PHPackages jorijn/laravel-security-checker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. jorijn/laravel-security-checker ActiveLibrary[Security](/categories/security) jorijn/laravel-security-checker =============================== Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you. v2.6.0(1y ago)2021.8M—0.1%26[2 PRs](https://github.com/Jorijn/laravel-security-checker/pulls)1MITPHPPHP >=7.4|^8.0CI passing Since Jul 21Pushed 1y ago6 watchersCompare [ Source](https://github.com/Jorijn/laravel-security-checker)[ Packagist](https://packagist.org/packages/jorijn/laravel-security-checker)[ RSS](/packages/jorijn-laravel-security-checker/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (13)Versions (22)Used By (1) Laravel Security Checker ------------------------ [](#laravel-security-checker) [![Latest Stable Version](https://camo.githubusercontent.com/d97d8087c5481cf9851ba4ce49aedd33fb75771b5b11baf91ec128f66c41e1fd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6f72696a6e2f6c61726176656c2d73656375726974792d636865636b65722e737667)](https://packagist.org/packages/jorijn/laravel-security-checker)[![Total Downloads](https://camo.githubusercontent.com/60d2a3005641f3199f35fe196e377d8569da09d0672a6117f59e4723c0a66172/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a6f72696a6e2f6c61726176656c2d73656375726974792d636865636b65722e737667)](https://packagist.org/packages/jorijn/laravel-security-checker)[![License](https://camo.githubusercontent.com/473d8fefa6179640d658089c05bf1b5d3022a12225501ae4918813b8f52fb026/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6a6f72696a6e2f6c61726176656c2d73656375726974792d636865636b65722e737667)](https://packagist.org/packages/jorijn/laravel-security-checker)[![Tests](https://github.com/Jorijn/laravel-security-checker/workflows/tests/badge.svg)](https://github.com/Jorijn/laravel-security-checker/workflows/tests/badge.svg) This package provides an effortless way for you to check your local `composer.lock` against the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories). It can either display the results in your console or email them to you on a scheduled basis. It uses Laravel's markdown system, so it should fit nicely in your styling. #### Screenshot [](#screenshot) [![screenshot-email](https://user-images.githubusercontent.com/85466/28497517-9e41580e-6f89-11e7-9c4e-0ebf713add6a.png)](https://user-images.githubusercontent.com/85466/28497517-9e41580e-6f89-11e7-9c4e-0ebf713add6a.png) Installation ------------ [](#installation) Require this package with composer using the following command: ``` composer require jorijn/laravel-security-checker ``` ### Configuration [](#configuration) #### Email [](#email) If you want the package to send reports by email, you'll need to specify a recipient. ##### Option 1 [](#option-1) Add it to your `.env` file. ``` LCS_MAIL_TO="someone@example.net" ``` ##### Option 2 [](#option-2) Publish the configuration file and change it there. ``` php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="config" ``` If you want to control on how the email is formatted you can have Laravel export the view for you using: ``` php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="views" ``` By default, the package won't email you when there are no vulnerabilities found. You can change this setting by adding the following entry to your `.env` file. ``` LCS_NOTIFY_WITHOUT_VULNERABILITIES=true ``` #### Slack [](#slack) If you want the package to send the report to a Slack channel, you will need to specify a Slack Webhook in your `.env` file. E.g.: ``` LCS_SLACK_WEBHOOK=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX ``` ### Scheduling [](#scheduling) The package exposes a new command for you: ``` php artisan security-check:email ``` You can hook it up into a regular crontab or add it into the Laravel Scheduler (`app/Console/Kernel.php`) like this: ``` protected function schedule(Schedule $schedule) { $schedule->command(\Jorijn\LaravelSecurityChecker\Console\SecurityMailCommand::class) ->weekly(); } ``` Running as a command -------------------- [](#running-as-a-command) This package provides a wrapper around