PHP download

Download the PHP package php-tuf/composer-integration without Composer

On this page you can find all versions of the php package php-tuf/composer-integration. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download php-tuf/composer-integration
More information about php-tuf/composer-integration
Files in php-tuf/composer-integration

Vendor php-tuf
Package composer-integration
Short Description Proof of concept of securing Composer downloads with PHP-TUF.
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package composer-integration

PHP-TUF Composer Integration Plugin

Experimental Composer plugin marrying Composer 2.6 and later to PHP-TUF.

This plugin seeks to demonstrate adding TUF security to

Composer's package discovery process when using Composer v2 package repositories.
Packages that Composer selects for download.

IMPORTANT

This plugin, as well as the PHP-TUF library it depends on, is in a pre-release state and is not considered a complete or secure implementation of the TUF framework.

This plugin should currently only be used for testing, development and feedback. Do NOT use in production for secure downloads!!

Overview

The plugin examines composer type repositories. For any that contain an additional key tuf, it invokes PHP-TUF during package discovery and download operations, validating that the repository and package are not being tampered with.

In accordance with the TUF specification, projects using this plugin must supply a set of trusted keys for each repository they want to protect with TUF. Each TUF-protected repository should provide a JSON file with its root keys. The file may be named in one of a few ways, which will be searched for in this order:

A SHA-256 hash of the full repository URL. For example, if the repository URL is http://repo.example.net/composer, the JSON file can be named d82cfa7a5a4ba36bd2bcc9d3f7b24bdddbe1209b71ebebaeebc59f6f0ea48792.json.
The host name of the repository. To continue the previous example, the JSON file can be named repo.example.net.json.

All root key files must be stored in a directory called tuf, adjacent to the project's composer.json file.

The TUF repository must track the Composer repository, signing new versions of packages as they are released as well as the Composer package metadata for them.

Usage

Performance

There's no way around it: this plugin affects Composer's performance. This is because, for every file Composer examines (including package metadata), TUF needs to download other files, to confirm that the file Composer is looking at hasn't been tampered with.

The performance hit generally isn't extreme, but it may be quite noticeable, depending on how large your project is and what you're asking Composer to do. Performance can also be affected by the way TUF has been set up on the server, which may be different for each repository.

To mitigate this, the plugin will try to keep network activity to a minimum; whatever network activity it has to do, it tries to do in parallel. This is in addition to fairly aggressive caching, while maintaining the ability for TUF to keep itself up-to-date. That said, you should generally expect Composer to be approximately 1.5 to 3 times slower when TUF is enabled.

All versions of composer-integration with dependencies

PHP Build Version

Package Version

Version 1.0.0-alpha12 Release 17. Jul 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of composer-integration from vendor php-tuf

Requires composer-plugin-api Version ^2.6
php-tuf/php-tuf Version 0.1.6
guzzlehttp/psr7 Version ^2.4

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package php-tuf/composer-integration contains the following files

Loading the files please wait ....

Download the PHP package php-tuf/composer-integration without Composer

FAQ

How can I use the PHP package after the download?

Do I need to create a project on this site?

When is it necessary to insert some auth.json content?

What is the advantage to use this site for my Composer projects?