PHPackages                             jorijn/laravel-security-checker - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. jorijn/laravel-security-checker

ActiveLibrary[Security](/categories/security)

jorijn/laravel-security-checker
===============================

Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

v3.0.0(2mo ago)2111.9M↓49.6%27[2 issues](https://github.com/Jorijn/laravel-security-checker/issues)[1 PRs](https://github.com/Jorijn/laravel-security-checker/pulls)1MITPHPPHP ^8.2

Since Jul 21Pushed 2mo ago6 watchersCompare

[ Source](https://github.com/Jorijn/laravel-security-checker)[ Packagist](https://packagist.org/packages/jorijn/laravel-security-checker)[ RSS](/packages/jorijn-laravel-security-checker/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (10)Dependencies (26)Versions (23)Used By (1)

Laravel Security Checker
------------------------

[](#laravel-security-checker)

[![Latest Stable Version](https://camo.githubusercontent.com/d97d8087c5481cf9851ba4ce49aedd33fb75771b5b11baf91ec128f66c41e1fd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6f72696a6e2f6c61726176656c2d73656375726974792d636865636b65722e737667)](https://packagist.org/packages/jorijn/laravel-security-checker)[![Total Downloads](https://camo.githubusercontent.com/60d2a3005641f3199f35fe196e377d8569da09d0672a6117f59e4723c0a66172/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a6f72696a6e2f6c61726176656c2d73656375726974792d636865636b65722e737667)](https://packagist.org/packages/jorijn/laravel-security-checker)[![License](https://camo.githubusercontent.com/473d8fefa6179640d658089c05bf1b5d3022a12225501ae4918813b8f52fb026/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6a6f72696a6e2f6c61726176656c2d73656375726974792d636865636b65722e737667)](https://packagist.org/packages/jorijn/laravel-security-checker)[![Tests](https://github.com/Jorijn/laravel-security-checker/workflows/tests/badge.svg)](https://github.com/Jorijn/laravel-security-checker/workflows/tests/badge.svg)

This package provides an effortless way for you to check your local `composer.lock` against the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories). It can either display the results in your console or email them to you on a scheduled basis. It uses Laravel's markdown system, so it should fit nicely in your styling.

#### Screenshot

[](#screenshot)

[![screenshot-email](https://user-images.githubusercontent.com/85466/28497517-9e41580e-6f89-11e7-9c4e-0ebf713add6a.png)](https://user-images.githubusercontent.com/85466/28497517-9e41580e-6f89-11e7-9c4e-0ebf713add6a.png)

Installation
------------

[](#installation)

Require this package with composer using the following command:

```
composer require jorijn/laravel-security-checker
```

### Configuration

[](#configuration)

#### Email

[](#email)

If you want the package to send reports by email, you'll need to specify a recipient.

##### Option 1

[](#option-1)

Add it to your `.env` file.

```
LCS_MAIL_TO="someone@example.net"

```

##### Option 2

[](#option-2)

Publish the configuration file and change it there.

```
php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="config"
```

If you want to control on how the email is formatted you can have Laravel export the view for you using:

```
php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="views"
```

By default, the package won't email you when there are no vulnerabilities found. You can change this setting by adding the following entry to your `.env` file.

```
LCS_NOTIFY_WITHOUT_VULNERABILITIES=true

```

#### Slack

[](#slack)

If you want the package to send the report to a Slack channel, you will need to specify a Slack Webhook in your `.env` file.

E.g.:

```
LCS_SLACK_WEBHOOK=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX

```

### Scheduling

[](#scheduling)

The package exposes a new command for you:

```
php artisan security-check:email
```

You can hook it up into a regular crontab or add it into the Laravel Scheduler (`app/Console/Kernel.php`) like this:

```
protected function schedule(Schedule $schedule)
{
    $schedule->command(\Jorijn\LaravelSecurityChecker\Console\SecurityMailCommand::class)
        ->weekly();
}
```

Running as a command
--------------------

[](#running-as-a-command)

This package provides a wrapper around the [Enlightn Security Checker](https://github.com/enlightn/security-checker) command. You can call it using `php artisan security-check:now`.

