PHPackages honeycrisp/laravel-obfuscator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. honeycrisp/laravel-obfuscator ActiveLibrary[Security](/categories/security) honeycrisp/laravel-obfuscator ============================= A comprehensive Laravel package for PHP code obfuscation with backup and restore functionality. Provides unique command structure with enhanced features. v1.0.8(8mo ago)2491[1 PRs](https://github.com/rakeshmaity271/laravel-obfuscator/pulls)MITPHPPHP ^8.1|^8.2|^8.3|^8.4 Since Aug 23Pushed 8mo agoCompare [ Source](https://github.com/rakeshmaity271/laravel-obfuscator)[ Packagist](https://packagist.org/packages/honeycrisp/laravel-obfuscator)[ Docs](https://github.com/rakeshmaity271/laravel-obfuscator)[ RSS](/packages/honeycrisp-laravel-obfuscator/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (8)Used By (0) Honeycrisp Laravel Obfuscator Package ===================================== [](#honeycrisp-laravel-obfuscator-package) A comprehensive Laravel package for PHP code obfuscation with backup and restore functionality. This package provides unique command structure with enhanced features and better integration for Laravel projects. Features -------- [](#features) - 🚀 **Multiple Obfuscation Commands**: File, directory, and project-wide obfuscation - 💾 **Automatic Backup System**: Create backups before obfuscation - 🔄 **Restore Functionality**: Restore files from backups - 🔒 **Secure Deployment System**: Client-safe deployment with original code protection - 🔑 **Simplified License Management**: Laravel-style key generation (no complex plans) - ⚙️ **Configurable**: Customize behavior through config files - 📊 **Progress Tracking**: Detailed output with success/error reporting - 🛡️ **Safe Operations**: Non-destructive with backup protection Installation ------------ [](#installation) ### Via Composer [](#via-composer) ``` composer require honeycrisp/laravel-obfuscator ``` ### Manual Installation [](#manual-installation) 1. Clone this repository to your Laravel project 2. Add the service provider to `config/app.php`: ``` 'providers' => [ // ... other providers Honeycrisp\LaravelObfuscator\LaravelObfuscatorServiceProvider::class, ], ``` 3. Publish the configuration file: ``` php artisan vendor:publish --tag=laravel-obfuscator-config ``` Usage ----- [](#usage) ### Artisan Commands [](#artisan-commands) The package provides several Artisan commands to obfuscate PHP files within your Laravel project. #### 🚀 **Simple Application Deployment Commands (RECOMMENDED)** [](#-simple-application-deployment-commands-recommended) For **complete Laravel application deployment** with just one command: ``` # Deploy entire Laravel application securely (excludes vendor, node_modules, etc.) php artisan obfuscate:app-deploy [--output=path] [--level=enterprise] [--create-package] [--force] # Deobfuscate entire Laravel application securely (excludes vendor, node_modules, etc.) php artisan deobfuscate:app-deploy [--output=path] [--create-package] [--force] ``` **What These Commands Do:** - ✅ **Automatically detect** current Laravel application - ✅ **Exclude vendor, node\_modules, storage, .git, .env** automatically - ✅ **Process all PHP files** in your application - ✅ **Create secure backups** of original code - ✅ **Optionally create ZIP packages** for deployment #### 🔒 **Advanced Secure Deployment Commands** [](#-advanced-secure-deployment-commands) For **custom deployment scenarios** (requires specifying source and exclusions): ``` # Create secure deployment package with obfuscated code (replaces originals, moves originals to secure backup) php artisan obfuscate:secure-deploy {source} [--output=path] [--exclude=path] [--level=enterprise] [--create-package] # Create secure deobfuscation deployment package with readable code (replaces obfuscated, moves obfuscated to secure backup) php artisan deobfuscate:secure-deploy {source} [--output=path] [--exclude=path] [--create-package] ``` **Why Secure Deployment?