PHPackages php-tuf/php-tuf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. php-tuf/php-tuf ActiveLibrary[Utility & Helpers](/categories/utility) php-tuf/php-tuf =============== PHP implementation of The Update Framework (TUF) 0.1.7(11mo ago)456.5k↑11.3%22[3 issues](https://github.com/php-tuf/php-tuf/issues)[7 PRs](https://github.com/php-tuf/php-tuf/pulls)1MITPHPPHP ^8.1CI passing Since Aug 5Pushed 2mo ago9 watchersCompare [ Source](https://github.com/php-tuf/php-tuf)[ Packagist](https://packagist.org/packages/php-tuf/php-tuf)[ RSS](/packages/php-tuf-php-tuf/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (9)Versions (32)Used By (1) PHP-TUF ======= [](#php-tuf) [![build](https://github.com/php-tuf/php-tuf/actions/workflows/build.yml/badge.svg)](https://github.com/php-tuf/php-tuf/actions/workflows/build.yml/badge.svg) IMPORTANT --------- [](#important) PHP-TUF is in a pre-release state and is not considered a complete or secure version of the TUF framework. It should currently only be used for testing, development and feedback. *Do not use in production for secure target downloads!!* PHP-TUF is a PHP implementation of [The Update Framework (TUF)](https://theupdateframework.io/) to provide signing and verification for secure PHP application updates. [Read the TUF specification](https://theupdateframework.github.io/specification/v1.0.33)for more information on how TUF is intended to work and the security it provides. PHP-TUF project development is primarily focused on supporting secure automated updates for PHP CMSes, although it should also work for any PHP application or Composer project. Contributing projects: - [Drupal](https://www.drupal.org/) - [TYPO3](https://typo3.org/) - [Joomla](https://www.joomla.org/) PHP-TUF client requirements --------------------------- [](#php-tuf-client-requirements) The PHP-TUF client is designed to provide TUF verification to PHP applications for target signatures. - Minimum required PHP version: 8.1 - Requires `ext-json` - The `paragonie/sodium_compat` dependency provides a polyfill for the Sodium cryptography library; however, installing `ext-sodium` is recommended for better performance and security. Code style ---------- [](#code-style) The code generally follows PSR-2 with some additional formatting rules for code documentation and array formatting. Run PHPCS to check for code style compliance: ``` composer phpcs ``` Testing ------- [](#testing) ### Test fixtures generation [](#test-fixtures-generation) Run the following command: ``` composer fixtures ``` Fixtures should appear in `fixtures/`. ### Running the PHP-TUF tests [](#running-the-php-tuf-tests) 1. Ensure you have all required dependencies by running `composer install`. 2. Run `composer test` at the project's root. Dependency policies and information ----------------------------------- [](#dependency-policies-and-information) To provide a lightweight, reliable, and secure client, external dependencies are carefully limited. Any proposed dependency additions (and those dependencies' dependencies) should undergo the [Drupal core dependency evaluation process](https://www.drupal.org/core/dependencies#criteria). For evaluations and policies of current dependencies, see the [PHP-TUF dependency information](DEPENDENCIES.md). Resources --------- [](#resources) - [PHP-TUF wiki](https://github.com/php-tuf/php-tuf/wiki) - Python TUF - [Code Documentation: Main Index](https://github.com/theupdateframework/tuf/blob/develop/tuf/README.md) - [CLI](https://github.com/theupdateframework/tuf/blob/develop/docs/CLI.md) - [Python API Readme](https://github.com/theupdateframework/tuf/blob/develop/tuf/client/README.md) - [TUF Specification v1.0.33](https://theupdateframework.github.io/specification/v1.0.33) - [PIP + TUF Integration](https://www.python.org/dev/peps/pep-0458/) ### Health Score 53 — FairBetter than 97% of packages Maintenance70 Regular maintenance activity