PHPackages hettiger/spa-honeypot - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. hettiger/spa-honeypot ActiveLibrary[Security](/categories/security) hettiger/spa-honeypot ===================== Honeypot package for Single Page Applications v0.3.0(7mo ago)0204MITPHPPHP ^8.2|^8.3|^8.4CI passing Since Dec 30Pushed 7mo ago1 watchersCompare [ Source](https://github.com/hettiger/spa-honeypot)[ Packagist](https://packagist.org/packages/hettiger/spa-honeypot)[ Docs](https://github.com/hettiger/spa-honeypot)[ RSS](/packages/hettiger-spa-honeypot/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (13)Versions (9)Used By (0) Honeypot package for Single Page Applications ============================================= [](#honeypot-package-for-single-page-applications) [![Latest Version on Packagist](https://camo.githubusercontent.com/921814db53f1c45e138667a2b4c4a750bdf7b55c9ab850a0a662b4a151ade85a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f68657474696765722f7370612d686f6e6579706f742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hettiger/spa-honeypot)[![GitHub Tests Action Status](https://camo.githubusercontent.com/ca7f252989c352bd1cf26b6ec72ae8d53dd830990746cc4b2a6ec59b7e3fb0a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f68657474696765722f7370612d686f6e6579706f742f72756e2d74657374733f6c6162656c3d7465737473)](https://github.com/hettiger/spa-honeypot/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/a73d3e6fb167523b2ba10d814208e92cd07dfcbaed651329e3d18bd9cc291300/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f68657474696765722f7370612d686f6e6579706f742f466978253230504850253230636f64652532307374796c652532306973737565733f6c6162656c3d636f64652532307374796c65)](https://github.com/hettiger/spa-honeypot/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/3100aad6a8e0b5234c9856c127303d6a7ee226f26b968e606d2e4a2a0daeaea1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f68657474696765722f7370612d686f6e6579706f742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hettiger/spa-honeypot) Helps to protect SPA's (Single Page Applications) against SPAM without using cookies or user input. Installation ------------ [](#installation) ``` composer require hettiger/spa-honeypot php artisan spa-honeypot:install ``` Usage ----- [](#usage) 1. Add the `form.honeypot`, `form.token` or `form` middleware to a forms target route ``` Route::post('form', fn () => 'OK')->middleware('form'); ``` > The `form` middleware group simply combines `form.honeypot` and `form.token` so you don't have to. Using just `form.token` protection without the `form.honeypot` middleware or vise versa is supported. 2. Use one of the corresponding [frontend libraries](#frontend-libraries) to make form token requests ### Lighthouse GraphQL API [](#lighthouse-graphql-api) 1. Add the `form.token.handle` middleware to the `lighthouse.route.middleware` config ``` // config/lighthouse.php — must be published 'middleware' => [ // … 'form.token.handle', ], ``` 2. Register the honeypot scalar in your `graphql/schema.graphql` file ``` scalar Honeypot @scalar(class: "Hettiger\\Honeypot\\GraphQL\\Scalars\\HoneypotScalar") # … ``` 3. Add a honeypot field to any input that you want to protect against SPAM ``` input SendContactRequestInput { # … honey: Honeypot } ``` > The `field` config is not being used in GraphQL context. 4. Add the `@requireFormToken` directive to any field that you want to protect against SPAM ``` # e.g. graphql/contact.graphql extend type Mutation { sendContactRequest(input: SendContactRequestInput): SendContactRequestPayload @requireFormToken } ``` 5. Use one of the corresponding [frontend libraries](#frontend-libraries) to make form token requests ### Customizing Responses [](#customizing-responses) You may provide custom error response factories using the config: ``` return [ // … 'honeypot_error_response_factory' => \Hettiger\Honeypot\ErrorResponseFactory::class, 'form_token_error_response_factory' => \Hettiger\Honeypot\ErrorResponseFactory::class, ]; ``` Alternatively you can provide a simple `Closure` anywhere in your application: ``` use Hettiger\Honeypot\Facades\Honeypot; use Illuminate\Support\ServiceProvider; class AppServiceProvider extends ServiceProvider { // … public function boot() { $errorResponseFactory = fn (bool $isGraphQLRequest) => $isGraphQLRequest ? ['errors' => [['message' => 'Whoops, something went wrong …']]] : 'Whoops, something went wrong …'; Honeypot::respondToHoneypotErrorsUsing($errorResponseFactory); Honeypot::respondToFormTokenErrorsUsing($errorResponseFactory); } } ``` > You don't have to worry about adding the form token header yourself. It'll be added for you automatically. Testing ------- [](#testing) ``` composer test ``` Frontend Libraries ------------------ [](#frontend-libraries) - [Angular](https://www.npmjs.com/package/@hettiger/ngx-spa-honeypot) Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Credits ------- [](#credits) - [Martin Hettiger](https://github.com/hettiger) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 39 — LowBetter than 85% of packages Maintenance68 Regular maintenance activity Popularity12 Limited adoption so far Community7 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~253 days Total 5 Last Release 215d ago PHP version history (4 changes)v0.0.1PHP ^8.1 v0.1.0PHP ^8.1|^8.2|^8.3 v0.2.0PHP ^8.2|^8.3 v0.3.0PHP ^8.2|^8.3|^8.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/6ca7667a4444a73aeaf91b653d0dd4302ab565749b2342307bc0cc3caaef9fad?d=identicon)[hettiger](/maintainers/hettiger) --- Top Contributors [![hettiger](https://avatars.githubusercontent.com/u/4583871?v=4)](https://github.com/hettiger "hettiger (119 commits)") --- Tags laravelhettigerspa-honeypot ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/hettiger-spa-honeypot/health.svg) ``` [![Health](https://phpackages.com/badges/hettiger-spa-honeypot/health.svg)](https://phpackages.com/packages/hettiger-spa-honeypot) ``` ### Alternatives [spatie/laravel-ciphersweet Use ciphersweet in your Laravel project 416718.4k1](/packages/spatie-laravel-ciphersweet)[vormkracht10/laravel-mails Laravel Mails can collect everything you might want to track about the mails that has been sent by your Laravel app. 24149.7k](/packages/vormkracht10-laravel-mails) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)