** - ✅ **Client cannot access original source code** - ✅ **Client cannot develop/modify your application** - ✅ **Client cannot reverse-engineer your logic** - ✅ **Only processed code remains accessible** #### **🔑 License Management Commands** [](#-license-management-commands) Simple, Laravel-style license management: ``` # Generate a new license key (like Laravel's key:generate) php artisan obfuscate:generate-key # Check license status php artisan obfuscate:license status # Validate a license key php artisan obfuscate:license validate --key=YOUR_KEY ``` **Features:** - ✅ **Single command key generation** (no complex plans) - ✅ **Simple validation** (any 16+ character key is valid) - ✅ **Perfect Laravel integration** (works with .env files) - ✅ **No demo/trial restrictions** (clean, simple system) #### **Basic Obfuscation Commands (Development Use)** [](#basic-obfuscation-commands-development-use) For development and testing (creates `_obfuscated` versions alongside originals): ``` # Obfuscate all PHP files (creates _obfuscated versions) php artisan obfuscate:all # With backup: php artisan obfuscate:all --backup ``` #### Obfuscate Specific Directory [](#obfuscate-specific-directory) To obfuscate PHP files in a specific directory: ``` # Basic obfuscation (creates _obfuscated versions) php artisan obfuscate:directory {directory} # Examples: php artisan obfuscate:directory app/Http/Controllers php artisan obfuscate:directory app/Models --backup ``` #### Obfuscate Specific File [](#obfuscate-specific-file) To obfuscate a specific PHP file: ``` # Basic obfuscation (creates _obfuscated version) php artisan obfuscate:file {somefile or dir/file} # Examples: php artisan obfuscate:file app/Http/Controllers/UserController.php php artisan obfuscate:file UserController.php --backup ``` #### Backup and Restore [](#backup-and-restore) **Backup**: You can create backups of obfuscated files with the `--backup` option: ``` php artisan obfuscate:all --backup php artisan obfuscate:file app/Http/Controllers/UserController.php --backup ``` **Restore**: To restore a backed-up file: ``` php artisan obfuscate:restore {backup_file_name} ``` Example: ``` php artisan obfuscate:restore backup_1703123456_UserController.php ``` **Deobfuscate Examples:** ``` # Deobfuscate a single file php artisan obfuscate:deobfuscate app/Http/Controllers/UserController.php # Analyze obfuscation level only php artisan obfuscate:deobfuscate app/Http/Controllers/UserController.php --analyze # Deobfuscate with custom output path php artisan obfuscate:deobfuscate app/Http/Controllers/UserController.php --output=deobfuscated.php # Batch deobfuscate all PHP files in a directory php artisan obfuscate:deobfuscate app/Http/Controllers --batch # Deobfuscate all PHP files in project php artisan deobfuscate:all # Deobfuscate all PHP files in specific directory php artisan deobfuscate:directory app/Http/Controllers # Analyze all files without deobfuscating php artisan deobfuscate:all --analyze # Deobfuscate to custom output directory php artisan deobfuscate:directory app/Models --output-dir=deobfuscated_models ``` #### Deobfuscate [](#deobfuscate) To deobfuscate a PHP file or analyze its obfuscation level: ``` php artisan obfuscate:deobfuscate {file} ``` **Options:** - `--output=path` - Specify output file path - `--analyze` - Analyze obfuscation level without deobfuscating - `--batch` - Process all PHP files in directory **Examples:** ``` # Deobfuscate a single file php artisan obfuscate:deobfuscate app/Http/Controllers/UserController.php # Analyze obfuscation level only php artisan obfuscate:deobfuscate app/Http/Controllers/UserController.php --analyze # Deobfuscate with custom output path php artisan obfuscate:deobfuscate app/Http/Controllers/UserController.php --output=deobfuscated.php # Batch deobfuscate all PHP files in a directory php artisan obfuscate:deobfuscate app/Http/Controllers --batch ``` #### Deobfuscate All Files [](#deobfuscate-all-files) To deobfuscate all PHP files in your Laravel project: ``` php artisan deobfuscate:all ``` **Options:** - `--output-dir=path` - Specify output directory for all deobfuscated files **Examples:** ``` # Deobfuscate all PHP files php artisan deobfuscate:all # Analyze all files without deobfuscating php artisan deobfuscate:all --analyze # Deobfuscate all files to custom directory php artisan deobfuscate:all --output-dir=deobfuscated_files ``` #### Deobfuscate Directory [](#deobfuscate-directory) To deobfuscate all PHP files in a specific directory: ``` php artisan deobfuscate:directory {directory} ``` **Options:** - `--output-dir=path` - Specify output directory for deobfuscated files - `--analyze` - Analyze obfuscation level without deobfuscating **Examples:** ``` # Deobfuscate all PHP files in a directory php artisan deobfuscate:directory app/Http/Controllers # Analyze all files in directory php artisan deobfuscate:directory app/Models --analyze # Deobfuscate to custom output directory php artisan deobfuscate:directory app/Http/Controllers --output-dir=deobfuscated_controllers ``` ### Programmatic Usage [](#programmatic-usage) You can also use the obfuscator service directly in your code: ``` use