PHPackages                             hotrush/laravel-signer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. hotrush/laravel-signer

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

hotrush/laravel-signer
======================

Package to create and validate signatures for laravel models.

1.1.0(3y ago)2298MITPHPPHP ^8.1

Since Nov 23Pushed 3y ago1 watchersCompare

[ Source](https://github.com/hotrush/laravel-signer)[ Packagist](https://packagist.org/packages/hotrush/laravel-signer)[ Docs](https://github.com/hotrush/laravel-signer)[ RSS](/packages/hotrush-laravel-signer/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (3)Dependencies (10)Versions (4)Used By (0)

[![Latest Version on Packagist](https://camo.githubusercontent.com/9c2f2405c785e5b1c51e1889afe17598615a55e8f2388b3cc8d5b2932e86d0a6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f686f74727573682f6c61726176656c2d7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hotrush/laravel-signer)[![Total Downloads](https://camo.githubusercontent.com/58d5f38c23966564af75dddf4c765b12b0c239ae43570fc47bd4deb187674f81/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f686f74727573682f6c61726176656c2d7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hotrush/laravel-signer)[![Tests and coverage](https://github.com/hotrush/laravel-signer/actions/workflows/main.yml/badge.svg)](https://github.com/hotrush/laravel-signer/actions/workflows/main.yml)[![Maintainability](https://camo.githubusercontent.com/fc5d84086438aef69d294a1215db612c8ce3006773a8e27d74eb12d2464be738/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f31333430623331393839613763383066653933622f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/hotrush/laravel-signer/maintainability)[![Test Coverage](https://camo.githubusercontent.com/7d779fdb147909bdfbf7b53a9f96593f5d82df97c965acf93bc8700e3e0a0f3d/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f31333430623331393839613763383066653933622f746573745f636f766572616765)](https://codeclimate.com/github/hotrush/laravel-signer/test_coverage)

Laravel Signer
==============

[](#laravel-signer)

Package to create and validate signatures for laravel models.

Installation
------------

[](#installation)

```
composer require hotrush/laravel-signer

```

Usage
-----

[](#usage)

1. Add `Signable` contract to your model

    ```
    use Hotrush\Signer\Contracts\Signable;

    class Post extends Model implements Signable
    {

    }
    ```
2. Implement contract methods. To simplify this process `CanBeSigned` trait can be used.

    ```
    use Hotrush\Signer\Contracts\Signable;
    use Hotrush\Signer\Contracts\Traits\CanBeSigned;

    class Post extends Model implements Signable
    {
        use CanBeSigned;

        /**
         * Return null if never expires.
         *
         * @return Carbon|null
         */
        public function getSignExpiration(): ?Carbon
        {
            return null;
        }

        /**
         * Payload used for making signature hash.
         *
         * @return array
         */
        public function getSignPayload(): array
        {
            return [
                $this->getKeyName() => $this->getKey(),
                'field' => $this->field,
            ];
        }

        /**
         * Payload put into encoded code. Will be publicly accessible.
         *
         * @return array
         */
        public function getPublicSignPayload(): array
        {
            return [
                $this->getKeyName() => $this->getKey(),
            ];
        }

        /**
         * Define where clause for getting signable model instance by signature.
         * Only values from public payload can be used.
         */
        public static function signableClauses(Signature $signature): \Closure
        {
            return function (Builder $query) use ($signature) {
                $query->where('id', '=', $signature->payload['id']);
            };
        }
    }
    ```
3. Use facade to generate signature

    ```
    use Hotrush\Signer\Facades\Signer;

    $signable = Post::find(1);
    $signature = Signer::generate($signable);

    echo (string) $signature;
    ```

    Signature can be converted into a string and send a confirmation code for example.
4. To verify code facade can be used as well. But first need to decode signature.

    ```
    use Hotrush\Signer\Facades\Signer;
    use Hotrush\Signer\Signature;

    // decode signature
    $signature = Signature::decode('signature-string-value');

    // get signable
    $signable = Post::findSignable($signature);

    // verify
    $valid = Signer::validate($signable, $signature);
    ```

Testing
-------

[](#testing)

```
composer test

```

###  Health Score

27

—

LowBetter than 49% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity14

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~48 days

Total

3

Last Release

1168d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/3cfcee390045ec2c0820506544a6778f93fed658e5e1124d38db4524aa6b3f4f?d=identicon)[hotrush](/maintainers/hotrush)

---

Top Contributors

[![hotrush](https://avatars.githubusercontent.com/u/1247004?v=4)](https://github.com/hotrush "hotrush (6 commits)")

---

Tags

laravellaravel-signer

###  Code Quality

TestsPHPUnit

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/hotrush-laravel-signer/health.svg)

```
[![Health](https://phpackages.com/badges/hotrush-laravel-signer/health.svg)](https://phpackages.com/packages/hotrush-laravel-signer)
```

###  Alternatives

[proengsoft/laravel-jsvalidation

Validate forms transparently with Javascript reusing your Laravel Validation Rules, Messages, and FormRequest

1.1k2.3M49](/packages/proengsoft-laravel-jsvalidation)[stevebauman/purify

An HTML Purifier / Sanitizer for Laravel

5325.6M19](/packages/stevebauman-purify)[axlon/laravel-postal-code-validation

Worldwide postal code validation for Laravel and Lumen

3853.3M1](/packages/axlon-laravel-postal-code-validation)[vormkracht10/laravel-mails

Laravel Mails can collect everything you might want to track about the mails that has been sent by your Laravel app.

24149.7k](/packages/vormkracht10-laravel-mails)[ziming/laravel-zxcvbn

Zxcvbn Password validation rule for Laravel

3056.7k](/packages/ziming-laravel-zxcvbn)[laravel-validation-rules/phone

Validate that a phone number is in the correct format

69355.5k](/packages/laravel-validation-rules-phone)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)