PHPackages                             duality-studio/lara-security - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. duality-studio/lara-security

ActiveLibrary[Security](/categories/security)

duality-studio/lara-security
============================

A straight implementation of security headers for Laravel

v0.3.0(10mo ago)01.2k↓53.8%MITPHPPHP ^8.2

Since Nov 26Pushed 10mo agoCompare

[ Source](https://github.com/DualityStudio/lara-security)[ Packagist](https://packagist.org/packages/duality-studio/lara-security)[ RSS](/packages/duality-studio-lara-security/feed)WikiDiscussions main Synced yesterday

READMEChangelog (6)Dependencies (2)Versions (7)Used By (0)

Lara Security
=============

[](#lara-security)

Simple way to add various security headers to a Laravel application.

This project is WIP and could with cleanup, better implementation and some docs.

Docs
====

[](#docs)

TODO, the bellow is 5 minute notes.

### Install

[](#install)

```
composer require duality-studio/lara-security

php artisan vendor:publish --provider="DualityStudio\LaraSecurity\LaraSecurityServiceProvider"
```

In your `app/Http/Kernel.php` add the following to the `$middleware` array or as you see fit.

```
\DualityStudio\LaraSecurity\SecurityHeaders::class,
```

In your `config/lara-security.php` you can configure the headers you want to use, all are enabled by default. In the CSP header is broken into directives.

### Nonces

[](#nonces)

If you intend to use a nonce in your you will need to add a script or style directive for your static files.

```

    window.addEventListener('load', function () {
        console.log(1);
    });

```

```

    body {
        background: #fff;
    }

```

### Usage with Vite

[](#usage-with-vite)

Set `use_vite` to true in the config file. This will automatically add the `nonce` to the script and style tags in the vite manifest.

Usage of the package is problematic when using the vite dev server, so you can disable the package when in dev mode by adding the following to your .env

```
LARA_SECURITY_ENABLED=false

```

### Usage with Inertia.JS

[](#usage-with-inertiajs)

If you are using Inertia.JS you will need to add the following to your `app.blade.php` file.

```

@routes(null, nonce(\DualityStudio\LaraSecurity\Directives::SCRIPT))
@viteReactRefresh
@vite(['resources/js/app.jsx', "resources/js/Pages/{$page['component']}.jsx"])
@inertiaHead

```

###  Health Score

35

—

LowBetter than 77% of packages

Maintenance54

Moderate activity, may be stable

Popularity18

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~125 days

Total

6

Last Release

321d ago

PHP version history (2 changes)v0.1PHP ^8.1

v0.2PHP ^8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/0ad54b5ea567c728fa20f9c1560ca552a940296013ce8aca81f85f83c8bb9737?d=identicon)[thomaspalmer94](/maintainers/thomaspalmer94)

---

Top Contributors

[![thomaspalmer](https://avatars.githubusercontent.com/u/2190634?v=4)](https://github.com/thomaspalmer "thomaspalmer (10 commits)")

---

Tags

datetimeheaderscsp

### Embed Badge

![Health badge](/badges/duality-studio-lara-security/health.svg)

```
[![Health](https://phpackages.com/badges/duality-studio-lara-security/health.svg)](https://phpackages.com/packages/duality-studio-lara-security)
```

###  Alternatives

[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

86611.1M25](/packages/spatie-laravel-csp)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M150](/packages/laravel-mcp)[mike-bronner/laravel-model-caching

Automatic caching for Eloquent models.

2.4k90.5k1](/packages/mike-bronner-laravel-model-caching)[illuminate/auth

The Illuminate Auth package.

10528.2M1.2k](/packages/illuminate-auth)[illuminate/routing

The Illuminate Routing package.

1419.2M3.0k](/packages/illuminate-routing)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
