phive
Manage and verify Phar installation files
TLDR
Display a list of available aliased Phars
Install a specified Phar to the local directory
Install a specified Phar globally
Install a specified Phar to a target directory
Update all Phar files to the latest version
Remove a specified Phar file
Remove unused Phar files
List all available commands
SYNOPSIS
phive [options] command [arguments]
PARAMETERS
--home
Specifies the phive home directory (default: ~/.phive)
--no-interaction
Disables interactive prompts
--trust-gpg-keys
Trusts the given GPG keys
--temporary-directory
Sets the temporary directory (default: system's temporary directory)
--debug
Enables debug output
--version
Shows the version number and exit
help [command]
Displays help for a specific command
list
Lists all installed PHARs
install [
Installs a PHAR. If no PHAR is specified, installs all PHARs defined in phive.xml
uninstall
Uninstalls a PHAR
update [
Updates a PHAR. If no PHAR is specified, updates all PHARs defined in phive.xml
exec
Executes a phar
phar-url
Resolves a PHAR alias to its URL
known-signatures
Lists all known signatures
remove-key
Removes a key from the trusted keys list
reset
Resets phive configuration
skel
Generates a phive.xml skeleton file
status
Shows the status of phive
purge
Purges the phive cache
add-key
Adds a GPG key to the trusted keys list
import-key
Imports a GPG key from a file
signatures
Verifies signatures
verify [
Verifies a phar
DESCRIPTION
Phive is a tool for managing PHP dependencies, specifically PHAR (PHP Archive) files. It allows you to install, update, and verify PHARs globally or on a per-project basis. Phive ensures the integrity of PHARs by verifying their SHA-256 checksums against a trusted repository. This helps prevent the use of compromised or malicious PHARs. Phive also handles resolving dependencies and downloading the correct versions of PHARs.
Unlike Composer, Phive is designed specifically for PHARs, making it ideal for managing command-line tools and other standalone PHP applications. It simplifies the process of making these tools available across your system or within specific projects. Phive uses a `phive.xml` or `phive.xml.dist` file to define project dependencies, similar to Composer's `composer.json` file.
PHAR INTEGRITY
Phive's primary strength lies in its ability to guarantee the integrity of PHAR files. It does this by downloading PHARs and verifying their SHA256 hashes against a list of trusted checksums. If a PHAR has been tampered with, or if the checksum does not match, Phive will refuse to install or execute the PHAR. This dramatically reduces the risk of using malicious code.
GLOBAL VS. PROJECT INSTALLATIONS
Phive can install PHARs both globally and on a per-project basis. Global installations make PHARs available system-wide. Project installations store PHARs within a specific project directory, ensuring that each project uses the correct versions of its dependencies and is not affected by changes to global installations. The installation location is determined by Phive's configuration and the command-line options used.