PHPackages statikbe/laravel-security-txt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. statikbe/laravel-security-txt ActiveLibrary[Security](/categories/security) statikbe/laravel-security-txt ============================= A Laravel package to manage security.txt files with automatic updates and configurable expiration v1.0.1(3mo ago)1220↓42.5%[2 PRs](https://github.com/statikbe/laravel-security-txt/pulls)MITPHPPHP ^8.2CI passing Since Jan 26Pushed 1mo agoCompare [ Source](https://github.com/statikbe/laravel-security-txt)[ Packagist](https://packagist.org/packages/statikbe/laravel-security-txt)[ Docs](https://github.com/statikbe/laravel-security-txt)[ GitHub Sponsors](https://github.com/Statik.be)[ RSS](/packages/statikbe-laravel-security-txt/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (12)Versions (5)Used By (0) Laravel security.txt ==================== [](#laravel-securitytxt) [![Latest Version on Packagist](https://camo.githubusercontent.com/acbbf8fdf751bccbab30082fb86bea1ecb9e66c32aef88ef802ff60a5cde06eb/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73746174696b62652f6c61726176656c2d73656375726974792d7478742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/statikbe/laravel-security-txt)[![GitHub Tests Action Status](https://camo.githubusercontent.com/2091e9f71e95edf2911393b71ea9a429e6c75b9603677bbe7d259d90f8eefcc5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f73746174696b62652f6c61726176656c2d73656375726974792d7478742f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/statikbe/laravel-security-txt/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/c0f8da6e7a046f8b92561653310d1eb43c077675c1168f956d8c9b432c0f20eb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f73746174696b62652f6c61726176656c2d73656375726974792d7478742f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/statikbe/laravel-security-txt/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/ab7ff4161dc254c2de9e93844e9e9608acf37fe9ba0c6a1edd531b389d7e8c4f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73746174696b62652f6c61726176656c2d73656375726974792d7478742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/statikbe/laravel-security-txt) A Laravel package to manage [security.txt](https://securitytxt.org/) files with automatic updates and configurable expiration. Fetches a template from a remote URL, replaces placeholders with dynamic values, and serves the file at `/.well-known/security.txt`. Installation ------------ [](#installation) Install the package via Composer: ``` composer require statikbe/laravel-security-txt ``` Publish the configuration file: ``` php artisan vendor:publish --tag="security-txt-config" ``` Configuration ------------- [](#configuration) The published configuration file (`config/security-txt.php`) contains the following options: ``` return [ // Enable/disable the /.well-known/security.txt route 'enabled' => env('SECURITY_TXT_ENABLED', true), // Remote URL to fetch the template from 'template_url' => env('SECURITY_TXT_TEMPLATE_URL'), // Days until expiration (default: 365) 'expires_days' => env('SECURITY_TXT_EXPIRES_DAYS', 365), // Where to store the generated file 'output_path' => storage_path('security.txt'), // Placeholder mappings 'placeholders' => [ 'CONTACT_EMAIL' => 'security@example.com', 'PGP_KEY_URL' => fn() => config('app.url') . '/pgp-key.txt', ], // Middleware for the route 'middleware' => ['web'], ]; ``` ### Environment Variables [](#environment-variables) VariableDescriptionDefault`SECURITY_TXT_ENABLED`Enable/disable the route`true``SECURITY_TXT_TEMPLATE_URL`URL to fetch template from`null``SECURITY_TXT_EXPIRES_DAYS`Days until expiration`365`Template Setup -------------- [](#template-setup) Create a `security.txt` template file and host it somewhere accessible (e.g., GitHub raw file, internal server). Use `{{PLACEHOLDER_NAME}}` syntax for dynamic values. ### Example Template [](#example-template) ``` Contact: mailto:{{CONTACT_EMAIL}} Expires: {{EXPIRES}} Encryption: {{PGP_KEY_URL}} Preferred-Languages: en ``` Host this file and set the URL in your published configuration file. An example template is included in the package at `stubs/security.txt.template`. Placeholders ------------ [](#placeholders) ### Built-in Placeholders [](#built-in-placeholders) PlaceholderDescription`{{EXPIRES}}`Auto-calculated expiration date in ISO 8601 format### Custom Placeholders [](#custom-placeholders) Define custom placeholders in the config file. Values can be strings or callables: ``` 'placeholders' => [ 'CONTACT_EMAIL' => 'security@example.com', 'PGP_KEY_URL' => fn () => config('app.url') . '/pgp-key.txt', 'CANONICAL_URL' => fn () => config('app.url') . '/.well-known/security.txt', ], ``` Usage ----- [](#usage) ### Generating the File [](#generating-the-file) Run the Artisan command to fetch the template and generate the security.txt file: ``` php artisan security-txt:update ``` Override the expiration days: ``` php artisan security-txt:update --expires-days=30 ``` ### Scheduling Updates [](#scheduling-updates) Add the command to your `routes/console.php` to keep the file updated: ``` use Illuminate\Support\Facades\Schedule; Schedule::command('security-txt:update')->weekly(); ``` ### Accessing the File [](#accessing-the-file) Once generated, the file is served at: ``` https://your-domain.com/.well-known/security.txt ``` Validation ---------- [](#validation) The package validates generated files against [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116) requirements: - **Contact** field is required - **Expires** field is required If validation fails, the file will not be written and an error will be logged. Error Handling -------------- [](#error-handling) The command handles errors gracefully: - If the template URL is unreachable, an error is logged and the existing file (if any) is preserved - If validation fails, errors are displayed and the file is not written - All errors are logged via Laravel's logging system Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Credits ------- [](#credits) - [Aurel Demiri](https://github.com/AurelDemiri) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 43 — FairBetter than 91% of packages Maintenance85 Actively maintained with recent releases Popularity17 Limited adoption so far Community9 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 88.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 112d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/1250437446b84017407f7f1900194b1e1c93fcf34b332ba382fb77f69b251cb6?d=identicon)[statikbe](/maintainers/statikbe) --- Top Contributors [![AurelDemiri](https://avatars.githubusercontent.com/u/30560661?v=4)](https://github.com/AurelDemiri "AurelDemiri (23 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)") --- Tags laravelsecuritystatikbestatikwell-knownsecurity-txtrfc9116vulnerability-disclosureresponsible-disclosure ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/statikbe-laravel-security-txt/health.svg) ``` [![Health](https://phpackages.com/badges/statikbe-laravel-security-txt/health.svg)](https://phpackages.com/packages/statikbe-laravel-security-txt) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8519.6M19](/packages/spatie-laravel-csp)[spatie/laravel-ciphersweet Use ciphersweet in your Laravel project 416718.4k1](/packages/spatie-laravel-ciphersweet)[vormkracht10/laravel-mails Laravel Mails can collect everything you might want to track about the mails that has been sent by your Laravel app. 24149.7k](/packages/vormkracht10-laravel-mails)[statikbe/laravel-filament-chained-translation-manager A translation manager tool for Laravel Filament, that makes use of the Laravel Chained Translator. 92108.7k](/packages/statikbe-laravel-filament-chained-translation-manager) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)