Swoole/RoadRunner: Custom HTTP/2 servers using Psl\H2 must upgrade to avoid vulnerabilities.
  • PHP Extensions:
    • No new PHP extensions are required. Ensure ext-curl and ext-json are enabled for HTTP/2 support.

Migration Path

Phase Action Items Tools/Strategies
Assessment Audit codebase for direct usage of Psl\H2\ServerConnection. Check for custom HTTP/2 implementations (e.g., Swoole, RoadRunner). grep -r "Psl\\H2\\ServerConnection" . or IDE search. Review composer.json for php-standard-library/psl usage.
Critical Fix Immediate upgrade for Psl\H2 users: composer require php-standard-library/psl:^6.2.1. Roll out via CI/CD pipeline with security patch priority.
Error Handling Update code to catch Psl\H2\Exception\StreamException and handle malformed requests gracefully. Add try-catch blocks around Psl\H2 usage. Log exceptions with request metadata for debugging.
Testing Add tests for HTTP/2 content-length validation. Simulate malformed requests (e.g., mismatched DATA frames). Use tools like h2load or custom scripts to send invalid HTTP/2 requests.
Deprecation If Psl\H2 is unused, consider removing it to reduce dependency bloat. Run composer why-not php-standard-library/psl to check for unused components.
Documentation Update internal docs to warn against direct Psl\H2 usage. Recommend Laravel’s built-in HTTP clients for most use cases. Add a SECURITY.md section on HTTP/2 best practices.

Compatibility

  • Laravel-Specific Considerations:
    • HTTP/2: Only affects apps with custom HTTP/2 logic. Laravel’s Http facade and Guzzle are unaffected.
    • Service Container: No changes to PSL interface bindings (e.g., HttpClientInterface). The Psl\H2 fix is internal to the component
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope