PHPackages deinte/laravel-blade-validator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Templating & Views](/categories/templating) 4. / 5. deinte/laravel-blade-validator ActiveLibrary[Templating & Views](/categories/templating) deinte/laravel-blade-validator ============================== Validate Blade templates for syntax errors, security issues, and best practices v0.0.1(4mo ago)01.8k↓29.8%MITPHPPHP ^8.2 Since Jan 6Pushed 4mo agoCompare [ Source](https://github.com/deinte/laravel-blade-validator)[ Packagist](https://packagist.org/packages/deinte/laravel-blade-validator)[ Docs](https://github.com/deinte/laravel-blade-validator)[ RSS](/packages/deinte-laravel-blade-validator/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (12)Versions (2)Used By (0) Laravel Blade Validator ======================= [](#laravel-blade-validator) Validate Blade templates for syntax errors, security issues, and best practices. Installation ------------ [](#installation) You can install the package via composer: ``` composer require --dev deinte/laravel-blade-validator ``` You can publish the config file with: ``` php artisan vendor:publish --tag="blade-validator-config" ``` Usage ----- [](#usage) ### Basic Usage [](#basic-usage) Validate all Blade templates in `resources/views`: ``` php artisan blade:validate ``` Validate specific paths: ``` php artisan blade:validate resources/views/components resources/views/layouts ``` ### Command Options [](#command-options) ``` php artisan blade:validate [options] [path...] Options: --fix Automatically fix safe issues --dry-run Preview fixes without applying them --ignore=* Patterns to ignore (fnmatch format) --format=text Output format: text, json, github --no-fail Exit with 0 even if errors found --rules= Comma-separated rules to run --exclude-rules= Comma-separated rules to skip --severity=error Minimum severity: error, warning, info ``` ### Auto-Fix [](#auto-fix) The validator can automatically fix certain safe issues: ``` # Preview what would be fixed php artisan blade:validate --dry-run # Apply fixes php artisan blade:validate --fix ``` **Fixable rules:** - `legacy-php-tags`: Converts `` to `{{ }}` - `deprecated-syntax`: Fixes `{{{ }}}`, `{{ e() }}`, `@else if` - `use-statement-in-php-block`: Moves `use` to `@use()` directive ### Examples [](#examples) ``` # JSON output for CI/CD php artisan blade:validate --format=json # GitHub Actions annotations php artisan blade:validate --format=github # Ignore patterns php artisan blade:validate --ignore="**/cache/**" --ignore="**/vendor/**" # Run only specific rules php artisan blade:validate --rules=raw-output-usage,sensitive-data-exposure # Exclude specific rules php artisan blade:validate --exclude-rules=deprecated-syntax # Show warnings and errors php artisan blade:validate --severity=warning ``` Validation Rules ---------------- [](#validation-rules) ### directive-in-component-attribute (error) [](#directive-in-component-attribute-error) Detects Blade directives used inside component tag attributes. ``` {{-- Invalid --}} {{-- Valid --}} $active]) /> ``` ### use-statement-in-php-block (error) [](#use-statement-in-php-block-error) Detects PHP `use` statements inside `@php` blocks. ``` {{-- Invalid --}} @php use App\Models\User; $users = User::all(); @endphp {{-- Valid --}} @use('App\Models\User') @php $users = User::all(); @endphp {{-- Or use fully qualified class names --}} @php $users = \App\Models\User::all(); @endphp ``` ### raw-output-usage (warning) [](#raw-output-usage-warning) Detects potentially unsafe raw output `{!! !!}` that bypasses escaping. ``` {{-- Flagged --}} {!! $userContent !!} {!! request()->input('html') !!} {{-- Suppress with comment --}} {{-- @security-ignore raw-output --}} {!! $trustedHtml !!} ``` ### unclosed-directive (error) [](#unclosed-directive-error) Detects unclosed block directives. ``` {{-- Invalid --}} @if($show) Content {{-- Missing @endif --}} {{-- Valid --}} @if($show) Content @endif ``` ### inline-javascript (warning) [](#inline-javascript-warning) Detects inline JavaScript patterns with Blade expressions. ``` {{-- Flagged --}} Click Link {{-- Valid alternatives --}} Click Click ``` ### sensitive-data-exposure (error) [](#sensitive-data-exposure-error) Detects potential exposure of sensitive data. ``` {{-- Flagged --}} {{ $user->password }} {{ config('app.key') }} {{ env('DB_PASSWORD') }} {{ $request->bearerToken() }} {{-- Safe --}} {{ $user->name }} {{ $user->email }} ``` ### deprecated-syntax (warning) [](#deprecated-syntax-warning) Detects deprecated Blade syntax. ``` {{-- Flagged --}} {{{ $variable }}} {{-- Use {{ }} instead --}} {{ e($variable) }} {{-- Double escaping --}} @else if($condition) {{-- Use @elseif --}} {{ str_limit($text, 100) }} {{-- Use Str::limit() --}} {{-- Valid --}} {{ $variable }} @elseif($condition) {{ Str::limit($text, 100) }} ``` ### legacy-php-tags (error) [](#legacy-php-tags-error) Detects legacy PHP tags (`