PHPackages                             elsnertechnologies/laravel-health-monitor - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. elsnertechnologies/laravel-health-monitor

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

elsnertechnologies/laravel-health-monitor
=========================================

Check the health of any PHP/Laravel package before you install it. Health score, Laravel compatibility check, alternatives and optional AI verdict — powered by live Packagist + GitHub data.

v1.0.1(3d ago)21MITPHP &gt;=7.2.5

Since Jul 6Compare

[ Source](https://github.com/elsnersupport/laravel_health_monitor)[ Packagist](https://packagist.org/packages/elsnertechnologies/laravel-health-monitor)[ RSS](/packages/elsnertechnologies-laravel-health-monitor/feed)WikiDiscussions Synced today

READMEChangelogDependencies (7)Versions (5)Used By (0)

Laravel Health Monitor
======================

[](#laravel-health-monitor)

**Check the health of any PHP/Laravel package before you install it.**

One artisan command gives you a 0–100 health score built from **live Packagist + GitHub data**, a Laravel compatibility answer, smart alternative suggestions, JSON output for CI/CD pipelines — and an optional AI verdict.

```
php artisan package:health spatie/laravel-permission --laravel=10

```

```
  📦 spatie/laravel-permission   98/100 Active / Safe
  Permission handling for Laravel 12 and up

  5 Dimensions. 1 Health Score.
  🔧 Maintenance    █████████████████████████  93/100
  👥 Community      █████████████████████████ 100/100
  📥 Usage          █████████████████████████ 100/100
  🧱 Stability      █████████████████████████ 100/100
  🔒 Security       █████████████████████████ 100/100

  ⬇  Total downloads      99,935,637
  ⬇  Monthly downloads    4,027,071
  ⭐ GitHub stars         12,910
  ⚠  Open issues          0
  🏷  Latest version       8.0.0
  🕐 Last updated         7 days ago

  🖥  Will it work on Laravel 10?
  ✘ NO — The latest release (8.0.0) does not support Laravel 10.
  → Install spatie/laravel-permission:6.25.0 instead.

  ✔ Recommendation
  Healthy and actively maintained. Safe to install.

  💡 Alternatives (similar packages, by usage)
  bezhansalleh/filament-shield            3,655,723 downloads
  kodeine/laravel-acl                     359,032 downloads

  🔗 Sources (verify every number yourself)
  Packagist: https://packagist.org/packages/spatie/laravel-permission
  GitHub:    https://github.com/spatie/laravel-permission

```

Features
--------

[](#features)

- 🩺 **0–100 health score** — weighted across 5 dimensions: Maintenance, Community, Usage, Stability, Security
- 📡 **Live data from Packagist + GitHub** — downloads, stars, releases, issues, security advisories, abandoned flags
- 🖥 **Laravel version compatibility check** — "will it work on Laravel X?" with the exact older version to install when the latest doesn't
- 💡 **Smart alternatives** — similar packages ranked by usage
- 🤖 **Optional AI verdict** — a short Claude-written recommendation (bring your own Anthropic API key; everything else works without one)
- ⚙️ **JSON output + `--min-score` gate** — drop it straight into CI/CD pipelines
- 🌐 **Web dashboard** — visit `/laravel-health-monitor` in your app to check any package in the browser and audit everything already installed in your project
- 🛡 **Full project audit** — one click checks *every* installed package for known CVEs and abandonment, health-scores your direct requirements, and **scans your application code for malware indicators** (webshells, obfuscated eval chains, PHP dropped in storage/uploads) plus hygiene problems (debug mode in production, exposed `.env`/`.git`)
- 🚀 **Simple installation** — one composer require, zero configuration required

Perfect for
-----------

[](#perfect-for)

- **Laravel developers** deciding between packages
- **Development teams** enforcing package quality standards
- **DevOps pipelines** gating dependencies in CI
- **Production applications** auditing what they already depend on

Requirements
------------

[](#requirements)

- PHP 7.2.5+
- Laravel 7, 8, 9, 10, 11, 12 or 13
- No API key needed (AI verdict is the only optional key-gated feature)

Installation
------------

[](#installation)

```
composer require elsner/laravel-health-monitor --dev
```

The service provider is auto-discovered. Optionally publish the config:

```
php artisan vendor:publish --tag=health-monitor-config
```