Honeycrisp\LaravelObfuscator\Services\ObfuscatorService; class SomeController extends Controller { public function obfuscateCode(ObfuscatorService $obfuscator) { // Obfuscate a string $obfuscated = $obfuscator->obfuscateString(''); // Obfuscate a file $obfuscator->obfuscateFile('input.php', 'output.php', true); // Obfuscate a directory $results = $obfuscator->obfuscateDirectory('/path/to/directory', true); return response()->json($results); } } ``` ### Facade Usage [](#facade-usage) You can also use the facade alias: ``` use Obfuscator; // Obfuscate a string $obfuscated = Obfuscator::obfuscateString(''); // Obfuscate a file Obfuscator::obfuscateFile('input.php', 'output.php'); ``` Configuration ------------- [](#configuration) The package configuration file `config/laravel-obfuscator.php` allows you to customize: - **Backup Settings**: Enable/disable backups, backup directory, retention - **Obfuscation Settings**: Method, comment removal, whitespace handling - **File Patterns**: Include/exclude specific files and directories - **Output Settings**: File naming, structure preservation - **Logging**: Enable logging with configurable levels ### Environment Variables [](#environment-variables) You can also configure the package using environment variables: ``` OBFUSCATOR_BACKUP_ENABLED=true OBFUSCATOR_BACKUP_DIR=app/obfuscator_backups OBFUSCATOR_METHOD=base64_reverse OBFUSCATOR_REMOVE_COMMENTS=true OBFUSCATOR_OUTPUT_SUFFIX=_obfuscated ``` File Structure -------------- [](#file-structure) ``` src/ ├── Console/ │ ├── Commands/ │ │ ├── ObfuscateCommand.php # obfuscate:file │ │ ├── ObfuscateAllCommand.php # obfuscate:all │ │ ├── ObfuscateDirectoryCommand.php # obfuscate:directory │ │ ├── RestoreCommand.php # obfuscate:restore │ │ ├── DeobfuscateCommand.php # obfuscate:deobfuscate │ │ ├── DeobfuscateAllCommand.php # deobfuscate:all │ │ └── DeobfuscateDirectoryCommand.php # deobfuscate:directory │ └── ... ├── Services/ │ ├── ObfuscatorService.php # Main service class │ └── DeobfuscatorService.php # Deobfuscation service ├── LaravelObfuscatorServiceProvider.php # Service provider └── ... config/ └── laravel-obfuscator.php # Configuration file ``` Backup System ------------- [](#backup-system) The package automatically creates backups in `storage/app/obfuscator_backups/` when using the `--backup` option. Backup files are named with the pattern: ``` backup_{timestamp}_{original_filename} ``` Example: `backup_1703123456_UserController.php` Obfuscation Method ------------------ [](#obfuscation-method) The package uses a base64 encoding + string reversal technique that: 1. Encodes the PHP code using base64 2. Reverses the encoded string 3. Generates a wrapper that deobfuscates and executes the code at runtime This provides a good balance between obfuscation effectiveness and performance. Security Considerations ----------------------- [](#security-considerations) - **Backup Protection**: Always use the `--backup` option in production - **Testing**: Test obfuscated code thoroughly before deployment - **Source Control**: Keep original source code in version control - **Performance**: Obfuscated code has a small runtime overhead Troubleshooting --------------- [](#troubleshooting) ### Common Issues [](#common-issues) 1. **Permission Errors**: Ensure write permissions for backup and output directories 2. **Memory Issues**: For large projects, increase PHP memory limit 3. **Backup Not Found**: Check the backup directory path in configuration ### Debug Mode [](#debug-mode) Enable detailed logging by setting the log level to debug: ``` OBFUSCATOR_LOG_LEVEL=debug ``` Contributing ------------ [](#contributing) 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests 5. Submit a pull request License ------- [](#license) This package is open-sourced software licensed under the [MIT license](LICENSE). Support ------- [](#support) For support and questions: - Create an issue on GitHub - Check the documentation - Review the configuration options 📚 **Documentation** ------------------- [](#-documentation) - **[Secure Deployment Commands](SECURE_DEPLOY_COMMANDS.md)** - Complete guide to all secure deployment features - **[Advanced Features Roadmap](../ADVANCED_FEATURES_ROADMAP.md)** - Future development plans - **[Laravel Testing Guide](../LARAVEL_TESTING_GUIDE.md)** - Testing and quality assurance - **[Phase 2 Implementation Summary](../PHASE2_IMPLEMENTATION_SUMMARY.md)** - Current implementation status - **[Phase 3 Future Roadmap](../PHASE3_FUTURE_ROADMAP.md)** - Long-term development roadmap Changelog --------- [](#changelog) ### Version 