PHP download

Download the PHP package drupal-composer/drupal-paranoia without Composer

On this page you can find all versions of the php package drupal-composer/drupal-paranoia. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download drupal-composer/drupal-paranoia
More information about drupal-composer/drupal-paranoia
Files in drupal-composer/drupal-paranoia

Vendor drupal-composer
Package drupal-paranoia
Short Description Composer Plugin for improving the security of composer-based Drupal projects by moving all PHP files out of docroot.
License GPL-2.0-or-later

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of drupal-composer/drupal-paranoia

Informations about the package drupal-paranoia

Drupal Paranoia

Composer plugin for improving the website security for composer-based Drupal websites by moving all PHP files out of docroot.

Why use this Plugin?

The critical security issue with Coder is a good example to consider moving PHP files outside of docroot:

Requirements

Except for Windows, this plugin should work on environments that have Composer support. Do you use Windows? Help us.

Installation

Make sure you have a based drupal-composer/drupal-project project created.

Rename your current docroot directory to /app.

Update the composer.json of your root package with the following values:

Explaining:

/app folder: Drupal full installation.
/web folder: Will contain only symlinks of the assets files and PHP stub files (index.php, install.php, etc) from the /app folder.

Use composer require ... to install this Plugin on your project.

Done! The plugin and the new docroot are now installed.

Asset file types

The asset files are symlinked from /app to /web folder.

Default asset file types are provided by the plugin:

To extend the list of assets file types you can use the asset-files config:

If you need to modify the list you can use the post-drupal-set-asset-file-types event:

By the purpose of this plugin, the following files types are not allowed and if listed they will be ignored:

Exclude paths

With the drupal-paranoia option excludes, you can provide paths that should not be symlinked or stubbed to /web folder. The plugin provides no excludes by default.

NOTE: Consider to exclude /install.php from your site. There are security concerns when this URL is publicly available, it can be used to create a list of contributed modules existing on the site. You can exclude it via plugin as described above or via .htaccess rules.

Web server docroot

Change the document root config of your web server to point to /web folder.

Plugin events

This plugin fires the following named event during its execution process:

drupal-paranoia-post-command-run: Occurs after the command drupal:paranoia is executed.

Example of event subscriber

Local development

Every time you install or update a Drupal package via Composer, the /web folder will be recreated.

When working with themes, CSS and JS for example, it may be necessary to rebuild the folder manually to symlink the new assets.

Public files

This plugin assumes that the public files folder exists at app/sites/<site>/files and symlinks web/sites/<site>/files -> ../../../app/sites/<site>/files.

All versions of drupal-paranoia with dependencies

PHP Build Version

Package Version

Version 1.1.1 Release 29. Dec 2021
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of drupal-paranoia from vendor drupal-composer

Requires php Version >=5.4.5
composer-plugin-api Version ^1.1 || ^2

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package drupal-composer/drupal-paranoia contains the following files

Loading the files please wait ....