[![screenshot-console](https://user-images.githubusercontent.com/85466/28452254-17f3476e-6df2-11e7-9e5e-1c3d52b57722.png)](https://user-images.githubusercontent.com/85466/28452254-17f3476e-6df2-11e7-9e5e-1c3d52b57722.png)

Translations
------------

[](#translations)

If you need to translate this package into your own language you can do so by publishing the translation files:

```
php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="translations"
```

Please consider helping out by creating a pull request with your language to help out others.

###  Health Score

68

—

FairBetter than 99% of packages

Maintenance87

Actively maintained with recent releases

Popularity57

Moderate usage in the ecosystem

Community26

Small or concentrated contributor base

Maturity85

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 82% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~178 days

Recently: every ~380 days

Total

19

Last Release

65d ago

Major Versions

v0.3.0 → v1.0.02019-01-12

v1.2.0 → v2.0.02020-03-05

v2.6.0 → v3.0.02026-04-30

PHP version history (8 changes)v0.1.0PHP &gt;=5.5.9

v0.2.0PHP &gt;=5.6.4

v0.3.0PHP &gt;=7.0

v2.0.0PHP &gt;=7.1.3

v2.1.0PHP &gt;=7.2

v2.2.0PHP &gt;=7.2|^8.0

v2.4.0PHP &gt;=7.4|^8.0

v3.0.0PHP ^8.2

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/85466?v=4)[Jorijn Schrijvershof](/maintainers/jorijn)[@jorijn](https://github.com/jorijn)

---

Top Contributors

[![jorijn](https://avatars.githubusercontent.com/u/85466?v=4)](https://github.com/jorijn "jorijn (82 commits)")[![DevDavido](https://avatars.githubusercontent.com/u/997605?v=4)](https://github.com/DevDavido "DevDavido (5 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (2 commits)")[![mijndert](https://avatars.githubusercontent.com/u/626972?v=4)](https://github.com/mijndert "mijndert (2 commits)")[![laravel-shift](https://avatars.githubusercontent.com/u/15991828?v=4)](https://github.com/laravel-shift "laravel-shift (1 commits)")[![nessimabadi](https://avatars.githubusercontent.com/u/11637110?v=4)](https://github.com/nessimabadi "nessimabadi (1 commits)")[![paras-malhotra](https://avatars.githubusercontent.com/u/16099046?v=4)](https://github.com/paras-malhotra "paras-malhotra (1 commits)")[![SolidRhino](https://avatars.githubusercontent.com/u/222683?v=4)](https://github.com/SolidRhino "SolidRhino (1 commits)")[![d13r](https://avatars.githubusercontent.com/u/236616?v=4)](https://github.com/d13r "d13r (1 commits)")[![thomasderoo4](https://avatars.githubusercontent.com/u/1989912?v=4)](https://github.com/thomasderoo4 "thomasderoo4 (1 commits)")[![gfmr806](https://avatars.githubusercontent.com/u/28653641?v=4)](https://github.com/gfmr806 "gfmr806 (1 commits)")[![jezmck](https://avatars.githubusercontent.com/u/89996?v=4)](https://github.com/jezmck "jezmck (1 commits)")[![jorgenb](https://avatars.githubusercontent.com/u/8543501?v=4)](https://github.com/jorgenb "jorgenb (1 commits)")

---

Tags

laravellaravel-packagelaravel-security-checkerphpsensiolabs-security-checkervulnerabilitiescomposerlaravelsecuritydependencies

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/jorijn-laravel-security-checker/health.svg)

```
[![Health](https://phpackages.com/badges/jorijn-laravel-security-checker/health.svg)](https://phpackages.com/packages/jorijn-laravel-security-checker)
```

###  Alternatives

[flarum/core

Delightfully simple forum software.

201.4M2.3k](/packages/flarum-core)[spatie/laravel-health

Monitor the health of a Laravel application

87512.0M165](/packages/spatie-laravel-health)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9762.4M131](/packages/roots-acorn)[illuminate/notifications

The Illuminate Notifications package.

513.1M1.1k](/packages/illuminate-notifications)[laravel/boost

Laravel Boost accelerates AI-assisted development by providing the essential context and structure that AI needs to generate high-quality, Laravel-specific code.

3.5k21.5M594](/packages/laravel-boost)[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M194](/packages/laravel-ai)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