Popularity40 Moderate usage in the ecosystem Community30 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~236 days Recently: every ~119 days Total 7 Last Release 353d ago PHP version history (3 changes)0.1.1PHP >=7.2.5 0.1.2PHP ^8 0.1.3PHP ^8.1 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/132772?v=4)[Ted Bowman](/maintainers/tedbow)[@tedbow](https://github.com/tedbow) ![](https://www.gravatar.com/avatar/0871439f61a26650be59267f0ab5754402c46761fe89f9ba981162a597de3ace?d=identicon)[PHP-TUF](/maintainers/PHP-TUF) --- Top Contributors [![phenaproxima](https://avatars.githubusercontent.com/u/4504530?v=4)](https://github.com/phenaproxima "phenaproxima (148 commits)")[![tedbow](https://avatars.githubusercontent.com/u/132772?v=4)](https://github.com/tedbow "tedbow (65 commits)")[![xjm](https://avatars.githubusercontent.com/u/1369057?v=4)](https://github.com/xjm "xjm (51 commits)")[![davidstrauss](https://avatars.githubusercontent.com/u/113350?v=4)](https://github.com/davidstrauss "davidstrauss (26 commits)")[![mbaynton](https://avatars.githubusercontent.com/u/3026002?v=4)](https://github.com/mbaynton "mbaynton (15 commits)")[![catch56](https://avatars.githubusercontent.com/u/116285?v=4)](https://github.com/catch56 "catch56 (5 commits)")[![TravisCarden](https://avatars.githubusercontent.com/u/959246?v=4)](https://github.com/TravisCarden "TravisCarden (5 commits)")[![heddn](https://avatars.githubusercontent.com/u/1581734?v=4)](https://github.com/heddn "heddn (4 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)")[![ajfwebdev](https://avatars.githubusercontent.com/u/7553942?v=4)](https://github.com/ajfwebdev "ajfwebdev (3 commits)")[![star-szr](https://avatars.githubusercontent.com/u/327943?v=4)](https://github.com/star-szr "star-szr (3 commits)")[![SpyroL7](https://avatars.githubusercontent.com/u/43008046?v=4)](https://github.com/SpyroL7 "SpyroL7 (2 commits)")[![pwolanin](https://avatars.githubusercontent.com/u/107691?v=4)](https://github.com/pwolanin "pwolanin (2 commits)")[![bmack](https://avatars.githubusercontent.com/u/165630?v=4)](https://github.com/bmack "bmack (1 commits)")[![ergonlogic](https://avatars.githubusercontent.com/u/380362?v=4)](https://github.com/ergonlogic "ergonlogic (1 commits)")[![HLeithner](https://avatars.githubusercontent.com/u/1497730?v=4)](https://github.com/HLeithner "HLeithner (1 commits)")[![joshuagl](https://avatars.githubusercontent.com/u/13888612?v=4)](https://github.com/joshuagl "joshuagl (1 commits)")[![rdimitrov](https://avatars.githubusercontent.com/u/16540482?v=4)](https://github.com/rdimitrov "rdimitrov (1 commits)")[![SniperSister](https://avatars.githubusercontent.com/u/498096?v=4)](https://github.com/SniperSister "SniperSister (1 commits)")[![webchick](https://avatars.githubusercontent.com/u/332535?v=4)](https://github.com/webchick "webchick (1 commits)") ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/php-tuf-php-tuf/health.svg) ``` [![Health](https://phpackages.com/badges/php-tuf-php-tuf/health.svg)](https://phpackages.com/packages/php-tuf-php-tuf) ``` ### Alternatives [google/cloud-core Google Cloud PHP shared dependency, providing functionality useful to all components. 343121.4M79](/packages/google-cloud-core)[drupal/core-recommended Locked core dependencies; require this project INSTEAD OF drupal/core. 6939.5M343](/packages/drupal-core-recommended)[wallabag/wallabag open source self hostable read-it-later web application 12.6k2.2k](/packages/wallabag-wallabag)[civicrm/civicrm-core Open source constituent relationship management for non-profits, NGOs and advocacy organizations. 728272.9k20](/packages/civicrm-civicrm-core)[laracrafts/laravel-url-shortener Powerful URL shortening tools in Laravel 97110.7k](/packages/laracrafts-laravel-url-shortener)[symfony/ux-cropperjs Cropper.js integration for Symfony 19280.3k3](/packages/symfony-ux-cropperjs) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)