PHPackages                             stellarwp/validation - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. stellarwp/validation

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

stellarwp/validation
====================

An end-to-end ready PHP validation library

1.5.0(1y ago)13635.5k—8.7%1[6 issues](https://github.com/stellarwp/validation/issues)GPL-2.0-or-laterPHPCI passing

Since Jan 5Pushed 1y ago7 watchersCompare

[ Source](https://github.com/stellarwp/validation)[ Packagist](https://packagist.org/packages/stellarwp/validation)[ RSS](/packages/stellarwp-validation/feed)WikiDiscussions develop Synced 2d ago

READMEChangelog (10)Dependencies (9)Versions (13)Used By (0)

Introduction
============

[](#introduction)

This is a PHP validation library that is end-to-end ready. It is useful in any scenario wherein you have a set of values that you would like validated (and potentially even sanitized). It comes with an extendable list of rules that can be easily used to make using rules easy and declarative.

How to use
----------

[](#how-to-use)

### Installation

[](#installation)

It is recommended to install this library using [Composer](https://getcomposer.org/). To do so, run the following command:

```
composer require stellarwp/validation
```

If using this in WordPress, it is strongly recommended that you [use Strauss](https://github.com/stellarwp/global-docs/blob/main/docs/strauss-setup.md)to avoid conflicts with other plugins.

### Configuration and initialization

[](#configuration-and-initialization)

The library comes with a `Config` class which is used to set up and initialize the library. Here's an example of how to use it:

```
use StellarWP\Validation\Config;

Config::setServiceContainer(MyContainer::class); // required
Config::setHookPrefix('my_plugin_'); // recommended

Config::setInvalidArgumentExceptionClass(MyInvalidArgumentException::class); // optional
Config::setValidationExceptionClass(MyValidationException::class); // optional

Config::initialize(); // mounts rules registrar to service container
```

The Service Container is used for dependency injection. The library uses this to store the `ValidationRulesRegistrar`, which keeps track of all the available rules. It is required to be set, and must implement the [Container Interface](https://github.com/stellarwp/container-contract). If you don't have a container, you can use the [StellarWP Container](https://github.com/stellarwp/container) or the [di52 container](https://github.com/lucatume/di52).

### Validating data

[](#validating-data)

The two main classes in the library are `Validator` and `ValidationRuleSet`. The `Validator` class is used to validate data, while the `ValidationRuleSet` is used to define the rules for validation. The `Validator` class is used as follows:

```
use StellarWP\Validation\Validator;

$values = [
    'name' => 'Bill Murray',
    'age' => 76
];

$labels = [
    'name' => 'Name',
    'age' => 'Age'
];

$validator = new Validator([
    'name' => ['required'],
    'age' => ['required', 'integer', 'min:18', 'max:150']
], $values, $labels);

if ($validator->passes()) {
    $safeData = $validator->validated();
} else {
    $errors = $validator->errors();
}
```

The `Validator` class takes three arguments:

- `$values` - the values to be validated
- `$rules` - the rules to be used for validation
- `$labels` - the labels to be used for error messages

`Validator::passes()` returns true if all rules pass

`Validator::fails()` returns true if any rule fails

`Validator::validated()` returns the validated data — any values without a rule will be removed, ensuring only trusted data is returned.

`Validator::errors()` returns an array of errors. The keys match the keys of the `$values` array, and the values are the error messages. If there are no errors an empty array is returned.

### Rule arguments

[](#rule-arguments)

The `$rules` parameter passed to the `Validator` can either be an array or rules, or a `ValidationRuleSet` instance.

When passing an array, the rules can be defined in three ways:

```
$rules = [
    'name' => [
        // As a string
        'required',

        // As a Rule instance
        new \StellarWP\Validation\Rules\Min(1),

        // As a closure
        function ($value, Closure $fail, string $key, array $values) {
            if ($value === 'foo') {
                $fail('{field} cannot be foo');
            }
        }
    ]
];
```

### Adding rules to existing classes

[](#adding-rules-to-existing-classes)

Sometimes you have a class which represents an individual value, like a Value Object. In this case, you can use the [HasValidationRules](src/Concerns/HasValidationRules.php) trait to add validation rules to the class. This trait adds various methods to the class for managing rules.

Adding new rules
----------------

[](#adding-new-rules)

The library comes with a number of rules out of the box, but you can easily add your own.