1.0.0 [](#version-100) - Initial release - Basic obfuscation functionality - Artisan commands for file, directory, and project obfuscation - Backup and restore system - Configuration system 🔒 **Secure Deployment Mode** ---------------------------- [](#-secure-deployment-mode) ### **The Problem with Basic Obfuscation** [](#the-problem-with-basic-obfuscation) Basic obfuscation creates `_obfuscated` files alongside originals, which means: - ❌ **Client can still access original source code** - ❌ **Client can still develop/modify the application** - ❌ **Obfuscation provides no real security** ### **The Solution: Secure Deployment Mode** [](#the-solution-secure-deployment-mode) Secure deployment mode provides **true security** by: - ✅ **Replacing original files** with obfuscated versions - ✅ **Moving originals to secure backup** (client cannot access) - ✅ **Creating deployment packages** (ZIP files with only obfuscated code) - ✅ **Ensuring clients cannot reverse-engineer** your application ### **Secure Deployment Commands** [](#secure-deployment-commands) #### **Obfuscation Secure Deployment** [](#obfuscation-secure-deployment) ``` # Create secure deployment package with obfuscated code php artisan obfuscate:secure-deploy app --create-package --output=deployments # Enterprise-level obfuscation for maximum security php artisan obfuscate:secure-deploy app --level=enterprise --create-package # With exclusions php artisan obfuscate:secure-deploy app --exclude=vendor --exclude=storage --create-package ``` #### **Deobfuscation Secure Deployment** [](#deobfuscation-secure-deployment) ``` # Create secure deobfuscation deployment package with readable code php artisan deobfuscate:secure-deploy app --create-package --output=deployments # With exclusions php artisan deobfuscate:secure-deploy app --exclude=vendor --create-package ``` ### **What Happens in Secure Deployment Mode** [](#what-happens-in-secure-deployment-mode) 1. **🔒 Original files are backed up** to secure backup locations: - Obfuscation: `storage/app/secure_deployment_backups/` - Deobfuscation: `storage/app/secure_deobfuscation_backups/` 2. **🔒 Original files are replaced** with processed versions (obfuscated or deobfuscated) 3. **🔒 Secure backup location** is NOT accessible to clients 4. **🔒 Only processed code** remains in the project 5. **📦 Optional deployment package** (ZIP) can be created ### **Security Benefits** [](#security-benefits) - **🚫 No Source Code Access**: Clients cannot read your original code - **🚫 No Development Capability**: Clients cannot modify your logic - **🚫 No Reverse Engineering**: Obfuscated code is extremely difficult to understand - **✅ Full Functionality**: Application works exactly the same - **✅ Professional Delivery**: Clean, production-ready codebase ### **When to Use Secure Deployment** [](#when-to-use-secure-deployment) - **🎯 Client Deliverables**: When handing over code to clients - **🚀 Production Deployment**: When deploying to production servers - **📦 Software Distribution**: When selling/distributing your software - **🔐 Code Protection**: When protecting intellectual property - **💼 Business Applications**: When delivering business solutions to clients 🚀 **Quick Start** ----------------- [](#-quick-start) ### Health Score 37 — LowBetter than 83% of packages Maintenance59 Moderate activity, may be stable Popularity12 Limited adoption so far Community7 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 7 Last Release 263d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/948b729c73beca252550b42df123ad516b393841a466d8fa7cf5214e4b49f387?d=identicon)[rakesh271](/maintainers/rakesh271) --- Top Contributors [![rakeshmaity271](https://avatars.githubusercontent.com/u/38642496?v=4)](https://github.com/rakeshmaity271 "rakeshmaity271 (8 commits)") --- Tags phplaravelsecuritybackupartisanrestorecommandsobfuscationcode-protection ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/honeycrisp-laravel-obfuscator/health.svg) ``` [![Health](https://phpackages.com/badges/honeycrisp-laravel-obfuscator/health.svg)](https://phpackages.com/packages/honeycrisp-laravel-obfuscator) ``` ### Alternatives [asbiin/laravel-webauthn Laravel Webauthn support 309574.8k](/packages/asbiin-laravel-webauthn)[tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[skydiver/laravel-route-blocker Block routes by IP 8272.4k](/packages/skydiver-laravel-route-blocker)[olssonm/laravel-backup-shield Protection for your laravel backups 3019.5k](/packages/olssonm-laravel-backup-shield) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)