Usage
-----

[](#usage)

```
# Basic health check
php artisan package:health spatie/laravel-permission

# Will it work on my Laravel version?
php artisan package:health spatie/laravel-permission --laravel=10

# Machine-readable output for CI/CD
php artisan package:health spatie/laravel-permission --json

# Fail the build when the score is too low (CI gate)
php artisan package:health spatie/laravel-permission --json --min-score=70

# Include an AI verdict (requires ANTHROPIC_API_KEY)
php artisan package:health spatie/laravel-permission --ai

# Bypass the cache and fetch live data
php artisan package:health spatie/laravel-permission --fresh
```

Web dashboard
-------------

[](#web-dashboard)

Once the package is installed, open:

```
https://your-app.test/laravel-health-monitor

```

You get a browser dashboard that:

- **Checks any package on Packagist** — type any `vendor/package` (not just Laravel packages), pick a Laravel version, and get the full health report: score badge, 5 dimension bars, live metrics, compatibility answer, security advisories, alternatives and sources.
- **Lists every package installed in your project** — read from your app's `composer.lock`, with direct/dev requirements flagged and a one-click "Check health" link per package.
- **Runs a full project audit** — packages, code and hygiene in one report (see below).
- **Serves JSON too** — append `&format=json` to `/laravel-health-monitor/check?package=vendor/package` for machine-readable output.

[![Dashboard — check any package and see everything installed in your project](docs/dashboard.png)](docs/dashboard.png)

Click **Check health** on any package (installed or not) for the full report:

[![Health report — score, dimensions, live metrics, compatibility and alternatives](docs/report.png)](docs/report.png)

Configure it in `config/health-monitor.php`:

```
'web' => [
    'enabled' => env('HEALTH_MONITOR_WEB_ENABLED', true), // disable the routes entirely
    'path' => env('HEALTH_MONITOR_WEB_PATH', 'laravel-health-monitor'), // URL prefix
    'middleware' => ['web'], // add 'auth' to restrict access
],
```

> **Tip:** in production, either disable the dashboard (`HEALTH_MONITOR_WEB_ENABLED=false`) or add auth middleware — the page reveals your dependency list and audit results.

The views are publishable if you want to restyle them:

```
php artisan vendor:publish --tag=health-monitor-views
```

Full project audit (packages + code + malware scan)
---------------------------------------------------

[](#full-project-audit-packages--code--malware-scan)

Click **Run project audit** on the dashboard (or open `/laravel-health-monitor/audit`) and the package audits your whole application in four steps:

[![Project audit — vulnerable packages, dependency health, malware scan and hygiene checks](docs/audit.png)](docs/audit.png)

1. **All installed packages checked for known vulnerabilities** — every entry in your `composer.lock` is checked against the Packagist security-advisory database (batched, one HTTP request per 50 packages) and for abandoned flags.
2. **Direct requirements health-scored** — each package you explicitly require gets the full 0–100 health analysis, listed worst-first so you see what needs attention. Capped by `health-monitor.audit.max_health_checks` (default 25) to respect GitHub's 60 req/hour unauthenticated limit — set `HEALTH_MONITOR_GITHUB_TOKEN` to raise it.
3. **Code scan for malware indicators** — your `app/`, `config/`, `routes/`, `public/`, `storage/app` … directories are scanned for:
    - obfuscated `eval(base64_decode(...))` / `gzinflate` / `str_rot13` payload chains
    - `eval()`, `assert()`, `system()`, `exec()` fed by `$_GET`/`$_POST`/`$_REQUEST` input (backdoors/webshells)
    - request input used as a function name, `include`/`require` from request input or remote URLs
    - `unserialize()`/`extract()` of request input, `preg_replace` `/e`, `create_function()`
    - known webshell filenames (c99, r57, b374k, wso, …), PHP files with double extensions (`avatar.jpg.php`), PHP dropped in `storage/` or the public web root
    - heavy hex obfuscation and suspicious base64 blobs
4. **Project hygiene** — `APP_DEBUG` on outside local, missing `APP_KEY`, `.env` or `.git` exposed in the public web root, missing `composer.lock`.

Everything is condensed into **one 0–100 project score**. JSON output for CI: `/laravel-health-monitor/audit?format=json`; force live data with `?fresh=1`.

Tune the scan in `config/health-monitor.php`:

```
'audit' => [
    'max_health_checks' => env('HEALTH_MONITOR_AUDIT_HEALTH_CHECKS', 25),
    'scan' => [
        'paths' => ['app', 'bootstrap', 'config', 'database', 'routes', 'resources', 'public', 'storage/app'],
        'exclude' => ['vendor', 'node_modules', 'storage/framework', 'bootstrap/cache'],
        'max_files' => 5000,
        'max_file_size' => 1048576, // skip files over 1 MB
    ],
],
```

> **Note:** the code scan is a heuristic indicator scanner, not an antivirus. Findings are leads to review — and a clean result is not a guarantee. If you suspect a real compromise, rotate credentials and redeploy from a known-good source.

