paseto VS Packagist

Might I suggest Paseto (https://paseto.io/) - it solves a lot of the headaches of JWT. Signing and encryption are two different things that require two different sets of keys, so you can't mess it up.

(Full disclosure, I've written one implementation: https://github.com/auth70/paseto-ts)

Though we'll be building a session-based authentication system, it's noteworthy that with the introduction of some concepts which will be discussed in due time, you can turn it into JWT- or, more securely and appropriately, PASETO-based authentication system.

Time we ditch it and use paseto

The PASETO web site goes over it. Mostly it's designed to make you do things the right way and avoid all the security holes you can fall into with JWT.

If this is too much to handle, you shouldn't have to! There's already solutions that handle it for you

What will we do next time? Actually, the whole package is ready, and all that's left is to publish it on Packagist.

publishing our work on https://packagist.org/

The latter one is based on nix OS using Symfony flex recipes and PHP packagist composer. The flex devenv should work cross-platform on Linux, Windows, and Mac. "The main difference to other tools like Docker or a VM is that it neither uses containerization nor virtualization techniques. Instead, the services run natively on your machine."

Composer is (still) the defacto standard package manager, with the Packagist repo being the standard place to find and install libraries.

Sorta—it looks like they were most enforced by convention until May 2015, when they finally become enforced [0]. Still, that's a good one that I hadn't thought of, and they at least had the convention in place.

[0] https://github.com/composer/packagist/issues/163#issuecommen...

Scanning your image for vulnerabilities is a critical step before you deploy it to production. You can use Snyk to scan your PHP Docker image and identify and resolve vulnerabilities. The Snyk Vulnerability Database includes records for all popular operating systems and dependencies, including PHP packages published to Packagist.

No. The only linked commercial thing I know - is Nova admin panel interface lib. But you don't have to use it. (Filament or Encore are free and suitable). Modules are free ( packagist.org and gthub.com ) and you should handle them with standard composer package tool. But you need to code. It is not WordPress like CMS

Once you understand the underlying principles of a concept, you're free to find a library via packagist.org to use.

For strings I use Stringy (https://github.com/danielstjules/Stringy) for arrays I built my own Collection library, but pretty sure there are plenty in packagist (https://packagist.org/)

I guess I tried downloading a old version. and have to download a newer version of apiclient I found on https://packagist.org/packages/google/apiclient with monolog/monolog: ^2.9||^3.0. I'll try that in a second, I am away from computer now.