PHPackages                             artisanpack-ui/security - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. artisanpack-ui/security

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

artisanpack-ui/security
=======================

Core Laravel security toolkit — input sanitization, output escaping, KSES filtering, security headers, XSS protection, basic rate limiting, and Content Security Policy. Authentication / 2FA / RBAC / file uploads / analytics / compliance live in sibling packages.

2.0.2(3w ago)01.9k↑425%1[6 issues](https://github.com/ArtisanPack-UI/security/issues)8MITPHPPHP ^8.2CI passing

Since Apr 17Pushed 3w agoCompare

[ Source](https://github.com/ArtisanPack-UI/security)[ Packagist](https://packagist.org/packages/artisanpack-ui/security)[ RSS](/packages/artisanpack-ui-security/feed)WikiDiscussions main Synced today

READMEChangelog (7)Dependencies (31)Versions (13)Used By (8)

ArtisanPack UI Security
=======================

[](#artisanpack-ui-security)

[![Latest Version on Packagist](https://camo.githubusercontent.com/a73061ad29a66c1bf8be9b9fb06a39589199b0a80222c4df91396afabeaa97a8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6172746973616e7061636b2d75692f73656375726974792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/artisanpack-ui/security)

The **core** Laravel security toolkit in the ArtisanPack UI ecosystem. Focused on input sanitization, output escaping, KSES filtering, security headers, XSS protection, basic rate limiting, and Content Security Policy.

> **Security 2.0 — core-only.** Authentication, 2FA, RBAC, file uploads, analytics, and compliance have moved to dedicated sibling packages. See **[UPGRADE.md](UPGRADE.md)** for migrating from 1.x.

What's in this package
----------------------

[](#whats-in-this-package)

- **Sanitization** — `sanitizeEmail`, `sanitizeUrl`, `sanitizeText`, `sanitizeInt`, `sanitizeArray`, …
- **Escaping** — `escHtml`, `escAttr`, `escUrl`, `escJs`, `escCss` (Laminas Escaper backed)
- **KSES filtering** — `kses()` WordPress-style allowed-tag filtering
- **Validation rules** — `NoHtml`, `SecureUrl`
- **Middleware** — `csp`, `security.headers`, `xss.protection`, `api.security`, `api.rate_limit`
- **Content Security Policy** — nonce generator, policy builder, presets, violation reporting endpoint, CSP dashboard Livewire component (optional — requires `livewire/livewire`), Artisan commands (`csp:test`, `csp:stats`, `csp:prune`, `security:generate-csp`)
- **Security audit commands** — `security:audit`, `security:scan`, `security:baseline`, `security:benchmark`, `security:check-config`, `security:test-headers`, `security:scan-deps`
- **Testing infrastructure** — OWASP scanner, configuration scanner, penetration testing helpers, performance benchmarks, report generators

What's NOT in this package (sibling packages)
---------------------------------------------

[](#whats-not-in-this-package-sibling-packages)

CapabilityPackageAuthentication, 2FA, password complexity, breach checking, account lockout, advanced sessions`artisanpack-ui/security-auth`WebAuthn / FIDO2, SSO (SAML/OIDC), social auth, biometrics, device fingerprinting`artisanpack-ui/security-advanced-auth`Roles + permissions (Blade directives, Gate integration, Artisan commands)`artisanpack-ui/rbac`Secure uploads, malware scanning (ClamAV / VirusTotal), upload rate limiting`artisanpack-ui/secure-uploads`Security event logging, anomaly detection, threat intel, SIEM export, dashboards`artisanpack-ui/security-analytics`GDPR / CCPA / LGPD — consent, DSR, DPIA, data minimization, retention`artisanpack-ui/compliance`Installation
------------

[](#installation)

```
composer require artisanpack-ui/security
```

Publish the config:

```
php artisan vendor:publish --tag=security-config
```

Quick Start
-----------

[](#quick-start)

```
use ArtisanPackUI\Security\Facades\Security;

$cleanEmail = Security::sanitizeEmail($userEmail);
echo Security::escHtml($userContent);
```

Or use the global helpers:

```
$cleanEmail = sanitizeEmail($userEmail);
echo escHtml($userContent);
```

### Middleware

[](#middleware)

```
Route::middleware(['csp', 'security.headers', 'xss.protection'])->group(function () {
    // ...
});

Route::middleware('api.rate_limit:api')->group(function () {
    // ...
});
```

### CSP nonces in Blade

[](#csp-nonces-in-blade)

```

    // ...

