PHPackages elohim/laravel-security-check - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. elohim/laravel-security-check Abandoned → [leonardolima/laravel-security-check](/?search=leonardolima%2Flaravel-security-check)Library[Security](/categories/security) elohim/laravel-security-check ============================= Security validator for Laravel projects v1.3.3(8mo ago)5687MITPHPPHP ^8.2 Since May 26Pushed 3mo ago1 watchersCompare [ Source](https://github.com/leonardo403/laravel-security-check)[ Packagist](https://packagist.org/packages/elohim/laravel-security-check)[ RSS](/packages/elohim-laravel-security-check/feed)WikiDiscussions develop Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (10)Used By (0) [![Laravel Security Check](art/SecurityScan.png)](art/SecurityScan.png) Laravel Security Check ====================== [](#laravel-security-check) This project aims to provide tools and best practices to verify and improve the security of Laravel applications. Features -------- [](#features) ✅ Check for insecure configurations ✅ Analyze file and directory permissions ✅ Debugbar and Telescope Make sure packages like barryvdh/laravel-debugbar and laravel/telescope are not enabled in production. ✅ APP\_URL Check if APP\_URL is correctly configured for the production domain. - APP\_KEY Already validating, but you can also check if it is not the default key (base64:... unchanged). ✅ Queue and Cache Drivers Avoid using drivers like sync or file in production for QUEUE\_CONNECTION and CACHE\_DRIVER. ✅ Session Driver Avoid SESSION\_DRIVER=file in production, prefer redis or database. ✅ Mail Driver Avoid MAIL\_MAILER=log or MAIL\_MAILER=array in production. - Trusted Proxies Make sure TRUSTED\_PROXIES is set if you are behind a proxy/reverse proxy. - CORS Make sure your CORS settings are not too open. - Logging Avoid LOG\_CHANNEL=stack with single in production, prefer daily or external systems. ✅ Public Directories Make sure sensitive files (like .env, composer.lock, etc.) are not publicly accessible. - Composer Autoload Make sure autoload is optimized (composer dump-autoload -o). - Config Cache Make sure configs are cached (php artisan config:cache). - Route Cache Make sure routes are cached (php artisan route:cache). ✅ Debug Mode Besides APP\_DEBUG, make sure that there are no other debug modes active. ✅ Error Exposure Check that APP\_DEBUG is false and that there are no custom handlers exposing stack traces. How to use by cloning the repository ------------------------------------ [](#how-to-use-by-cloning-the-repository) 1. Clone the repository: ``` git clone https://github.com/leonardo403/laravel-security-check.git ``` 2. Install the dependencies: ``` composer install ``` 3. Run the security checks: ``` php artisan security:scan ``` Using with Composer Install --------------------------- [](#using-with-composer-install) 1. Install the package via Composer: ``` composer require leonardolima/laravel-security-check ``` 2. After installation, you can run the security check command: ``` php artisan security:scan ``` Requirements ------------ [](#requirements) - PHP >= 8.2 - Composer - Laravel >= 9.x Contribution ------------ [](#contribution) Contributions are welcome! Feel free to open issues or send pull requests. License ------- [](#license) This project is licensed under the MIT License. ### Health Score 42 — FairBetter than 90% of packages Maintenance71 Regular maintenance activity Popularity18 Limited adoption so far Community15 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 76.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~17 days Recently: every ~26 days Total 7 Last Release 246d ago PHP version history (2 changes)1.0.0PHP ^8.0 v1.3.3PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/dc11c41f38e72fe7b777195c0c2f3c679bd93ed658833e47a39e66f5967a2f1a?d=identicon)[leonardo403](/maintainers/leonardo403) --- Top Contributors [![hmayer](https://avatars.githubusercontent.com/u/20026?v=4)](https://github.com/hmayer "hmayer (26 commits)")[![leonardo403](https://avatars.githubusercontent.com/u/1495669?v=4)](https://github.com/leonardo403 "leonardo403 (6 commits)")[![marco-acorte](https://avatars.githubusercontent.com/u/6375935?v=4)](https://github.com/marco-acorte "marco-acorte (1 commits)")[![massiws](https://avatars.githubusercontent.com/u/6533289?v=4)](https://github.com/massiws "massiws (1 commits)") --- Tags laravelchecksecurity ### Embed Badge ![Health badge](/badges/elohim-laravel-security-check/health.svg) ``` [![Health](https://phpackages.com/badges/elohim-laravel-security-check/health.svg)](https://phpackages.com/packages/elohim-laravel-security-check) ``` ### Alternatives [tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[leonardolima/laravel-security-check Security validator for Laravel projects 582.4k](/packages/leonardolima-laravel-security-check)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)