daverandom/callback-validator
Validate PHP callable signatures against a prototype with variance support. Build a CallbackType from an existing callable or define it manually, then test other callables for parameter/return compatibility (contra/covariance, nullability) and inspect mismatches via __toString().
Architecture fit: Niche but valuable for custom plugin architectures or hook systems where runtime callback signature validation is required. Laravel's native event system relies on static type hints and PHPStan for validation, making this package redundant for standard use cases. However, it fills a gap for dynamic, user-defined callbacks in third-party extensions where static analysis isn't feasible.
Integration feasibility: High. Pure PHP with no dependencies beyond PHP's reflection extension (already in Laravel). Requires manual wiring into service providers or callback registration logic (e.g., validating config-based callbacks in boot()). No Laravel-specific abstractions exist, so custom implementation is needed.
Technical risk: Moderate. Low adoption (0 dependents), "readme" maturity status, and incomplete tests in TODO list indicate potential edge-case bugs. Reflection-based validation adds measurable overhead in high-frequency paths (e.g., per-request). Low score (0.305) reflects minimal community maintenance.
Key questions:
Stack fit: Ideal for custom callback-driven systems like plugin architectures, CLI command handlers, or middleware pipelines where user-provided callbacks must strictly conform to signatures. Not suitable for Laravel's built-in event system or standard controller actions where static typing suffices.
Migration path: Start with config-based validation during app boot (e.g., validate callbacks in config/plugins.php), then expand to critical event listeners or macros. Cache validated CallbackType instances to avoid repeated reflection. Avoid per-request validation.
Compatibility: Fully compatible with Laravel 8+ and PHP 7.4+. Requires no changes to Laravel core. Works alongside PHPStan but does not replace it—complements static analysis with runtime checks for dynamic callbacks.
Sequencing: 1) Validate static config callbacks at boot time; 2) Use for specific high-risk event listeners (e.g., payment hooks); 3) Only adopt for new plugin systems where strict runtime validation is non-negotiable. Never use in hot paths like HTTP request handling.
Maintenance: High internal ownership required. Low community activity (0 dependents) means the team must fix bugs, update for PHP versions, and address edge cases (e.g., variadic params not handled). The "TODO" list (e.g., better error messages) implies ongoing internal work.
Support: Minimal external support—issues would require internal debugging or contributing to the package. No
How can I help you explore Laravel packages today?