I built a modern, open-source PHP code obfuscator (YakPro alternative)
▲ 0 r/PHP

I built a modern, open-source PHP code obfuscator (YakPro alternative)

About four months ago, my release pipeline suddenly broke because the official repository for YakPro Obfuscator simply vanished.

I was looking for a simple, effective way to add a layer of protection to my suite of AI-driven WordPress plugins before distributing them. I didn't want to rely on something like Ioncube because not every hosting provider supports the extension.

Since I couldn’t find a maintained alternative that reliably supported modern PHP syntax, I decided to build one.

I've been using it successfully in my own production pipelines for the last few months. It became pretty stable, so I wanted to announce it to the world.

Features

  • Full Modern PHP Support: Built on nikic/php-parser v5.x, supporting named arguments, enums, match expressions, readonly properties, intersection types, and even PHP 8.5's pipe operator and (void) cast.
  • Deobfuscation Resistance:
    • Opaque Predicates: Hard-to-analyze expressions in control flow flattening.
    • Dead Code Injection: Branches that never execute but confuse static analysis.
    • Per-file XOR Encoding: String literals are encoded using unique random keys.
  • Incremental Processing: Only process changed files since the last run.
  • Multi-pass Analysis: Scrambles symbols consistently across your entire project.
  • Clean Architecture: Modern PSR-4 OOP codebase with 100% test coverage for core components.

Ready for CI/CD, not just local machines

I included a ready-to-use GitHub Action, making it easy to integrate into your existing CI/CD pipeline. Every tagged release or production build can produce consistently obfuscated code without anyone remembering to run another command.

Add it to your release Github Action to obfuscate your code automatically:

steps:
  - uses: iserter/php-obfuscator@v0.1.7
    with:
      source: 'src'
      output: 'dist'

Available on Packagist/Composer too.

Install:

composer require iserter/php-obfuscator --dev

Use:

vendor/bin/obfuscate src/ -o dist/

Or use via Docker

If you’re a hygine freak for your host system, then here’s how you can use via Docker:

docker run --rm -v $(pwd):/app iserter/php-obfuscator src/ -o out/

See it on Github:

Repository:

github.com/iSerter/php-obfuscator

u/iSerter — 1 day ago
▲ 83 r/opencode+1 crossposts

I configured OpenCode to use free AI APIs from 6 providers.

Let's make one thing clear: this can't replace your agentic coding stack.

All free API providers have rate limits that make rapid-fire requests almost impossible.

The free models are not the smartest, but decent for mid-level tasks.

You can use these in your Github workflows, custom cronjobs that run a few times a day, or in Paperclip AI with concurrency=1 and heartbeat>3000 settings for simple tasks.

---

So here we go;

I bet many of you already know that we can configure subagents to use different AI providers/models. (see https://opencode.ai/docs/agents/#json )

So, why not configure a system that gets nearly ~5.000 req/day for free?

That's what I'm going after. I started with Paperclip AI, and I will do it for my Github workflows next. With a free gmail account per project, we can get ~5.000 requests / ~5 million tokens per day, for each project.

So, I wanted to share this with those who may be interested in.

Here are the providers I found useful:

1. Google AI Studio

Google’s free-tier gives you Gemini Flash 3.5, Gemma 4 31B, and more. Permanently.

The real-world caveat? It’s rate-limited per minute on the free tier, but you can always integrate it into your processes with a bit control.

Don’t use it for rapid-fire, real-time chat loops. Use it for asynchronous tasks that you can queue.

Gemini 3.5 Flash is fairly good for planning and orchestration. You can delegate the simpler tasks to Gemma 4, which you get 1500 requests per day on free-tier.

2. NVIDIA NIM

Nvidia NIM (build.nvidia.com) gives you free developer access to over 100 models. Minimax-M3 and nemotron-3-ultra-550b-a55b are pretty capable mid-range reasoning models.

Nvidia’s API is 100% OpenAI-compatible. You change the base_url to Nvidia’s endpoint, drop in your nvapi- key, and your existing code just works.

NVIDIA NIM Free-Tier Limits

A flat rate of 40 requests per minute.

That is more than enough for local prototyping. Use it to power your terminal assistants. Plug it into IDE tools like OpenCode or Cline. Use it to validate multi-turn tool calling before you push to production.

But there is a catch: They may use your prompts to train their models. Avoid using Nvidia with sensitive/propriety data.

Also, It’s an evaluation sandbox. There is no production SLA. They want to sell you enterprise licenses to self-host on your own GPUs later.

Let them. For now, take the free compute and build your agent logic without watching a billing dashboard.

3. OpenRouter

OpenRouter has been one of my goto providers. It doesn’t provide great uptime for every model, but it offers pretty much every LLM on their platform, including pretty powerful free models during preview periods.

Each model/inference-privoder has different free-tier limits. Currently nvidia/nemotron-3-ultra-550b-a55b:free , google/gemma-4-31b-it:free, and openai/gpt-oss-120b:free are my go-to models for basic tasks.

4. Cerebras

When latency matters and you don’t need large models, Cerebras shines.

Cerebras’s speed is mind-blowing.

