Download the PHP package zappzarapp/security without Composer
On this page you can find all versions of the php package zappzarapp/security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download zappzarapp/security
More information about zappzarapp/security
Files in zappzarapp/security
Package security
Short Description Comprehensive PHP security library: CSP, Security Headers, CSRF, Cookies, Password Validation, Input Sanitization, Rate Limiting, SRI, and Audit Logging
License MIT
Homepage https://github.com/marcstraube/zappzarapp-php-security
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package security
⚡ zappzarapp/security
Comprehensive PHP security library providing CSP, Security Headers, CSRF protection, Secure Cookies, Password Validation, Input Sanitization, Rate Limiting, SRI, and Audit Logging.
Highlights
- All-in-one — 11 security modules in a single, composable package
- Secure by default — strict CSP, no
unsafe-*, HTTPS-first - Framework-agnostic — works with any PHP 8.4+ application
- Immutable & type-safe — readonly classes, enums,
with*()API - Quality-backed — PHPStan Level 8, Psalm Level 1, 100% Mutation Score, Deptrac architecture enforcement
- PSR-compatible — PSR-3 (Logging), PSR-15 (Middleware), PSR-18 (HTTP Client)
Modules
| Module | Description | Key Classes |
|---|---|---|
| CSP | Content Security Policy header building | CspDirectives, HeaderBuilder, NonceGenerator |
| Headers | Security headers (HSTS, Permissions-Policy, etc.) | SecurityHeaders, SecurityHeadersBuilder |
| CSRF | Cross-Site Request Forgery protection | CsrfProtection, CsrfConfig |
| Cookie | Secure cookie handling | SecureCookie, CookieBuilder, CookieOptions |
| Password | Password validation and hashing | PasswordPolicy, PwnedPasswordChecker, PepperedPasswordHasher |
| Sanitization | Input sanitization (HTML, SQL, URI, Path) | HtmlSanitizer, UriSanitizer, PathValidator |
| RateLimiting | Rate limiting with multiple algorithms | DefaultRateLimiter, RateLimitConfig |
| SRI | Subresource Integrity hash generation | SriHashGenerator, IntegrityAttribute |
| Analyzer | Security header analysis and auditing | SecurityHeaderAnalyzer, AnalysisResult |
| Middleware | PSR-15 middleware for drop-in framework integration | SecurityHeadersMiddleware, CsrfMiddleware, RateLimitMiddleware |
| Logging | Security event audit logging | SecurityAuditLogger, SecurityEvent |
Requirements
- PHP ^8.4
ext-domext-libxmlext-sodium
Installation
Quick Start
Security Headers
CSP with Nonces
CSRF Protection
Input Sanitization
See the documentation for detailed examples of all modules.
Documentation
Each module has detailed API documentation with class references, configuration options, and code examples:
| Module | Description |
|---|---|
| CSP | Content Security Policy with nonces |
| Headers | HSTS, COOP, COEP, CORP, Permissions |
| CSRF | Token patterns and validation |
| Cookie | Secure cookie handling |
| Password | Hashing, policies, breach detection |
| Sanitization | HTML, URI, path sanitization |
| Rate Limiting | Token bucket, sliding window |
| SRI | Subresource integrity hashes |
| Analyzer | Security header auditing |
| Middleware | PSR-15 middleware |
| Logging | Security audit logging |
| Glossary | Security terminology reference |
Versioning
This library follows Semantic Versioning 2.0.0.
All classes, interfaces, and methods in the Zappzarapp\Security namespace are
considered public API unless marked with @internal. Breaking changes only
happen in major versions, with deprecation warnings at least one minor version
before removal.
Releases are automated via release-please and GPG-signed. See CHANGELOG.md for release history.
Security
See SECURITY.md for vulnerability reporting and security considerations.
Contributing
See CONTRIBUTING.md for development setup and contribution guidelines.
License
MIT License - see LICENSE file for details.
All versions of security with dependencies
ext-dom Version *
ext-libxml Version *
ext-sodium Version *