PHPackages darvis/livewire-injection-stopper - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. darvis/livewire-injection-stopper ActiveLibrary[Security](/categories/security) darvis/livewire-injection-stopper ================================= Laravel middleware package to block spam robots and injection attempts, with Livewire security audit tools v1.2.3(2mo ago)21.3k↑20.9%[1 issues](https://github.com/ArvidDeJong/livewire-injection-stopper/issues)1MITPHPPHP ^8.1|^8.2|^8.3CI failing Since Jan 3Pushed 2mo ago1 watchersCompare [ Source](https://github.com/ArvidDeJong/livewire-injection-stopper)[ Packagist](https://packagist.org/packages/darvis/livewire-injection-stopper)[ Docs](https://github.com/ArvidDeJong/livewire-injection-stopper)[ RSS](/packages/darvis-livewire-injection-stopper/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (7)Versions (8)Used By (1) Livewire Injection Stopper ========================== [](#livewire-injection-stopper) **Protect your Laravel + Livewire application from spam bots and security vulnerabilities.** [![Latest Version](https://camo.githubusercontent.com/52fba286cccd8f21dc36f43c6c9f9ea451a948079b3dc0c807644d21280ecdf1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6461727669732f6c697665776972652d696e6a656374696f6e2d73746f707065722e737667)](https://packagist.org/packages/darvis/livewire-injection-stopper)[![License](https://camo.githubusercontent.com/0a6cfa074eb9c85fdabc12750884af8531c34b6538122f56ba5f733b0da970b2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6461727669732f6c697665776972652d696e6a656374696f6e2d73746f707065722e737667)](https://packagist.org/packages/darvis/livewire-injection-stopper) What does this package do? -------------------------- [](#what-does-this-package-do) This package protects your Laravel application in three ways: ### 1. 🛡️ Blocks Spam Bots [](#1-️-blocks-spam-bots) Automatically blocks automated spam bots (like Python scripts, curl, wget) from accessing your website. No more spam form submissions! ### 2. 🔍 Finds Security Holes in Livewire [](#2--finds-security-holes-in-livewire) Scans your Livewire components and tells you which properties attackers could manipulate. For example, if you have `public $isAdmin = false`, an attacker could change it to `true` in their browser! ### 3. 🔇 Silences Sentry Errors from Bot Attacks [](#3--silences-sentry-errors-from-bot-attacks) When bots manipulate Livewire payloads, they can trigger `CannotUpdateLockedPropertyException` or Livewire property-assignment `TypeError` exceptions. This package silently handles those bot-driven exceptions and prevents them from being reported to Sentry or other error tracking services, keeping your error logs clean. Installation ------------ [](#installation) ``` composer require darvis/livewire-injection-stopper ``` That's it! The spam bot blocking is now active. Check Your Security ------------------- [](#check-your-security) Run this command to scan your Livewire components: ``` php artisan livewire-injection-stopper:audit ``` It will show you which properties need protection. Example: Fixing a Security Issue -------------------------------- [](#example-fixing-a-security-issue) **Before (Vulnerable):** ``` class CheckoutComponent extends Component { public $price = 100.00; // ⚠️ Attacker can change this to $0.01! } ``` **After (Secure):** ``` use Livewire\Attributes\Locked; class CheckoutComponent extends Component { #[Locked] // ✅ Now protected! public $price = 100.00; } ``` What Gets Blocked? ------------------ [](#what-gets-blocked) By default, these bots are blocked: - Python scripts (`python-requests`) - Command-line tools (`curl`, `wget`) - Web scrapers (`scrapy`) - Generic bots and crawlers Real browsers and users are never blocked. Configuration (Optional) ------------------------ [](#configuration-optional) Want to customize? Publish the config file: ``` php artisan vendor:publish --tag=livewire-injection-stopper-config ``` Now you can: - Add or remove blocked bots - Block specific IP addresses - Whitelist certain routes (like webhooks) - Enable/disable Sentry error silencing Sentry Error Silencing ---------------------- [](#sentry-error-silencing) By default, this package silences bot-driven Livewire update exceptions, including: - `CannotUpdateLockedPropertyException` - Livewire property assignment `TypeError` exceptions (for example: `Cannot assign array to property ...`) This keeps your Sentry error logs clean. **How it works:** - Middleware blocks suspicious Livewire update payloads before component assignment when possible - If Livewire still throws a protected-property or array-assignment exception, this package catches it and returns a 403 response - The exception is logged locally (if logging is enabled) but NOT sent to Sentry ### Important: Custom Exception Handlers [](#important-custom-exception-handlers) If your app overrides `report()` in `app/Exceptions/Handler.php` and directly calls Sentry (`captureException`), make sure you skip reporting when `SilentExceptionHandler::shouldSilence($exception)` returns `true`. Otherwise, your custom handler can bypass package silencing. **To disable this feature:** ``` // config/livewire-injection-stopper.php 'silence_locked_property_exceptions' => false, ``` Documentation ------------- [](#documentation) For detailed documentation, see the [`/docs`](docs/README.md) folder: - **[Installation Guide](docs/installation.md)** - Detailed setup instructions - **[Security Audit](docs/security-audit.md)** - How to use the audit command - **[Middleware Configuration](docs/middleware-configuration.md)** - Customize bot blocking - **[Livewire Security](docs/livewire-security.md)** - Understanding the threats - **[Testing](docs/testing.md)** - Running tests Quick Links ----------- [](#quick-links) - 📖 [Full Documentation](docs/README.md) - 🐛 [Report Issues](https://github.com/darvis/livewire-injection-stopper/issues) - 💬 [Get Support](mailto:info@arvid.nl) Requirements ------------ [](#requirements) - PHP 8.1+ - Laravel 11.0 or 12.0 - Livewire 3.0 License ------- [](#license) MIT License - feel free to use in any project! Credits ------- [](#credits) Created by [Arvid de Jong](mailto:info@arvid.nl) --- **Need help?** Check the [documentation](docs/README.md) or email ### Health Score 43 — FairBetter than 91% of packages Maintenance73 Regular maintenance activity Popularity23 Limited adoption so far Community11 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~8 days Total 7 Last Release 87d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/24c445b7580e09ff72b8340d1423886148c4c8a249d0a828c98285109e7e5663?d=identicon)[darvis](/maintainers/darvis) --- Top Contributors [![ArvidDeJong](https://avatars.githubusercontent.com/u/7394837?v=4)](https://github.com/ArvidDeJong "ArvidDeJong (8 commits)") --- Tags middlewarelaravelsecuritylivewirespam protectionsecurity-auditinjection-protection ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/darvis-livewire-injection-stopper/health.svg) ``` [![Health](https://phpackages.com/badges/darvis-livewire-injection-stopper/health.svg)](https://phpackages.com/packages/darvis-livewire-injection-stopper) ``` ### Alternatives [tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)