JSON output (CI/CD)
-------------------

[](#json-output-cicd)

`--json` prints a single JSON document; the exit code is `0` on success and `1` when the package is missing or below `--min-score`:

```
{
    "package": "spatie/laravel-permission",
    "score": 98,
    "status": "Active / Safe",
    "recommendation": "Healthy and actively maintained. Safe to install.",
    "dimensions": {
        "maintenance": 93,
        "community": 100,
        "usage": 100,
        "stability": 100,
        "security": 100
    },
    "compatibility": {
        "laravel": "10",
        "latest_version": "8.0.0",
        "latest_compatible": false,
        "compatible_version": "6.25.0"
    },
    "security": { "advisories": [], "abandoned": false, "replacement": null },
    "alternatives": [ ... ],
    "sources": { ... },
    "ai_verdict": null
}
```

GitHub Actions example:

```
- name: Gate new dependency
  run: php artisan package:health vendor/package --json --min-score=70
```

Configuration
-------------

[](#configuration)

All settings are environment-driven — publishing the config file is optional.

Env variablePurposeDefault`HEALTH_MONITOR_GITHUB_TOKEN` (or `GITHUB_TOKEN`)Raises GitHub API rate limit from 60 to 5000 req/hnone`HEALTH_MONITOR_ANTHROPIC_KEY` (or `ANTHROPIC_API_KEY`)Enables the `--ai` verdictnone`HEALTH_MONITOR_AI_MODEL`Claude model for the verdict`claude-opus-4-8``HEALTH_MONITOR_CACHE_TTL`API response cache in seconds (0 disables)`3600``HEALTH_MONITOR_HTTP_TIMEOUT`HTTP timeout in seconds`15`Step-by-step: using the plugin day to day
-----------------------------------------

[](#step-by-step-using-the-plugin-day-to-day)

### Step 1 — Before installing any new package

[](#step-1--before-installing-any-new-package)

```
php artisan package:health vendor/package --laravel=13
```

Read the three key lines first:

1. **The score badge** (`98/100 Active / Safe`) — your instant go/no-go signal.
2. **The compatibility answer** (`✔ YES` / `✘ NO → Install vendor/package:x.y.z instead`) — tells you the exact version to require.
3. **The recommendation line** — a plain-language summary of the verdict.

If all three look good, install it. If compatibility says NO, use the suggested version:

```
composer require vendor/package:^6.25
```

### Step 2 — When comparing two packages for the same job

[](#step-2--when-comparing-two-packages-for-the-same-job)

Run the check on both, then compare dimension by dimension:

```
php artisan package:health spatie/laravel-permission --laravel=13
php artisan package:health santigarcor/laratrust --laravel=13
```

Also look at the **💡 Alternatives** section of each report — it may surface a third option you didn't know about, ranked by real download numbers.

### Step 3 — Auditing what you already depend on

[](#step-3--auditing-what-you-already-depend-on)

Check the direct dependencies from your `composer.json`:

```
php artisan package:health barryvdh/laravel-dompdf --laravel=13
php artisan package:health maatwebsite/excel --laravel=13
```

Anything scoring below 60, abandoned, or carrying security advisories goes on your migration list.

### Step 4 — Enforcing quality in CI

[](#step-4--enforcing-quality-in-ci)

Gate new dependencies in your pipeline so low-quality packages never reach `main`:

```
# .github/workflows/ci.yml
- name: Dependency health gate
  run: php artisan package:health vendor/package --json --min-score=70
```

Exit code `0` = pass, `1` = below the bar (or package not found) — the build fails automatically.

### Step 5 — When you want a second opinion

[](#step-5--when-you-want-a-second-opinion)

```
php artisan package:health vendor/package --ai
```

With an Anthropic API key configured, Claude reads all collected metrics and writes a short verdict naming the strongest signal in favor and the biggest risk.

