Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Phar Utils
Assessments

Phar Utils Laravel Package

seld/phar-utils

Utilities for working with PHP PHAR archives. Load a PHAR, normalize embedded file timestamps for reproducible builds, then save with an updated signature (MD5/SHA*). Includes a linter to syntax-check all PHP files inside a PHAR.

View on GitHub
Deep Wiki
Context7

Getting Started

Install the package with composer require seld/phar-utils. Start with linting PHAR contents to catch syntax errors before distribution:

use Seld\PharUtils\Linter;

Linter::lint('my-phar.phar');

For reproducible builds (e.g., CI/CD pipelines), use Timestamps to normalize timestamps and generate consistent signatures:

use Seld\PharUtils\Timestamps;

$phar = new Timestamps('my-phar.phar');
$phar->updateTimestamps(time()); // or null for current time
$phar->save('my-phar.phar', Phar::SHA256);

Implementation Patterns

  • CI/CD Pipeline Integration: Add timestamp normalization and linting as pre-release steps. Normalize md5('phar://my-phar.phar') hashes for deployment verification.
  • PHAR Validation Layer: Wrap Linter::lint() in a reusable validator for internal tooling (e.g., composer create-project workflows or custom PHAR generators).
  • Reproducible Builds: Automate timestamp normalization in build scripts—use null for current time to embed build time consistently or 0 for fully deterministic PHARs (though not recommended for security).
  • Error Handling in Tools: Extend Linter with custom filters to skip vendor files or test files during linting (supported since v1.2.0 via exclusion patterns).

Gotchas and Tips

  • PHAR Compression: v1.0.1 fixed compressed PHAR support—ensure you’re on ≥1.0.1 to avoid signature failures with bzip2/gzip-compressed PHARs.
  • Endianness Edge Cases: If building PHARs on ARM or legacy big-endian systems, v1.0.2 is required—verify your CI environment matches deployment targets.
  • Signature Algorithms: Use Phar::SHA256 or higher for security; MD5/SHA1 are vulnerable to collision attacks.
  • Timestamp Normalization Quirk: Passing null to updateTimestamps() sets all timestamps to the current time during linting/build—use 0 for fully deterministic output (e.g., phar:// hashing for caching).
  • Windows Compatibility: Linter works on Windows (v1.1.1+), but avoid using Unix-specific paths—use stream_resolve_include_path() or normalized paths when linting cross-platform.
  • Performance Tip: v1.2.1 optimizes timestamp updates in-place—no need to load full PHAR into memory repeatedly for large archives.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport