PHPackages solitus0/payload-path-sanitizer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. solitus0/payload-path-sanitizer ActiveLibrary[Validation & Sanitization](/categories/validation) solitus0/payload-path-sanitizer =============================== Stand-alone recursive payload sanitizer with matcher-based targeting and pluggable value sanitizers. v0.1.1(4mo ago)08MITPHPPHP >=8.1 Since Dec 16Pushed 4mo agoCompare [ Source](https://github.com/solitus0/payload-path-sanitizer)[ Packagist](https://packagist.org/packages/solitus0/payload-path-sanitizer)[ RSS](/packages/solitus0-payload-path-sanitizer/feed)WikiDiscussions 0.1.x Synced 1mo ago READMEChangelog (1)Dependencies (6)Versions (2)Used By (0) Payload Path Sanitizer ====================== [](#payload-path-sanitizer) `solitus0/payload-path-sanitizer` is a minimal PHP 8.1+ library for redacting or masking values deep inside associative payloads before they leave your system (logging, telemetry, queues, etc.). Define *rules* that pair a matcher (decides **where**) with a value sanitizer (decides **how**), then run the sanitizer to get a safe copy of the original payload. Installation ------------ [](#installation) ``` composer require solitus0/payload-path-sanitizer ``` Core Concepts ------------- [](#core-concepts) - **Rule** – pairs a `Matcher` and a `ValueSanitizer`. - **SanitizerContext** – convenient builder/iterator for rules (you can also pass any `iterable`). - **Sanitizer** – walks the payload depth-first and replaces leaf values whenever a rule's matcher returns `true`. Quick Start ----------- [](#quick-start) ``` use Solitus0\PayloadSanitizer\{Rule, SanitizerContext, Sanitizer}; use Solitus0\PayloadSanitizer\Matcher\KeyMatcher; use Solitus0\PayloadSanitizer\ValueSanitizer\SimpleValueSanitizer; $context = new SanitizerContext( new Rule(new KeyMatcher('password'), new SimpleValueSanitizer()), ); $sanitized = (new Sanitizer())->sanitize($payload, $context); ``` `SimpleValueSanitizer` replaces the value with a `SANITIZED (...)` marker, but you will usually create your own value sanitizer (see below). Custom Matchers --------------- [](#custom-matchers) Implement `Solitus0\PayloadSanitizer\Matcher\SanitizerMatcherInterface` and inspect the current leaf: ``` final class EndsWithIdMatcher implements SanitizerMatcherInterface { public function matches($key, array $path, $value = null): bool { return str_ends_with((string) $key, '_id'); } } ``` Available built-ins: - `KeyMatcher` – matches an exact key. - `ParentKeyMatcher` – matches by parent key (useful for targeting nested structures). - `PathContainsMatcher` – ensures the traversal path contains a set of keys (order agnostic). Combine matchers by writing your own composite if needed. Custom Value Sanitizers ----------------------- [](#custom-value-sanitizers) Implement `Solitus0\PayloadSanitizer\ValueSanitizer\ValueSanitizerInterface` and transform the matched value into whatever should be persisted/logged. Typical strategies include fixed strings, hashes, or length-prefixed tokens. ``` final class FixedMaskSanitizer implements ValueSanitizerInterface { public function sanitize($value): string { return '***'; } } ``` Advanced Usage -------------- [](#advanced-usage) - **Dynamic rule sets** – since `Sanitizer::sanitize` accepts any `iterable`, you can yield rules lazily or build them per request. - **Immutable pipelines** – rules are evaluated in the order provided; the first matching rule wins for each payload leaf, ensuring deterministic behavior. - **Binary-safe** – matchers receive the raw value, so you can restrict sanitation to certain types before falling back to generic fallbacks. Testing Tips ------------ [](#testing-tips) - Assert on the sanitized payload rather than internal behavior. - Provide representative payload fixtures (arrays with strings, ints, and nested arrays) to ensure matchers behave as expected. License ------- [](#license) MIT ### Health Score 31 — LowBetter than 68% of packages Maintenance74 Regular maintenance activity Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity33 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 147d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/b6fcbfd61ed577ca14cf75ff250c130a7a11d695bb22e27618083c702a5fe2be?d=identicon)[solitus0](/maintainers/solitus0) --- Top Contributors [![solitus0](https://avatars.githubusercontent.com/u/58187559?v=4)](https://github.com/solitus0 "solitus0 (5 commits)") --- Tags sanitizerpayloadMasking ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleECS Type Coverage Yes ### Embed Badge ![Health badge](/badges/solitus0-payload-path-sanitizer/health.svg) ``` [![Health](https://phpackages.com/badges/solitus0-payload-path-sanitizer/health.svg)](https://phpackages.com/packages/solitus0-payload-path-sanitizer) ``` ### Alternatives [webmozart/assert Assertions to validate method input/output with nice error messages. 7.6k894.0M1.2k](/packages/webmozart-assert)[symfony/html-sanitizer Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. 27932.2M63](/packages/symfony-html-sanitizer)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[arondeparon/laravel-request-sanitizer An easy to use request sanitizer that allows you to sanitize your form data before validating it. 112151.6k1](/packages/arondeparon-laravel-request-sanitizer)[ashallendesign/laravel-config-validator A package for validating your Laravel app's config. 217905.3k5](/packages/ashallendesign-laravel-config-validator)[crazybooot/base64-validation Laravel validators for base64 encoded files 1341.9M8](/packages/crazybooot-base64-validation) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)