Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Jose
Assessments

Jose Laravel Package

namshi/jose

PHP library implementing JSON Object Signing and Encryption (JOSE): JWT, JWS and JWE. Create, sign, verify, encrypt and decrypt tokens using common algorithms and key formats. Useful for authentication, API security and secure data exchange.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture fit: Namshi/Jose is a low-level JOSE library that does not align with Laravel's standard authentication ecosystem (Sanctum/Passport use Lcobucci/JWT or firebase/php-jwt). It requires significant custom wiring outside Laravel's built-in abstractions, creating fragmented code and violating Laravel's "convention over configuration" philosophy.

Integration feasibility: Technically possible but non-trivial. Requires building custom service classes to wrap the library, replacing Laravel's default token middleware, and manually handling all JWT lifecycle operations. No native integration points exist for Laravel's authentication stack.

Technical risk: High. Unmaintained since 2018 (last commit), with known PHP 8+ compatibility issues requiring manual composer.json patches. No security updates for critical vulnerabilities (e.g., algorithm weaknesses), and outdated crypto implementations (e.g., RSA padding risks). High probability of undetected security flaws in production.

Key questions:

  • Why not use actively maintained alternatives like firebase/php-jwt or web-token/jwt-library?
  • Does the project have a specific requirement mandating this library (e.g., legacy system compatibility)?
  • How will the team handle security patching and dependency management given the lack of upstream maintenance?

Integration Approach

Stack fit: Poor. Laravel's ecosystem expects JWT implementations compatible with Sanctum/Passport. Using namshi/jose would create a parallel authentication system, leading to inconsistent token handling, duplicated validation logic, and violation of Laravel's design patterns.

Migration path: High-effort refactoring required for existing projects. Would necessitate rewriting all token generation/verification logic, replacing default middleware, and manually implementing features like token revocation (which Laravel's Sanctum handles natively). Not feasible for production systems without extensive downtime.

Compatibility: Limited. Requires PHP 7.4+ with manual composer.json adjustments for PHP 8.0+. Conflicts likely with modern Laravel versions (e.g., symfony components in Laravel 9+). No guarantees for compatibility with

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport
twbs/bootstrap4