PHPackages madeorsk/nocsrf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. madeorsk/nocsrf ActiveLibrary[Security](/categories/security) madeorsk/nocsrf =============== CSRF Protection Library. 1.1.1(5y ago)03.0k1MITPHPPHP >= 7.0CI failing Since May 24Pushed 5y ago1 watchersCompare [ Source](https://github.com/Madeorsk/nocsrf)[ Packagist](https://packagist.org/packages/madeorsk/nocsrf)[ Docs](https://github.com/madeorsk/csrf)[ RSS](/packages/madeorsk-nocsrf/feed)WikiDiscussions master Synced 3w ago READMEChangelog (3)Dependencies (2)Versions (4)Used By (0) NoCSRF ====== [](#nocsrf) Easy as fuck CSRF protection library for PHP based on [OWASP recommandations](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html). Installation ------------ [](#installation) Using composer: ``` composer require madeorsk/nocsrf ``` Getting started --------------- [](#getting-started) Easy example code: ``` use NoCSRF\NoCSRF; // Creating a new NoCSRF instance, which manages anti-CSRF tokens. $nocsrf = new NoCSRF(); // Get an anti-CSRF token (to add in a hidden input field or a request header). $token = $nocsrf->getToken(); // Verify anti-CSRF token. if ($nocsrf->verify($token)) echo "Anti-CSRF token is VALID!"; else echo "Anti-CSRF token is INVALID."; ``` Custom modules -------------- [](#custom-modules) NoCSRF is made of three main components: - The `KeyGenerator`: generate a key, in the default implementation it is an OpenSSL random key generator. - The `KeyStorage` : store the key used in token generation / verification. The key storage need to keep the key in such a way that it is available for a specific session, but cannot be retrievable by the client. - The `TokenManager` : contain token generation / verification logic. The key is provided. You can create custom classes for these three components. You can chose which module to use in the NoCSRF initialization: ``` $nocsrf = new NoCSRF([ "keyGenerator" => new OpensslKeyGenerator(16), "keyStorage" => new SessionKeyStorage(), "tokenManager" => new HMACTokenManager(), ]); ``` The components used in this example are the default values. Full API documentation ---------------------- [](#full-api-documentation) Full API documentation is available in GitHub wiki (WIP) or in code documentation. ### Health Score 27 — LowBetter than 47% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity17 Limited adoption so far Community8 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~60 days Total 3 Last Release 2102d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/748d80e5500bbc9d6e14ee53817c2a03bc025c7df17e9f06fe2ec9f221b45e52?d=identicon)[Madeorsk](/maintainers/Madeorsk) --- Top Contributors [![Madeorsk](https://avatars.githubusercontent.com/u/5805468?v=4)](https://github.com/Madeorsk "Madeorsk (12 commits)") --- Tags csrfcsrf-protectioncsrf-tokensphpstandalone-librarystandalone-php-librarysecuritytokencsrf ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/madeorsk-nocsrf/health.svg) ``` [![Health](https://phpackages.com/badges/madeorsk-nocsrf/health.svg)](https://phpackages.com/packages/madeorsk-nocsrf) ``` ### Alternatives [paragonie/anti-csrf Paragon Initiative's Anti-CSRF Security Library 304211.3k5](/packages/paragonie-anti-csrf)[owasp/csrf-protector-php CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 215363.8k5](/packages/owasp-csrf-protector-php)[kunststube/csrfp A signed token generator for cross site request forgery protection. 47210.7k1](/packages/kunststube-csrfp)[riimu/kit-csrf Secure and simple CSRF library protected against timing and BREACH attacks 6526.9k](/packages/riimu-kit-csrf)[ayesh/stateless-csrf Secret-key based state-less CSRF token generator and validator for PHP 8. State-less means you do not have to store the CSRF token in session or database. 3224.0k](/packages/ayesh-stateless-csrf)[dneustadt/csrf-cookie-bundle CSRF protection cookie for use with XHR 1380.3k1](/packages/dneustadt-csrf-cookie-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)