Improving the long-term sustainability and security of the PHP ecosystem

Key facts

Investment Amount
Investment Year(s)
2023, 2024

The Sovereign Tech Fund is supporting the PHP Foundation to work on implementing improvements to the PHP ecosystem infrastructure and security.

The PHP Foundation is a non-profit collective dedicated to supporting, advancing, and developing the PHP language. This undertaking is a critical project to address challenges within the PHP ecosystem. PHP is used everywhere, from small blogs to large enterprise applications. Packagist, PHP's package manager, lists over 361,000 packages and has surpassed 50 billion installs. Efforts are needed to tackle issues like outdated infrastructure, lack of support documentation, and difficulties in onboarding new contributors. To address these challenges, the project is overhauling the outdated PHP extension distribution system, enhancing security measures, improving documentation, and developing automated testing frameworks. These improvements are vital for the long-term sustainability of the PHP ecosystem, benefiting developers and users worldwide.

Since the PHP language is a cornerstone of web development and used by major platforms and frameworks, ensuring its continued relevance and security is of paramount importance. The improvements will help modernize PHP infrastructure, enhance security, and streamline development processes, ultimately benefiting developers, businesses, and the wider online community. By addressing these challenges, this investment strengthens the wider FOSS ecosystem and fosters greater collaboration within the PHP community, ensuring the continued growth and relevance of the language in an evolving digital landscape.

Why is this important?

This project is crucial because PHP is a fundamental technology powering a significant portion of the internet, including websites, applications, and platforms relied upon by millions worldwide. Around 75% of all websites in the world rely on PHP, making it one of the most widely used technologies for web development. It is used by extremely large platforms like Wikipedia, Etsy, Flickr, and Tumblr, as well as being the basis for Drupal, WordPress, and Moodle, which are used in many websites by government, businesses, and civil society. PHP also forms the basis of many web development frameworks, such as Symfony and Laravel. The PHP language and all its different components and dependencies are regularly featured in surveys of highly-critical software.

What are we funding?

The Sovereign Tech Fund is commissioning work to overhaul the PHP extension distribution system and other security enhancements, to improve documentation, and to help develop an automated test and integration framework to reduce the burden on project maintainers.

  1. Extension Distribution Overhaul: Rewriting the PECL extension distribution system to improve reliability and security. This involves developing a new installer, leveraging GitHub release pages for fetching sources and binaries, and enhancing compatibility with different PHP versions.
  2. Security Enhancement: Collaborating with a security research group to conduct a comprehensive codebase audit of PHP and address any discovered vulnerabilities.
  3. Documentation Improvement: Updating and modernizing English-language PHP documentation to provide comprehensive coverage, integrate interactive examples, and simplify maintenance. This should make PHP more accessible to new developers and serve as a reliable reference for experienced ones.
  4. Testing Tool Development: Developing a PM/SAPI testing tool to automate server integration tests for various PHP-FPM issues, particularly those requiring higher loads. This tool will simulate real-world usage and load, enhancing the stability and performance of PHP applications.

More technologies

All technologies