How to read the scores
----------------------

[](#how-to-read-the-scores)

### The overall score

[](#the-overall-score)

ScoreStatusWhat to do**80–100**🟢 `Active / Safe`Install with confidence.**60–79**🟡 `Aging / Caution`Usable, but check *which* dimension is dragging it down before committing.**0–59**🔴 `Risky / Avoid`Prefer an alternative. If you must use it, pin the version and plan an exit.any🔴 `Abandoned / Avoid`Maintainer gave up. Use the replacement shown, or an alternative.### Diagnosing a low score, dimension by dimension

[](#diagnosing-a-low-score-dimension-by-dimension)

The bars tell you *why* a score is low. Each dimension points at a different real-world problem:

Low dimensionWhat it meansWhat to check yourself🔧 **Maintenance**No recent releases or commits. Bugs and Laravel upgrades won't be handled.Last release date, open PRs sitting unmerged on GitHub.👥 **Community**Few stars/forks/watchers. Fewer people to answer questions or review code.Are there Stack Overflow answers? Active discussions/issues?📥 **Usage**Few downloads and dependents. Less battle-tested — edge cases may be yours to find.Is the package new (fine) or old-but-unused (red flag)?🧱 **Stability**Pre-1.0, few releases, or very young. API may break between versions.Changelog / upgrade guide quality, semver discipline.🔒 **Security**Known advisories, abandoned or archived repo, or no license.The `🛡 Security advisories` list in the report — each entry has a CVE link.Typical patterns:

- **High usage + low maintenance** → a once-popular package going stale (e.g. `fzaninotto/faker`). Migrate before it blocks a Laravel upgrade.
- **High maintenance + low usage/community** → young but active package. Fine for non-critical features; pin the minor version.
- **Security below 100** → scroll to `🛡 Security advisories`. Advisories on *old* versions are normal for mature packages — verify the version *you* would install is not in the affected range.

### Reading the compatibility answer

[](#reading-the-compatibility-answer)

OutputMeaning`✔ YES — The latest release (X) supports Laravel N.`Just `composer require` it.`✘ NO … → Install vendor/package:X instead.`Latest dropped your Laravel version; require the shown version explicitly.`✘ NO … no release supports Laravel N.`The package never supported your Laravel version. Pick an alternative.`~ No explicit Laravel requirement found`Framework-agnostic PHP package — it will work with any Laravel version (verify its PHP version requirement instead).### Exit codes (for scripts and CI)

[](#exit-codes-for-scripts-and-ci)

CodeCause`0`Report produced, score at or above `--min-score` (when given).`1`Package not found, invalid name, network failure, or score below `--min-score`.How the score works
-------------------

[](#how-the-score-works)

Each dimension is scored 0–100 from live data, then combined with these weights:

DimensionWeightSignals🔧 Maintenance30%Days since last release, releases in the last year, recent repo pushes, abandoned/archived flags🔒 Security20%Known security advisories, abandoned/archived status, license presence📥 Usage20%Total + monthly downloads, dependent packages👥 Community15%GitHub stars, forks, watchers🧱 Stability15%1.0+ releases, release history depth, package age- **80–100** → `Active / Safe`
- **60–79** → `Aging / Caution`
- **0–59** → `Risky / Avoid`

Thresholds and weights live in `config/health-monitor.php`.

Testing
-------

[](#testing)

```
composer install
composer test
```

License
-------

[](#license)

MIT — see [LICENSE](LICENSE).

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance99

Actively maintained with recent releases

Popularity5

Limited adoption so far

Community2

Small or concentrated contributor base

Maturity31

Early-stage or recently created project

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1 days

Total

2

Last Release

3d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/96aceb9ca036aacb4741c0b538299bb21e82eecac58666ce5e921deaf54f430e?d=identicon)[elsner\_technologies](/maintainers/elsner_technologies)

---

Tags

compatibilitylaravelhealthpackageaigithubAuditscorepackagistci-cd

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/elsnertechnologies-laravel-health-monitor/health.svg)

```
[![Health](https://phpackages.com/badges/elsnertechnologies-laravel-health-monitor/health.svg)](https://phpackages.com/packages/elsnertechnologies-laravel-health-monitor)
```

###  Alternatives

[spatie/laravel-export

Create a static site bundle from a Laravel app

674146.0k6](/packages/spatie-laravel-export)[craftcms/cms

Craft CMS

3.6k3.6M3.2k](/packages/craftcms-cms)[psalm/plugin-laravel

Psalm plugin for Laravel

3345.3M347](/packages/psalm-plugin-laravel)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9762.4M133](/packages/roots-acorn)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M167](/packages/laravel-mcp)[aedart/athenaeum

Athenaeum is a mono repository; a collection of various PHP packages

245.2k](/packages/aedart-athenaeum)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
