PHPackages glaivepro/hidevara - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. glaivepro/hidevara ActiveLibrary[Security](/categories/security) glaivepro/hidevara ================== Laravel millipackage that hides variables from getting dumped in the Whoops page when your app crashes. 1.1.0(6y ago)27303.9k—7.7%1[1 issues](https://github.com/GlaivePro/Hidevara/issues)MITPHP Since Nov 6Pushed 5y ago1 watchersCompare [ Source](https://github.com/GlaivePro/Hidevara)[ Packagist](https://packagist.org/packages/glaivepro/hidevara)[ Docs](https://github.com/GlaivePro/Hidevara)[ RSS](/packages/glaivepro-hidevara/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (5)Dependencies (1)Versions (8)Used By (0) Hidevara ======== [](#hidevara) > Even though Laravel >=6.x includes Ignition which no longer dumps your variables, it requires Whoops itself. And in some cases you can still get to the old error page with variables dumped. > This package works fine with Laravel 8. I haven't updated it lately because it just works as fine as it did before. Laravel millipackage that hides your variables from getting dumped in the Whoops page when your app crashes. `Hidevara` is japonese for `hide the damn vars`. Usage ----- [](#usage) Install it: ``` $ composer require glaivepro/hidevara ``` To deal with the cases where the app crashes before loading providers, you should open your `bootstrap/app.php` and extend the handler. Find these rows (or something similar with another namespace if you've changed that): ``` // This is already there $app->singleton( Illuminate\Contracts\Debug\ExceptionHandler::class, App\Exceptions\Handler::class ); ``` Immediately after that insert these lines to extend the handler: ``` // Enable only outside testing as this does not work well with phpunit... see below if ('testing' != env('APP_ENV')) // this will work even with config caching $app->extend( Illuminate\Contracts\Debug\ExceptionHandler::class, function($handler) { return new GlaivePro\Hidevara\HidingHandler($handler); }); ``` By default this package will: - leave your GET and FILES intact; - hide value of any POST field that has a name containing `password`; - hide values of SESSION and COOKIE; - remove almost all SERVER variables (except REDIRECT\_STATUS, REQUEST\_METHOD, QUERY\_STRING, REQUEST\_URI); - remove all ENV variables. "Hide" means that the value will be replaced with a string. By default it's empty string for null/emptystring values and `[hidden]` for everything else. Customization ------------- [](#customization) Publish the config: ``` $ php artisan vendor:publish --provider="GlaivePro\Hidevara\Provider" ``` Now you've got your very own `config/hidevara.php` file to edit. You'll see a set of rules (`'action' => $test`) associated with each of the variables. The test can be an array of exact field names, string with a regex or `true` to take this action for anything. Here's an example: ``` '_GET' => [ //this is the ruleset for fields in GET 'expose' => true, // show all fields ], '_ENV' => [ 'remove' => ['APP_KEY'], // remove key field entirely 'hide' => '/password/i', // hide anything that matches regex contains password 'trash' => '/PUSHER/' // anything that's not 'expose' or 'hide' will remove matched fields 'expose' => true, // expose all that remains ], '_SERVER' => [ 'expose' => ['REQUEST_METHOD'], // show the REQUEST_METHOD // everything that hasn't matched a rule will be removed ], ``` There are also `replaceHiddenValueWith` and `replaceHiddenEmptyValueWith` where you can supply whatever strings you love (like 🍑). Changes to error handling ------------------------- [](#changes-to-error-handling) To hide the global variables from Whoops, they are hijacked/ruined just before calling your `Handler::render()`. If you need access to the original global at that method, you can get them in `$GLOBALS['hidevara']`. For example, `$GLOBALS['hidevara']['_SERVER']` is what `$_SERVER` was. Working with PHPUnit -------------------- [](#working-with-phpunit) Sometimes (supposedly when an exception is raised) this package crashes PHPUnit. To prevent this, we are not enabling the custom handling when the environment is `testing`. If you do need to enable this while running PHPUnit, the errors can be prevented by setting `processIsolation="true"` on the `` tag in your `phpunit.xml`. Collaboration ------------- [](#collaboration) Pls help! Here are the open problems and questions: - We should make a console command that fixes `app\bootstrap.php`. Can we force calling it in the provider if needed? - What should the default config be? - Should config allow repeating the same type of rule? It's possible but would make config syntax more complicated. - Are there better ways to do this in Laravel? - Can we intercept directly in the Whoopsies `PrettyPageHandler` and make this not Laravel specific? Change log ---------- [](#change-log) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 39 — LowBetter than 86% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity42 Moderate usage in the ecosystem Community9 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~83 days Recently: every ~100 days Total 7 Last Release 2249d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/6674d01479885d0c1929e0529fd4aa68aaf2ca8e4816c774b55ea584de900135?d=identicon)[tontonsb](/maintainers/tontonsb) ![](https://www.gravatar.com/avatar/515e937ed538554cfdcf8c0ac3d0917179c9ee9c5ae2c543fd59696eecd5975f?d=identicon)[Larzs](/maintainers/Larzs) --- Top Contributors [![tontonsb](https://avatars.githubusercontent.com/u/16481303?v=4)](https://github.com/tontonsb "tontonsb (20 commits)") --- Tags hacktoberfestlaravelwhoops-pagelaravelsecuritywhoops ### Embed Badge ![Health badge](/badges/glaivepro-hidevara/health.svg) ``` [![Health](https://phpackages.com/badges/glaivepro-hidevara/health.svg)](https://phpackages.com/packages/glaivepro-hidevara) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[enlightn/laravel-security-checker A Laravel package to scan your dependencies for known security vulnerabilities. 51173.4k](/packages/enlightn-laravel-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)