the [Enlightn Security Checker](https://github.com/enlightn/security-checker) command. You can call it using `php artisan security-check:now`. [![screenshot-console](https://user-images.githubusercontent.com/85466/28452254-17f3476e-6df2-11e7-9e5e-1c3d52b57722.png)](https://user-images.githubusercontent.com/85466/28452254-17f3476e-6df2-11e7-9e5e-1c3d52b57722.png) Translations ------------ [](#translations) If you need to translate this package into your own language you can do so by publishing the translation files: ``` php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="translations" ``` Please consider helping out by creating a pull request with your language to help out others. ### Health Score 56 — FairBetter than 98% of packages Maintenance46 Moderate activity, may be stable Popularity57 Moderate usage in the ecosystem Community26 Small or concentrated contributor base Maturity77 Established project with proven stability Bus Factor1 Top contributor holds 82.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~164 days Recently: every ~368 days Total 18 Last Release 422d ago Major Versions v0.3.0 → v1.0.02019-01-12 v1.2.0 → v2.0.02020-03-05 PHP version history (7 changes)v0.1.0PHP >=5.5.9 v0.2.0PHP >=5.6.4 v0.3.0PHP >=7.0 v2.0.0PHP >=7.1.3 v2.1.0PHP >=7.2 v2.2.0PHP >=7.2|^8.0 v2.4.0PHP >=7.4|^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/7350da3312b4ad789e82ccacc049b88844d215cdbb93fb0bcdea93687416c0d0?d=identicon)[jorijn](/maintainers/jorijn) --- Top Contributors [![jorijn](https://avatars.githubusercontent.com/u/85466?v=4)](https://github.com/jorijn "jorijn (81 commits)")[![DevDavido](https://avatars.githubusercontent.com/u/997605?v=4)](https://github.com/DevDavido "DevDavido (4 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (2 commits)")[![mijndert](https://avatars.githubusercontent.com/u/626972?v=4)](https://github.com/mijndert "mijndert (2 commits)")[![laravel-shift](https://avatars.githubusercontent.com/u/15991828?v=4)](https://github.com/laravel-shift "laravel-shift (1 commits)")[![nessimabadi](https://avatars.githubusercontent.com/u/11637110?v=4)](https://github.com/nessimabadi "nessimabadi (1 commits)")[![paras-malhotra](https://avatars.githubusercontent.com/u/16099046?v=4)](https://github.com/paras-malhotra "paras-malhotra (1 commits)")[![SolidRhino](https://avatars.githubusercontent.com/u/222683?v=4)](https://github.com/SolidRhino "SolidRhino (1 commits)")[![d13r](https://avatars.githubusercontent.com/u/236616?v=4)](https://github.com/d13r "d13r (1 commits)")[![thomasderoo4](https://avatars.githubusercontent.com/u/1989912?v=4)](https://github.com/thomasderoo4 "thomasderoo4 (1 commits)")[![gfmr806](https://avatars.githubusercontent.com/u/28653641?v=4)](https://github.com/gfmr806 "gfmr806 (1 commits)")[![jezmck](https://avatars.githubusercontent.com/u/89996?v=4)](https://github.com/jezmck "jezmck (1 commits)")[![jorgenb](https://avatars.githubusercontent.com/u/8543501?v=4)](https://github.com/jorgenb "jorgenb (1 commits)") --- Tags laravellaravel-packagelaravel-security-checkerphpsensiolabs-security-checkervulnerabilitiescomposerlaravelsecuritydependencies ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/jorijn-laravel-security-checker/health.svg) ``` [![Health](https://phpackages.com/badges/jorijn-laravel-security-checker/health.svg)](https://phpackages.com/packages/jorijn-laravel-security-checker) ``` ### Alternatives [spatie/laravel-health Monitor the health of a Laravel application 86910.0M83](/packages/spatie-laravel-health)[laravel-notification-channels/discord Laravel notification driver for Discord. 2371.3M11](/packages/laravel-notification-channels-discord)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[s-ichikawa/laravel-sendgrid-driver This library adds a 'sendgrid' mail driver to Laravel. 4139.3M1](/packages/s-ichikawa-laravel-sendgrid-driver)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[yadahan/laravel-authentication-log Laravel Authentication Log provides authentication logger and notification for Laravel. 416632.8k5](/packages/yadahan-laravel-authentication-log) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)