```

Documentation
-------------

[](#documentation)

- [Getting Started](docs/getting-started.md)
- [API Reference](docs/api-reference.md)
- [Security Guidelines](docs/security-guidelines.md)
- [Upgrading from 1.x → 2.0](UPGRADE.md)
- [Changelog](CHANGELOG.md)

Requirements
------------

[](#requirements)

- PHP 8.2+
- Laravel 10 / 11 / 12 / 13 (Laravel 13 requires PHP 8.3+)

Sibling packages
----------------

[](#sibling-packages)

PackageScope[`artisanpack-ui/security-full`](https://github.com/ArtisanPack-UI/security-full)Meta-package — pulls in the full security suite (all six packages below) in a single require[`artisanpack-ui/rbac`](https://github.com/ArtisanPack-UI/rbac)Roles, permissions, hierarchy, Blade directives, Gate integration[`artisanpack-ui/security-auth`](https://github.com/ArtisanPack-UI/security-auth)2FA, password complexity, account lockout, sessions[`artisanpack-ui/security-advanced-auth`](https://github.com/ArtisanPack-UI/security-advanced-auth)WebAuthn, SSO, social login, biometric, device fingerprinting[`artisanpack-ui/secure-uploads`](https://github.com/ArtisanPack-UI/secure-uploads)File validation, malware scanning, signed-URL serving[`artisanpack-ui/security-analytics`](https://github.com/ArtisanPack-UI/security-analytics)Event logging, anomaly detection, SIEM, dashboards[`artisanpack-ui/compliance`](https://github.com/ArtisanPack-UI/compliance)GDPR / CCPA / LGPD consent, data subject rights, DPIA, retention, monitoringLicense
-------

[](#license)

MIT — see [LICENSE](LICENSE).

###  Health Score

50

—

FairBetter than 95% of packages

Maintenance95

Actively maintained with recent releases

Popularity22

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~69 days

Recently: every ~103 days

Total

7

Last Release

23d ago

Major Versions

1.0.3 → 2.0.02026-05-19

### Community

Maintainers

![](https://www.gravatar.com/avatar/ba2a2c40c9a93470595cd10701d2291434f3a7db61862d9700a9e69e31608c6c?d=identicon)[JacobMartellaWebDesign](/maintainers/JacobMartellaWebDesign)

---

Top Contributors

[![ViewFromTheBox](https://avatars.githubusercontent.com/u/8247489?v=4)](https://github.com/ViewFromTheBox "ViewFromTheBox (53 commits)")

---

Tags

authenticationauthorizationcsrflaravellaravel-packagephpsecuritylaravelsecuritycspcontent-security-policyxssrate limitingsanitizationescapingkses

###  Code Quality

TestsPest

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/artisanpack-ui-security/health.svg)

```
[![Health](https://phpackages.com/badges/artisanpack-ui-security/health.svg)](https://phpackages.com/packages/artisanpack-ui-security)
```

###  Alternatives

[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

86611.1M25](/packages/spatie-laravel-csp)[directorytree/ldaprecord-laravel

LDAP Authentication &amp; Management for Laravel.

5752.3M18](/packages/directorytree-ldaprecord-laravel)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6783.6k6](/packages/hasinhayder-tyro)[asbiin/laravel-webauthn

Laravel Webauthn support

311640.6k](/packages/asbiin-laravel-webauthn)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