### How rules are resolved

[](#how-rules-are-resolved)

When adding rules to a rule set, you can either pass a string, a `Rule` instance, or a closure. When a string is passed, the library will attempt to resolve it using the [ValidationRulesRegistrar](src/ValidationRulesRegistrar.php). The static `Rule::id()` method is used to register the rule. So `Min`, for example, has an id of `min`. So when a string rule is `min:18`, the `Min` rule will be resolved. Additional options can be passed to the rule after the colon.

This may seem like a bit of work, but it allows for easily readable, declarative rules when being used.

### Basic rules

[](#basic-rules)

For a class to be a rule, it must implement the [ValidationRule](src/Contracts/ValidationRule.php) interface. See the interface for documentation on its methods.

### Front-end compatible rules

[](#front-end-compatible-rules)

If a class implements the [ValidatesOnFrontEnd](src/Contracts/ValidatesOnFrontEnd.php) interface.

All rules live in the `ValidationRuleSet`. The class supports being used in `json_encode` function, wherein it will generate a list of all rules which *can be* validated on the front-end. The age validation rules, for example, would generate the following JSON:

```
{
    "required": true,
    "integer": null,
    "min": 18,
    "max": 150
}
```

This JSON can be sent to the front-end and adapted to a library like [Joi](https://joi.dev/) for front-end validation. This makes the following flow possible:

1. Define your input rules on the server
2. Pass the rules as JSON to the browser
3. Convert the rules to your own system and validate in the browser
4. Pass the resulting input data to the server
5. Safely re-validate the inputs on the server

Front-end data is not secure, but it makes for a good user-experience. As such, defining it on one place and having it work the same on both the browser and server is excellent.

### Sanitizing Rules

[](#sanitizing-rules)

Rules can also provide sanitization — that is, they can modify the value before it is returned. To do this, implement the [Sanitizer](src/Contracts/Sanitizer.php) interface. Note that sanitization occurs *after* validation, so a value will only be sanitized if it first passes validation.

Finally, keep in mind that sanitization affects the value before it is sent to the following rule. This is useful in cases where you want to validate a value based on its type. Take age for example:

```
$rules = [
    'age' => ['required', 'integer', 'min:18', 'max:150']
];
```

The `integer` rule converts the value into an integer. So `min:18` will check that the age numerically greater than or equal to 18. Without the `integer` rule, if `age` was a string, then `min:18` would count the number of characters, not the numerical value.

###  Health Score

41

—

FairBetter than 87% of packages

Maintenance39

Infrequent updates — may be unmaintained

Popularity43

Moderate usage in the ecosystem

Community19

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~89 days

Recently: every ~202 days

Total

11

Last Release

380d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/e3171496e198834c638911ad3c3220bec77871cdf6557eaa9e2a58d16600a1a1?d=identicon)[bordoni](/maintainers/bordoni)

![](https://www.gravatar.com/avatar/70a2847a265444714b48c64eceb3ca742baa3a56757ce65b18bd7bbbbf910312?d=identicon)[dpanta94](/maintainers/dpanta94)

![](https://www.gravatar.com/avatar/97fd764aa710e8d8263a7e3b3fececdfd736b8aad8055227bf592ddf50ad15ba?d=identicon)[stellarwp](/maintainers/stellarwp)

![](https://www.gravatar.com/avatar/ec4ef25906386b60f5f66b3d03064e3bb700bedc94ee8558918565612c74aef3?d=identicon)[johnhooks](/maintainers/johnhooks)

---

Top Contributors

[![joshcummingsdesign](https://avatars.githubusercontent.com/u/11913201?v=4)](https://github.com/joshcummingsdesign "joshcummingsdesign (3 commits)")[![borkweb](https://avatars.githubusercontent.com/u/430385?v=4)](https://github.com/borkweb "borkweb (2 commits)")[![jonwaldstein](https://avatars.githubusercontent.com/u/10138447?v=4)](https://github.com/jonwaldstein "jonwaldstein (2 commits)")[![flack](https://avatars.githubusercontent.com/u/425166?v=4)](https://github.com/flack "flack (1 commits)")[![szepeviktor](https://avatars.githubusercontent.com/u/952007?v=4)](https://github.com/szepeviktor "szepeviktor (1 commits)")

---

Tags

phpvalidationwordpresswordpress-librarywordpress-php-library

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/stellarwp-validation/health.svg)

```
[![Health](https://phpackages.com/badges/stellarwp-validation/health.svg)](https://phpackages.com/packages/stellarwp-validation)
```

###  Alternatives

[marcosh/php-validation-dsl

A DSL for validating data in a functional fashion

483.9k](/packages/marcosh-php-validation-dsl)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
