PHPackages                             leanadmin/livewire-access - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. leanadmin/livewire-access

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

leanadmin/livewire-access
=========================

Control frontend access to properties/methods in Livewire using PHP 8 attributes.

v0.1.3(3y ago)9335.5k9[1 issues](https://github.com/archtechx/livewire-access/issues)MITPHPPHP ^8.0

Since Mar 17Pushed 3y ago1 watchersCompare

[ Source](https://github.com/archtechx/livewire-access)[ Packagist](https://packagist.org/packages/leanadmin/livewire-access)[ GitHub Sponsors](https://github.com/stancl)[ RSS](/packages/leanadmin-livewire-access/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (4)Dependencies (2)Versions (5)Used By (0)

Livewire Access
===============

[](#livewire-access)

This package adds PHP 8.0 attribute support to Livewire. In specific, the attributes are used for flagging component properties and methods as *frontend-accessible*.

The package ships with two pairs of traits and attributes. One for *explicit* access, and one for *implicit* access.

How it works
------------

[](#how-it-works)

- Components which implement the trait for **explicit** access will *deny* access to all properties and methods if they don't have the `#[FrontendAccess]` attribute.
- Components which implement the trait for **implicit** access will *allow* access to all properties and methods unless they have the `#[BlockFrontendAccess]` attribute.

This acts as a layer on top of Livewire's `public`-check logic, but gives you much more fine grained control.

Why use this?
-------------

[](#why-use-this)

Sometimes, you may want allow access to a component's property in PHP — outside the component — while not allowing access from the frontend. For that, you can use the `WithImplicitAccess` trait. Frontend access will be enabled for all properties by default, but you can disable it for a specific property (or method).

Other times, you may simply want more assurance than Livewire provides out of the box. The `WithExplicitAccess` trait is made for that. It disables all frontend access, and requires you to manually enable it on specific properties/methods.

The second option is recommended, because it provides the most security benefits. Accidentally making methods `public` is common, and it can cause security issues. Disabling implicit access can be especially useful on teams with junior engineers who don't yet have a full understanding of Livewire's internals, but can be very productive with it.

Practical use case
------------------

[](#practical-use-case)

Say you have a component with the following method:

```
public function getItemsProperty()
{
    return [
      ['secret' => false, 'name' => 'Item 1'],
      ['secret' => true, 'name' => 'Item 2'],
      ['secret' => true, 'name' => 'Item 3'],
      ['secret' => false, 'name' => 'Item 4'],
    ];
}
```

In the Blade template, you want to loop through the items and only display the non-secret ones.

```
@foreach($this->items->filter(...) as $item)
```

However, the entire dataset will be accessible from the frontend, even if you're not rendering any of the secret items.

The user can easily fetch the Livewire component in Developer Tools and make a call like this:

```
component.call('getItemsProperty');
```

It will return all of the data returned by the `getItemsProperty()` method in PHP.

[![Screen Shot 2021-03-17 at 21 53 00](https://user-images.githubusercontent.com/33033094/111536933-26f87680-876b-11eb-98c5-8b7f40f1a5de.png)](https://user-images.githubusercontent.com/33033094/111536933-26f87680-876b-11eb-98c5-8b7f40f1a5de.png)

You may think that in this case, you should just make the method `protected`/`private`. However, that would make it inaccessible from the Blade template. Even though Livewire uses `$this` in the template, it's accessing the object from the outside.

Which means that although Blade templates are completely server-rendered, and let you access any PHP code in a secure way, you cannot access many of the properties or methods of Livewire components without making them public, which can cause unexpected data leaks.

With this package, you can keep the property public and access it anywhere in PHP, while completely blocking any attempts at accessing it from the frontend.

Installation
------------

[](#installation)

PHP 8 is required.

```
composer require leanadmin/livewire-access
```

Usage
-----

[](#usage)

This package doesn't make any changes to your existing code. Components which don't implement either one of its traits will not be affected.

### Explicit access

[](#explicit-access)

To enable the explicit access mode, i.e. only enable access to properties/methods that explicitly allow it, use the `WithExplicitAccess` trait.

```
use Livewire\Component;
use Lean\LivewireAccess\WithExplicitAccess;
use Lean\LivewireAccess\FrontendAccess;

class MyComponent extends Component
{
    // Use the trait on your component to enable this functionality
    use WithExplicitAccess;

    // Accessing this from the frontend will throw an exception
    public string $inaccessible;

    #[FrontendAccess]
    public string $accessible; // This property allows frontend access

    public function secretMethod()
    {
        // Calling this from the frontend will throw an exception
    }

    #[FrontendAccess]
    public function publicMethod()
    {
        // This method allows frontend access
    }
}
```

### Implicit access

[](#implicit-access)

To enable the implicit access mode, i.e. keep using the same mode , use the `WithExplicitAccess` trait.

```
use Livewire\Component;
use Lean\LivewireAccess\WithImplicitAccess;
use Lean\LivewireAccess\BlockFrontendAccess;

class MyComponent extends Component
{
    // Use the trait on your component to enable this functionality
    use WithImplicitAccess;

    // This property allows frontend access
    public string $accessible;

    #[BlockFrontendAccess]
    public string $inaccessible; // This property blocks frontend access

    public function publicMethod()
    {
        // This method allows frontend access
    }

    #[BlockFrontendAccess]
    public function secretMethod()
    {
        // This method blocks frontend access
    }
}
```

### Details

[](#details)

- The properties still need to be `public` to be accessible.
- The thrown exceptions are identical to those that Livewire would throw if the properties/methods were not public.

Development
-----------

[](#development)

Running all checks locally:

```
./check
```

Running tests:

```
phpunit
```

Code style will be automatically fixed by php-cs-fixer.

###  Health Score

34

—

LowBetter than 77% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity40

Moderate usage in the ecosystem

Community14

Small or concentrated contributor base

Maturity51

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 76.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~233 days

Total

4

Last Release

1187d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/d62e0fd56f0d6c0e97a7e62e82dc753de23ad9e32f7d78741118d6cb089d697c?d=identicon)[stancl](/maintainers/stancl)

---

Top Contributors

[![stancl](https://avatars.githubusercontent.com/u/33033094?v=4)](https://github.com/stancl "stancl (20 commits)")[![abrardev99](https://avatars.githubusercontent.com/u/54532330?v=4)](https://github.com/abrardev99 "abrardev99 (3 commits)")[![lukinovec](https://avatars.githubusercontent.com/u/34375937?v=4)](https://github.com/lukinovec "lukinovec (3 commits)")

### Embed Badge

![Health badge](/badges/leanadmin-livewire-access/health.svg)

```
[![Health](https://phpackages.com/badges/leanadmin-livewire-access/health.svg)](https://phpackages.com/packages/leanadmin-livewire-access)
```

###  Alternatives

[devdojo/auth

The auth package to make authentication in your laravel applications easy to use.

61979.4k2](/packages/devdojo-auth)[eightcedars/filament-inactivity-guard

Gracefully auto-logout users from idle/inactive Filament sessions

2238.1k2](/packages/eightcedars-filament-inactivity-guard)[dutchcodingcompany/livewire-recaptcha

Add Google Recaptcha V3 support to your Laravel Livewire components

2427.4k1](/packages/dutchcodingcompany-livewire-recaptcha)[headerx/laravel-jetstream-passport

Passport and OAuth2 support for laravel's jetstream starter kit (Livewire)

3016.4k1](/packages/headerx-laravel-jetstream-passport)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)