PHPackages memora/laravel-antispam - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. memora/laravel-antispam ActiveLibrary[Security](/categories/security) memora/laravel-antispam ======================= Invisible anti-spam middleware for Laravel - honeypot, time trap, JS token, rate limiting. Zero friction for real users. 044PHP Since Apr 15Pushed 1mo agoCompare [ Source](https://github.com/memorasolutions/laravel-antispam)[ Packagist](https://packagist.org/packages/memora/laravel-antispam)[ RSS](/packages/memora-laravel-antispam/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependenciesVersions (1)Used By (0) Laravel Anti-Spam ================= [](#laravel-anti-spam) Invisible anti-spam middleware for Laravel 11/12 that protects forms without friction for legitimate users. Features -------- [](#features) - **Four invisible protection layers**: honeypot, time trap, JS token (Alpine.js), rate limiting - **Zero CAPTCHA**: No user friction or accessibility barriers - **Deceptive bot responses**: Bots receive HTTP 200 (believing they succeeded) - **Fully configurable** via `.env` - **Multi-language**: English and French included, extensible - **Publishable**: Config, views, and language files Requirements ------------ [](#requirements) - PHP 8.2+ - Laravel 11 or 12 - Alpine.js (for the JS token layer) Installation ------------ [](#installation) ``` composer require memora/laravel-antispam ``` The service provider auto-discovers. No manual registration needed. Usage ----- [](#usage) Apply the middleware to any POST route: ``` Route::post('/contact', [ContactController::class, 'store']) ->middleware('antispam'); ``` Include the honeypot partial inside your form: ``` @csrf @include('antispam::partials.honeypot') ``` Configuration ------------- [](#configuration) Publish the config: ``` php artisan vendor:publish --tag=antispam-config ``` Available `.env` variables: VariableDefaultDescription`ANTISPAM_ENABLED``true`Enable/disable all protection`ANTISPAM_MIN_SECONDS``5`Minimum seconds before submission`ANTISPAM_MAX_ATTEMPTS``3`Max submissions per IP per window`ANTISPAM_DECAY_SECONDS``3600`Rate limit window (seconds)Translations ------------ [](#translations) Publish language files: ``` php artisan vendor:publish --tag=antispam-lang ``` Included: **en**, **fr**. Add your own in `lang/vendor/antispam/`. How it works ------------ [](#how-it-works) 1. **Honeypot** - Hidden field positioned off-screen. Bots fill it, humans don't. Blocked submissions receive a fake HTTP 200 success. 2. **Time trap** - Encrypted timestamp on page load. Rejects if submitted in under 5 seconds (configurable). 3. **JS token** - Alpine.js copies a server-generated hash into a hidden field. Bots without JavaScript fail this check. 4. **Rate limit** - Tracks submissions per IP in cache. Returns HTTP 429 after exceeding the limit. Author ------ [](#author) [MEMORA solutions](https://memora.solutions) - License ------- [](#license) Apache 2.0 --- Laravel Anti-Spam (FR) ====================== [](#laravel-anti-spam-fr) Middleware anti-spam invisible pour Laravel 11/12 qui protège les formulaires sans friction pour les utilisateurs légitimes. Fonctionnalités --------------- [](#fonctionnalités) - **Quatre couches de protection invisibles** : honeypot, piège temporel, jeton JS (Alpine.js), limitation de débit - **Zéro CAPTCHA** : aucune friction utilisateur ni barrière d'accessibilité - **Réponses trompeuses aux bots** : les bots reçoivent HTTP 200 (ils croient avoir réussi) - **Entièrement configurable** via `.env` - **Multilingue** : anglais et français inclus, extensible - **Publiable** : configuration, vues et fichiers de langue Exigences --------- [](#exigences) - PHP 8.2+ - Laravel 11 ou 12 - Alpine.js (pour la couche jeton JS) Installation ------------ [](#installation-1) ``` composer require memora/laravel-antispam ``` Le fournisseur de services s'enregistre automatiquement. Aucune configuration manuelle requise. Utilisation ----------- [](#utilisation) Appliquez le middleware sur n'importe quelle route POST : ``` Route::post('/contact', [ContactController::class, 'store']) ->middleware('antispam'); ``` Incluez le partial honeypot dans votre formulaire : ``` @csrf @include('antispam::partials.honeypot') ``` Configuration ------------- [](#configuration-1) Publiez la configuration : ``` php artisan vendor:publish --tag=antispam-config ``` Variables `.env` disponibles : VariableDéfautDescription`ANTISPAM_ENABLED``true`Activer/désactiver la protection`ANTISPAM_MIN_SECONDS``5`Délai minimum avant soumission`ANTISPAM_MAX_ATTEMPTS``3`Soumissions max par IP par fenêtre`ANTISPAM_DECAY_SECONDS``3600`Fenêtre de limitation (secondes)Traductions ----------- [](#traductions) Publiez les fichiers de langue : ``` php artisan vendor:publish --tag=antispam-lang ``` Inclus : **en**, **fr**. Ajoutez les votres dans `lang/vendor/antispam/`. Fonctionnement -------------- [](#fonctionnement) 1. **Honeypot** - Champ caché hors écran. Les bots le remplissent, les humains non. Les soumissions bloquées reçoivent un faux succès HTTP 200. 2. **Piège temporel** - Timestamp chiffré au chargement. Rejet si soumission en moins de 5 secondes (configurable). 3. **Jeton JS** - Alpine.js copie un hash serveur dans un champ caché. Les bots sans JavaScript échouent. 4. **Limitation de débit** - Compteur de soumissions par IP en cache. Retourne HTTP 429 au-delà de la limite. Auteur ------ [](#auteur) [MEMORA solutions](https://memora.solutions) - Licence ------- [](#licence) Apache 2.0 ### Health Score 22 — LowBetter than 22% of packages Maintenance59 Moderate activity, may be stable Popularity11 Limited adoption so far Community6 Small or concentrated contributor base Maturity11 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/fdde13cd64e792ec40f2bf95cef821da7511c5fa266d1f95875189c0a35588d7?d=identicon)[memorasolutions](/maintainers/memorasolutions) --- Top Contributors [![steflap](https://avatars.githubusercontent.com/u/11076868?v=4)](https://github.com/steflap "steflap (3 commits)") ### Embed Badge ![Health badge](/badges/memora-laravel-antispam/health.svg) ``` [![Health](https://phpackages.com/badges/memora-laravel-antispam/health.svg)](https://phpackages.com/packages/memora-laravel-antispam) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k18.0M133](/packages/mews-purifier)[paragonie/ecc PHP Elliptic Curve Cryptography library 24772.0k35](/packages/paragonie-ecc)[fof/recaptcha Increase your forum's security with Google reCAPTCHA 1436.9k](/packages/fof-recaptcha)[enupal/backup Fully integrated Backup solution for Craft CMS 1612.5k1](/packages/enupal-backup)[thomaswelton/laravel-mcrypt-faker Allows installation of Laravel where the PHP Mcrypt extension is not available. Provides encryption using OpenSSL, or by disabling encryption entierly. 114.0k](/packages/thomaswelton-laravel-mcrypt-faker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)