I got 1304 T/s (0.52 seconds) when I tried Gemma 4 on Cerebras.

Gemma 4 is a game-change for price and speed for tasks such as content writing and quick prototyping.

Cerebras free-tier daily limits

Their free tier gives you a million tokens a day with a 30req/min rate limit.

5. Groq

Second to Cerebras, Groq provides lightening-fast inferences too. It runs open-source models like Llama 3 on custom LPU hardware. Sufficient for basic tasks. They hit 500 to 700 tokens per second. The free tier hands you about 1,000 requests daily. I honestly almost never have to fallback to Groq, but I wanted to add it here for your information.

6. Opencode Zen

Including OpenCode Zen's free tier too, there are 6 providers where we can get free inference from. Enjoy.

u/iSerter — 4 days ago
▲ 2 r/WordpressPlugins+1 crossposts

What do you think about annual plugin licenses?

​

Hi guys, help me finalize my pricing.

I have developed 5 WordPress plugins which I'll release in the upcoming weeks.

Here's my problem;

I'd love to make them a one-time-purchase, but then I could breakeven only if I sell ~1.000 copies per year because I want to keep developing them and making them better.

If I can't sell another ~1000 copies next year, then I can't afford developing them further.

They're already fairly good and I suppose clients could settle for an "OK plugin" at ~$40 bucks one-time-purchase.

On the other hand, I could make them sooo much better if I can get ~1000 clients onboard for recurring annual payments.

I see both licensing types in the WordPress market, but I don't know what the sales numbers are like.

One solution I think of is to sell them as one-time-purchase with 1 year of updates and support.

So, next year, you'd have the option to pay and get further updates (+1 year) or be stuck with the version you have. It may still be a bit tough to survive in the long term because many prople may be just fine with the versions they have...

What do you think? What is your purchase behavior like?

View Poll

reddit.com
u/iSerter — 9 days ago
▲ 115 r/opencode+1 crossposts

Qwen 3.7 Max is extremely stupid.

I had issues with Qwen 3.6 plus too, but I could be forgiving of those errors due to much cheaper pricing. But I don't understand what the buzz is about this Qwen 3.7 being much more expensive and having "better benchmarks".

It feels like this is what they mean by "trained for benchmarks" because I definitely don't get performance any near to the models it is compared to. (Eg: Opus 4.6).

It's soo bad that I can finaly emphatize with developers who have an aversion against AI usage.

The first one, I asked it to use the default GITHUB_TOKEN instead of a custom PAT, and it deleted unrelated release-please configs.

The second one, I asked it to fix failing tests CI, it first enabled the register page that was disabled (wtf?) and then I asked it to keep it disabled

> but I want to disable registration to the app. Please Adjust the app to disable registration.

and it decided to delete it instead... like it can't even understand the difference between "disabling" and "removing". wtf?

It's just costing me much more time (=money) to get things done as compared to using other SOTA models.

what do you think?

u/iSerter — 12 days ago
▲ 18 r/electronjs+1 crossposts

I have been developing desktop apps with Electron -just because it was easy to start with since I'm familiar with Javascript/Typescript.

With the effectiveness of the latest agentic coding tools, I've reached the point where I considered jumping into a new paradigm if the benefits outweighs the learning challenges.

So, I had Gemini do deep research on the subject and write some reports.

Looking at the reports, I decided to stick with Electron for a bit further because my top criteria is which framework has the least amount of red flags until I catch up in the Flutter world.

Let me explain.
I can live with the bloated binary size, slower launch, and a bit more memory consumption.

As Gemini pointed out:

>

On the other hand, seeing "Fragile" for Tauri and Wails was an instant deal breaker for me.

Limited UI eliminates Go Fyne for many scenarios although I may consider it for small use cases.

That leaves me with Flutter. It was already on my roadmap for mobile development and now I have another reason.

Here's the comparison matrix I had Gemini generate after deep research:

Feature / Metric Electron Tauri (v2.11+) Wails (v3 Alpha) Flutter (v3.41+) Go Fyne (v2.7+)
Backend Language Node.js (V8) Rust Go Dart Go
Frontend Renderer Bundled Chromium System WebView System WebView Custom Canvas Native OpenGL
Binary Size (Base) ~80 MB ~3 MB ~10 MB ~20 MB ~6 MB
RAM Usage (Idle) 200–400 MB 30–50 MB 40–80 MB 100–200 MB ~52 MB
Startup Speed Slow (2–5s) Instant (<0.2s) Fast (0.5s) Moderate (1s) Instant (0.3s)
Security Model Hardened Node Capability System Bound Bridge Platform Channels Process-level
Mobile Support No Yes Experimental Excellent Yes
Linux Performance Excellent Fragile (WebKit) Fragile (WebKit) Good Good
Code Signing/CI Very Mature Mature Developing Mature Simple
Ecosystem Stars 121k 106k 34k 176k 28k
Primary Advantage Consistency Efficiency Go DX UI Aesthetics Simplicity
Primary Drawback Bloat Rust Curve Maturity Dart Logic Limited UI Flex

What do you think?

reddit.com
u/iSerter — 2 months ago