Welcome to PHAR.IO

Adding all the required tools like PHPUnit, PHPMD and phpDox in their matching versions to a project used to be a lot of repetitive work: Started by finding the download URL, figuring out what the actually correct and matching version is followed by verifying the SHA1 and GPG signatures and making the archive executable. And of course you’d have to repeat this very thing for every tool needed.

Alternatively, you could have used composer. Only to clutter your project’s dependencies with the ones of your tools. And fight their potential dependency conflicts.

No more! Now you can rely on PHIVE to install and manage your project’s tooling needs without all the hassle and without cluttered dependencies!


The PHAR Installation and Verification Environment (PHIVE)

Installation and verification of phar distributed PHP applications has never been this easy!

Getting PHIVE

Installation of PHIVE is easy and about the last time you have to do anything PHAR related manually.

Grab your copy of PHIVE from the releases section or run these simple steps in a terminal:

wget -O phive.phar https://phar.io/releases/phive.phar
wget -O phive.phar.asc https://phar.io/releases/phive.phar.asc
gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x9D8A98B29B2D5D79
gpg --verify phive.phar.asc phive.phar
chmod +x phive.phar
sudo mv phive.phar /usr/bin/phive

Sample Usages

Once installed, PHIVE is ready for action. Some example invocations are shown below:

phive install phpunit
phive install theseer/Autoload
phive install -copy phpdox
phive install --target ./build/tools phpdox
phive install https://phar.phpunit.de/phpunit-4.8.6.phar

PHIVE is currently in alpha testing and still under heavy development.
Please bear with us and report any issues you find!

How it works

PHIVE makes installation easy by providing a means to resolve the given alias to an actual download location, including the verification of the certificate supplied by the server. Once downloaded, the archive’s SHA1, SHA256 or SHA512 hash is verified as well as its OpenPGP/GnuPG or OpenSSL signature.

Instead of re-downloading the same phar multiple times, the archive is kept at a shared location (by default in ~/.phive) and only a symbolic link is created for the project. You can of course also explicitly request a copy of the phar to be made in favor of symbolic links (use --copy).

Currently PHIVE supports three different methods to find the requested phar release:

For PHAR.IO registered aliases a central database file is downloaded to resolve alias names.
No actual hosting of phar files is done at phar.io, so no other runtime dependency to phar.io exists.

Currently known Projects

Let us know if we are missing any

Distributing PHARs

While you can always provide the fully qualified URL to a phar for installation, having a memorable alias is of course more convenient. To make your phar based project available to PHIVE users, you can either use your Github project identifier (username/projectname) or need to register an alias for it with phar.io. Downloads can be made available using Github releases or you can choose to provide your own download repository.

To register your alias please provide a PULL Request against the phar.io database file.

For the download repository you currently can choose between two supported repository types:

Github releases

To distribute phars via Github in a PHIVE compliant way, it needs to be made available as an attachment to a release - alongside with a valid gpg signature. For PHIVE to pick it up, the filenames need to end on ".phar" and ".phar.asc" respectively.

PHIVE supports Github's releases feature for repositories as of version 0.3.0.

See the HowTo for Github releases.


If you do not want to rely on Github releases for distribution, you can also run your own repository server. For this to work, merely a TLS enabled webserver and an xml file providing the necessary meta data is required. You can find an example for such a file here (XSD). It is recommended to have this file auto-generated, for instance by using the Phar-site-generator by Sebastian Bergmann. Please be aware that only secure downloads via HTTPS are supported by PHIVE.


PHIVE and PHAR.IO are open source projects released under the BSD license. You are welcome to join the development team!

Fork us!