phive

Display a list of available aliased Phars

$ phive list

$ phive install [alias|url]

$ phive install [alias|url] [[-g|--global]]

$ phive install [alias|url] [[-t|--target]] [path/to/directory]

$ phive update

$ phive remove [alias|url]

$ phive purge

$ phive help

phive [options] command [arguments]

--home
    Specifies the phive home directory (default: ~/.phive)

--no-interaction
    Disables interactive prompts

--trust-gpg-keys
    Trusts the given GPG keys

--temporary-directory
    Sets the temporary directory (default: system's temporary directory)

--debug
    Enables debug output

--version
    Shows the version number and exit

help [command]
    Displays help for a specific command

list
    Lists all installed PHARs

install [...]
    Installs a PHAR. If no PHAR is specified, installs all PHARs defined in phive.xml

uninstall
    Uninstalls a PHAR

update [...]
    Updates a PHAR. If no PHAR is specified, updates all PHARs defined in phive.xml

exec [arguments...]
    Executes a phar

phar-url
    Resolves a PHAR alias to its URL

known-signatures
    Lists all known signatures

remove-key
    Removes a key from the trusted keys list

reset
    Resets phive configuration

skel
    Generates a phive.xml skeleton file

status
    Shows the status of phive

purge
    Purges the phive cache

add-key
    Adds a GPG key to the trusted keys list

import-key
    Imports a GPG key from a file

signatures
    Verifies signatures

verify []
    Verifies a phar

Phive is a tool for managing PHP dependencies, specifically PHAR (PHP Archive) files. It allows you to install, update, and verify PHARs globally or on a per-project basis. Phive ensures the integrity of PHARs by verifying their SHA-256 checksums against a trusted repository. This helps prevent the use of compromised or malicious PHARs. Phive also handles resolving dependencies and downloading the correct versions of PHARs.

Unlike Composer, Phive is designed specifically for PHARs, making it ideal for managing command-line tools and other standalone PHP applications. It simplifies the process of making these tools available across your system or within specific projects. Phive uses a `phive.xml` or `phive.xml.dist` file to define project dependencies, similar to Composer's `composer.json` file.

Phive's primary strength lies in its ability to guarantee the integrity of PHAR files. It does this by downloading PHARs and verifying their SHA256 hashes against a list of trusted checksums. If a PHAR has been tampered with, or if the checksum does not match, Phive will refuse to install or execute the PHAR. This dramatically reduces the risk of using malicious code.

Phive can install PHARs both globally and on a per-project basis. Global installations make PHARs available system-wide. Project installations store PHARs within a specific project directory, ensuring that each project uses the correct versions of its dependencies and is not affected by changes to global installations. The installation location is determined by Phive's configuration and the command-line options used.

composer(1), gpg(1)