Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding -  Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
github.com/mongodb/mongo-php-library
Advanced tools
- Version
- v0.0.0-20251027142012-89481cce345e
- Version published
- Created
MongoDB PHP Library
This library provides a high-level abstraction around the lower-level
PHP driver (mongodb extension).
While the extension provides a limited API for executing commands, queries, and write operations, this library implements a full-featured API similar to that of other MongoDB drivers. It contains abstractions for client, database, and collection objects, and provides methods for CRUD operations and common commands (e.g. index and collection management).
If you are developing an application with MongoDB, you should consider using this library, or another high-level abstraction, instead of the extension alone.
Additional information about the architecture of this library and the mongodb
extension may be found in
Architecture Overview.
Documentation
Installation
The preferred method of installing this library is with Composer by running the following from your project root:
$ composer require mongodb/mongodb
Additional installation instructions may be found in the library documentation.
Since this library is a high-level abstraction for the driver, it also requires
that the mongodb extension be installed:
$ pecl install mongodb
$ echo "extension=mongodb.so" >> `php --ini | grep "Loaded Configuration" | sed -e "s|.*:\s*||"`
Additional installation instructions for the extension may be found in its PHP.net documentation.
Release Integrity
Releases are created automatically and the resulting release tag is signed using
the PHP team's GPG key. To verify the
tag signature, download the key and import it using gpg:
gpg --import php-driver.asc
Then, in a local clone, verify the signature of a given tag (e.g. 1.19.0):
git show --show-signature 1.19.0
[!NOTE] Composer does not support verifying signatures as part of its installation process.
Reporting Issues
Issues pertaining to the library should be reported in the PHPLIB project in MongoDB's JIRA. Extension-related issues should be reported in the PHPC project.
For general questions and support requests, please use one of MongoDB's Technical Support channels.
Security Vulnerabilities
If you've identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions in Create a Vulnerability Report.
Development
Development is tracked in the PHPLIB project in MongoDB's JIRA. Documentation for contributing to this project may be found in CONTRIBUTING.md.
FAQs
Unknown package
Package last updated on 27 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding -  Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding -  Oct 29, 2025