Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Uri
Assessments

Uri Laravel Package

sabre/uri

Lightweight PHP URI utility library compliant with RFC3986. Provides resolve, normalize, parse/build, and split helpers for working with URLs, including Windows-style path edge cases. Fully unit tested and inspired by Node.js URL handling.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Laravel Synergy: The package’s lightweight, RFC3986-compliant design aligns perfectly with Laravel’s HTTP stack (e.g., Illuminate\Http\Request, Illuminate\Routing\UrlGenerator). It fills gaps in native PHP functions like parse_url() (e.g., Windows paths, triple slashes, Unicode) while avoiding Laravel’s heavier abstractions (e.g., Url::to()).
  • Microservice Alignment: Ideal for multi-service Laravel ecosystems where URI logic must be consistent across APIs, queues, and background jobs. Acts as a single source of truth for URI manipulation.
  • Security-Critical Paths: Directly supports Laravel’s redirect middleware, Form Request validation, and API resource serialization by providing robust URI validation and normalization.

Integration Feasibility

  • Low Friction: Composer integration is trivial (composer require sabre/uri), with zero Laravel-specific dependencies. Works alongside existing Laravel packages (e.g., guzzlehttp/guzzle, spatie/laravel-activitylog).
  • Backward Compatibility: Supports PHP 7.4+ (via 3.0.x) and 8.2+ (via 3.1.x), ensuring compatibility with Laravel 9+ and 10+. No breaking changes for existing parse_url() usage unless explicitly migrated.
  • Type Safety: PHP 8.2+ type hints (e.g., array{string, string} returns) integrate seamlessly with Laravel’s strict typing and IDE autocompletion.

Technical Risk

  • Minimal: The package is 100% unit-tested, RFC3986-compliant, and battle-tested in production (used by fruux for commercial services). Risks are limited to:
    • Windows Path Handling: Historical edge cases (e.g., file:///C:/) were reverted in 2.2.4 to maintain stability. Mitigation: Test with Windows-style URIs early.
    • Performance: Benchmark against custom regex/string logic—though the package is optimized for speed (e.g., resolve() is O(1)).
    • Deprecation Risk: No Laravel-specific dependencies, but PHP 7.4 EOL (Nov 2024) may require upgrading to 3.1.x for long-term support.
  • Mitigation Strategy:
    • Canary Testing: Deploy in a non-critical Laravel service first (e.g., a background job processor).
    • Rector Integration: Use the package’s Rector rules (#139) to auto-migrate parse_url() calls during CI.
    • Fallback Plan: Maintain a custom URI resolver as a backup for critical paths (e.g., payment redirects).

Key Questions

  1. URI Complexity Scope:
    • Does the Laravel project handle non-HTTP URIs (e.g., s3://, mailto:, file://)? If so, sabre/uri’s build()/parse() functions are critical.
    • Are there custom URI schemes (e.g., internal app:// links)? If yes, assess whether the package’s RFC3986 focus covers edge cases.
  2. Performance Bottlenecks:
    • Are URIs parsed in hot paths (e.g., API request validation)? If yes, benchmark against parse_url() + regex.
    • Does the app use Laravel’s Url::to() heavily? If so, evaluate whether sabre/uri can replace it for relative path resolution.
  3. Team Adoption:
    • Will developers need training on RFC3986 rules? If yes, pair with documentation updates (e.g., Laravel Wiki page on URI best practices).
    • Is there resistance to replacing parse_url()? If yes, highlight security/compliance benefits (e.g., open redirect prevention).
  4. Long-Term Maintenance:
    • Will the team monitor updates (e.g., PHP 8.5 support in 3.0.3)? If not, consider forking for critical patches.
    • Are there Laravel-specific extensions needed (e.g., integration with Illuminate\Support\Str)? If yes, plan for custom wrappers.

Integration Approach

Stack Fit

  • Laravel Ecosystem:
    • HTTP Layer: Replace parse_url() in:
      • Illuminate\Http\Request middleware (e.g., validating redirect targets).
      • Illuminate\Routing\Router (e.g., resolving relative routes in Route::get()).
    • Validation: Integrate with Laravel’s Form Requests to reject malformed URIs: 
      use Sabre\Uri\Uri;
use Illuminate\Validation\Rule;

public function rules()
{
    return [
        'redirect_url' => [
            'required',
            Rule::custom(function ($attribute, $value, $fail) {
                try {
                    Uri::parse($value);
                } catch (\Sabre\Uri\InvalidUriException) {
                    $fail('The :attribute must be a valid URI.');
                }
            }),
        ],
    ];
}
    • Artisan Commands: Use resolve() for relative path handling in CLI tools (e.g., php artisan storage:link).
    • Queues/Jobs: Optimize URI-heavy background tasks (e.g., processing user-uploaded links): 
      public function handle()
{
    $baseUrl = 'https://example.com';
    $relativePath = '/user/profile';
    $absoluteUrl = Uri::resolve($baseUrl, $relativePath);
    // Use $absoluteUrl in API calls, storage, etc.
}
  • Third-Party Packages:
    • Guzzle HTTP Client: Replace manual URI resolution in requests.
    • Spatie Laravel Activitylog: Validate URIs in log entries to prevent injection.
    • Laravel Horizon: Normalize URIs in job payloads for consistency.

Migration Path

Phase Action Tools/Examples
Assessment Audit URI usage in codebase (e.g., parse_url(), regex, string splits). git grep -r "parse_url|preg_match.*uri"
Pilot Replace parse_url() in a single service (e.g., API endpoint). Use Rector to auto-migrate: ./vendor/bin/rector process --dry-run
Validation Test edge cases: Windows paths, Unicode, relative URIs, malformed input. PHPUnit tests with Uri::parse(), Uri::resolve(), Uri::normalize()
Rollout Gradually replace usage across Laravel services. Start with validation, then routing, then background jobs.
Optimization Benchmark performance vs. custom logic. phpbench or laravel-debugbar for URI-heavy endpoints.
Documentation Update team docs with RFC3986 guidelines and package usage. Laravel Wiki or Confluence page.

Compatibility

  • Laravel Versions:
    • Laravel 9/10: Use sabre/uri:^3.0 (PHP 7.4+).
    • Laravel 11+: Use sabre/uri:^3.1 (PHP 8.2+) for Rector integration.
  • PHP Extensions: No dependencies beyond PHP core.
  • Windows/Linux/Mac: Test file:// URIs and path separators (/ vs. \).
  • Edge Cases:
    • Triple Slashes: ///example.com (supported via pure-PHP fallback).
    • Unicode: https://例子.测试 (handled via percent-encoding).
    • Relative URIs: ./path, ../parent (resolved correctly).

Sequencing

  1. Critical Paths First:
    • Security: Redirect validation, OAuth callbacks.
    • Data Integrity: API resource serialization, database storage.
  2. Performance-Critical:
    • High-traffic API endpoints, background jobs.
  3. Non-Critical:
    • Admin panels, logging, non-public URIs.

Example Workflow:

graph TD
    A[Laravel Request] -->|parse_url()| B[Replace with Uri::parse()]
    B --> C[Validate URI]
    C -->|Valid| D[Proceed]
    C -->|Invalid| E[Reject with 400]
    A -->|resolve()| F[Replace string concatenation]
    F --> G[Use Uri::resolve(base, relative)]

Operational Impact

Maintenance

  • Pros:
    • Minimal Overhead: No Laravel-specific maintenance—updates align with PHP/Sabre releases.
    • Community Support: Active GitHub repo with RFC3986 compliance as a
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope