PHPackages                             escarter/laravel-obfuscator - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. escarter/laravel-obfuscator

ActiveLibrary[Security](/categories/security)

escarter/laravel-obfuscator
===========================

A powerful Laravel package for code obfuscation with encryption and variable name randomization

v1.1.0(7mo ago)538↓50%3MITPHPPHP ^8.0|^8.1|^8.2|^8.3

Since Oct 21Pushed 6mo agoCompare

[ Source](https://github.com/Escarter/laravel-obfuscator)[ Packagist](https://packagist.org/packages/escarter/laravel-obfuscator)[ RSS](/packages/escarter-laravel-obfuscator/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (2)Versions (3)Used By (0)

Laravel Obfuscator
==================

[](#laravel-obfuscator)

A powerful Laravel package for code obfuscation with encryption and variable name randomization. Protect your PHP source code with 9.5/10 security level (ionCube equivalent).

Features
--------

[](#features)

- 🔒 **XOR Encryption** - All PHP code is encrypted and executed via eval()
- 🌐 **Unicode Obfuscation** - Variable and method names replaced with Unicode lookalikes
- 🧹 **Blade View Cleaning** - Remove comments from Blade templates
- 📦 **Automatic Backups** - Create timestamped backups before obfuscation
- 🛡️ **Debug Disabling** - Prevent debugging attempts and hide error information
- ⚙️ **Highly Configurable** - Customize paths, exclusions, and protection levels
- 🎯 **Laravel Optimized** - Preserves Laravel/Livewire functionality
- 🚀 **Artisan Command** - Simple CLI interface

Installation
------------

[](#installation)

### Via Composer (Recommended)

[](#via-composer-recommended)

```
composer require escarter/laravel-obfuscator --dev
```

> **Note**: This package is now available as a stable v1.0.0 release on Packagist!

### Manual Installation (Local Package)

[](#manual-installation-local-package)

1. Create a `packages` directory in your Laravel project root:

```
mkdir -p packages/escarter
```

2. Clone or copy this package to `packages/escarter/laravel-obfuscator`
3. Add to your `composer.json`:

```
{
    "repositories": [
        {
            "type": "path",
            "url": "./packages/escarter/laravel-obfuscator"
        }
    ],
    "require-dev": {
        "escarter/laravel-obfuscator": "@dev"
    }
}
```

4. Run:

```
composer update escarter/laravel-obfuscator
```

Configuration
-------------

[](#configuration)

Publish the configuration file:

```
php artisan vendor:publish --tag=obfuscator-config
```

This creates `config/obfuscator.php` where you can customize:

- **Paths to obfuscate** (default: app, database, routes)
- **Excluded files** (preserve critical Laravel files)
- **Backup settings**
- **Encryption method**
- **Debug disabling features** (prevent debugging attempts)
- **Protected variable/method/property names**
- **Output verbosity**

### Configuration Example

[](#configuration-example)

```
// config/obfuscator.php
return [
    'paths' => [
        'app',
        'database',
        'routes',
    ],

    'excluded_files' => [
        'Kernel.php',
        'Handler.php',
        'ServiceProvider.php',
    ],

    'backup' => [
        'enabled' => true,
        'prefix' => 'BACKUP_',
    ],

    'unicode_names' => true,

    // ... more options
];
```

Usage
-----

[](#usage)

### Basic Obfuscation

[](#basic-obfuscation)

```
php artisan obfuscate:run
```

This will:

1. ✅ Create a timestamped backup
2. 🔒 Encrypt all PHP files in configured paths
3. 🧹 Clean Blade view comments
4. 📊 Display statistics and encryption key

### Dry Run Mode

[](#dry-run-mode)

Preview what will be obfuscated without making changes:

```
php artisan obfuscate:run --dry-run
```

### Skip Backup

[](#skip-backup)

If you've already created a backup manually:

```
php artisan obfuscate:run --no-backup
```

### Skip Blade View Cleaning

[](#skip-blade-view-cleaning)

Obfuscate only PHP files, leave Blade views untouched:

```
php artisan obfuscate:run --no-views
```

### Skip Debug Disabling

[](#skip-debug-disabling)

Disable debug prevention features (not recommended for production):

```
php artisan obfuscate:run --no-debug-disable
```

How It Works
------------

[](#how-it-works)

### 1. Code Parsing

[](#1-code-parsing)

The package uses `nikic/php-parser` to parse PHP files into Abstract Syntax Trees (AST).

### 2. Obfuscation

[](#2-obfuscation)

- **Variables**: Private variables are renamed with Unicode lookalikes
- **Methods**: Private/protected methods are obfuscated
- **Properties**: Private properties are renamed
- **compact()**: Converted to explicit arrays

### 3. Encryption

[](#3-encryption)

Code is encrypted using XOR cipher with a random key and base64 encoded.

### 4. Wrapper Generation

[](#4-wrapper-generation)

Encrypted code is wrapped in a self-executing eval() statement:

```