PHPackages stratos/laravel-toolbox - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. stratos/laravel-toolbox ActiveLibrary[CLI & Console](/categories/cli) stratos/laravel-toolbox ======================= v1.1.2(4mo ago)02MITPHPPHP ^8.2 Since Dec 30Pushed 4mo agoCompare [ Source](https://github.com/sabristratos/laravel-toolbox)[ Packagist](https://packagist.org/packages/stratos/laravel-toolbox)[ Docs](https://github.com/sabristratos/laravel-toolbox)[ RSS](/packages/stratos-laravel-toolbox/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (7)Versions (4)Used By (0) Laravel Toolbox =============== [](#laravel-toolbox) A collection of powerful CLI development tools for Laravel that help you maintain code quality, security, and consistency through static analysis. Requirements ------------ [](#requirements) - PHP 8.2+ - Laravel 11 or 12 Installation ------------ [](#installation) ``` composer require stratos/laravel-toolbox --dev ``` Optionally publish the configuration file: ``` php artisan vendor:publish --tag=laravel-toolbox-config ``` Commands -------- [](#commands) All commands are prefixed with `toolbox:` and support JSON output for CI/CD integration. ### toolbox:scan-env [](#toolboxscan-env) Scan for environment variable issues: undefined, undocumented, and unused variables. ``` php artisan toolbox:scan-env php artisan toolbox:scan-env --type=undefined php artisan toolbox:scan-env --fail-on-issues --json ``` OptionDescription`--path`Paths to scan (default: app/, config/, routes/, database/)`--env-file`Path to .env file`--example-file`Path to .env.example file`--type`Filter by issue type: `all`, `undefined`, `undocumented`, `unused``--json`Output results as JSON`--fail-on-issues`Exit with error code if issues found (for CI/CD)`--ignore-dynamic`Ignore dynamic env() calls**Issue Types:** - **Undefined** (critical): Variables used in code but not defined in .env - **Undocumented** (low): Variables in .env but missing from .env.example - **Unused** (medium): Variables defined but never referenced in code --- ### toolbox:scan-n1 [](#toolboxscan-n1) Scan code for potential N+1 query problems using static analysis. ``` php artisan toolbox:scan-n1 php artisan toolbox:scan-n1 --severity=high php artisan toolbox:scan-n1 --json --fail-on-issues ``` OptionDescription`--path`Path to scan (default: app)`--models-path`Path to Eloquent models (default: app/Models)`--views-path`Path to Blade views (default: resources/views)`--json`Output results as JSON`--severity`Filter by severity: `all`, `high`, `medium`, `low``--fail-on-issues`Exit with error code if issues found**Detection Features:** - Discovers Eloquent models and relationships automatically - Detects relationship access inside loops - Scans Blade templates for N+1 patterns - Tracks variable types across code flow - Checks for missing eager loads --- ### toolbox:scan-queries [](#toolboxscan-queries) Scan code for query performance issues and SQL injection risks. ``` php artisan toolbox:scan-queries php artisan toolbox:scan-queries --type=raw-query --severity=critical php artisan toolbox:scan-queries --json --fail-on-issues ``` OptionDescription`--path`Path to scan (default: app)`--json`Output results as JSON`--severity`Filter by severity: `all`, `critical`, `high`, `medium`, `low``--type`Filter by type: `all`, `select-star`, `missing-limit`, `loop-query`, `raw-query`, `inefficient``--fail-on-issues`Exit with error code if issues found**Issue Types:** - **raw\_query** (critical): Raw SQL queries that may be vulnerable to injection - **loop\_query** (high): Database queries executed inside loops - **select\_star** (medium): Using `SELECT *` instead of specific columns - **inefficient** (medium): Inefficient query patterns - **missing\_limit** (low): Queries without LIMIT clause --- ### toolbox:scan-routes [](#toolboxscan-routes) Scan routes for missing handlers and orphaned resources. ``` php artisan toolbox:scan-routes php artisan toolbox:scan-routes --missing-only php artisan toolbox:scan-routes --orphans-only ``` OptionDescription`--pages-path`Path to Inertia pages (default: resources/js/Pages)`--views-path`Path to Blade views (default: resources/views)`--json`Output results as JSON`--missing-only`Only show missing handlers`--orphans-only`Only show orphaned items**Detection Features:** - Missing controller classes or methods - Orphaned controller methods (not routed) - Orphaned Blade views (not referenced) - Orphaned Inertia components (React/Vue) - Automatic framework detection (Inertia React vs Vue) --- ### toolbox:scan-security [](#toolboxscan-security) Scan code for common security vulnerabilities. ``` php artisan toolbox:scan-security php artisan toolbox:scan-security --severity=critical php artisan toolbox:scan-security --type=sql-injection ``` OptionDescription`--path`Paths to scan (default: app/, config/, resources/views/, .env)`--type`Filter by vulnerability type`--severity`Filter by severity: `all`, `critical`, `high`, `medium``--json`Output results as JSON`--fail-on-issues`Exit with error code if issues found**Security Detectors:** - **SQL Injection** - Detects potential SQL injection vulnerabilities - **XSS** - Detects cross-site scripting vulnerabilities - **Mass Assignment** - Detects unguarded model assignments - **Command Injection** - Detects command injection risks - **Hardcoded Secrets** - Detects hardcoded API keys and secrets - **File Operations** - Detects path traversal vulnerabilities - **Debug Mode** - Detects debug mode enabled in production - **Deserialization** - Detects unsafe unserialize() calls --- ### toolbox:scan-dead-code [](#toolboxscan-dead-code) Scan for unused classes, methods, functions, traits, interfaces, constants, and properties. ``` php artisan toolbox:scan-dead-code php artisan toolbox:scan-dead-code --type=method --severity=high php artisan toolbox:scan-dead-code --json --fail-on-issues ``` OptionDescription`--path`Path to scan (default: app)`--type`Filter by type: `all`, `class`, `method`, `function`, `trait`, `interface`, `constant`, `property``--severity`Filter by severity: `all`, `high`, `medium`, `low``--json`Output results as JSON`--fail-on-issues`Exit with error code if issues found**Detection Features:** - Two-pass AST analysis for accurate detection - Tracks class instantiation, method calls, and property access - Handles type hints, use statements, and inheritance - Smart exclusions for Laravel entry points (Controllers, Commands, etc.) - Excludes magic methods and framework lifecycle methods - Configurable severity per issue type **Issue Types:** - **unused\_class** (medium): Classes never instantiated or referenced - **unused\_method** (medium/high): Methods never called (high for private) - **unused\_function** (medium): Standalone functions never called - **unused\_trait** (medium): Traits never used - **unused\_interface** (low): Interfaces never implemented - **unused\_constant** (low): Class constants never accessed - **unused\_property** (low/medium): Properties never accessed (medium for private) --- ### toolbox:scan-dependencies [](#toolboxscan-dependencies) Scan for dependency issues: high coupling, circular dependencies, and dependency injection problems. ``` php artisan toolbox:scan-dependencies php artisan toolbox:scan-dependencies --type=circular --severity=critical php artisan toolbox:scan-dependencies --max-dependencies=5 --json ``` OptionDescription`--path`Path to scan (default: app)`--type`Filter by type: `all`, `high-coupling`, `circular`, `concrete`, `unused`, `unstable``--severity`Filter by severity: `all`, `critical`, `high`, `medium`, `low``--max-dependencies`Threshold for high coupling detection (default: 7)`--json`Output results as JSON`--fail-on-issues`Exit with error code if issues found**Detection Features:** - Analyzes constructor dependency injection - Builds dependency graph for cycle detection - Calculates instability metrics for each class - Tracks which dependencies are actually used - Configurable allowed concrete dependencies (framework classes) **Issue Types:** - **circular\_dependency** (critical): Circular dependency chain detected (A→B→C→A) - **high\_coupling** (high): Class has too many constructor dependencies (>7 default) - **concrete\_dependency** (medium): Depending on concrete class instead of interface - **unused\_dependency** (medium): Injected dependency is never used in the class - **unstable\_dependency** (low): Stable class depends on unstable class --- ### toolbox:scan-translations [](#toolboxscan-translations) Scan for translation issues: missing keys, unused translations, and inconsistencies. ``` php artisan toolbox:scan-translations php artisan toolbox:scan-translations --locale=es php artisan toolbox:scan-translations --type=inconsistent ``` OptionDescription`--path`Paths to scan for translation usages`--lang`Path to lang directory (default: lang/)`--locale`Check specific locale only`--type`Filter by type: `all`, `missing`, `unused`, `inconsistent``--json`Output results as JSON`--fail-on-issues`Exit with error code if issues found**Issue Types:** - **missing** (medium): Translation key used but not defined - **unused** (low): Translation defined but never used - **inconsistent** (medium): Key present in some locales but missing in others --- ### toolbox:remove-comments [](#toolboxremove-comments) Remove comments from PHP files while preserving DocBlocks. ``` php artisan toolbox:remove-comments php artisan toolbox:remove-comments --path=app/Services --dry-run php artisan toolbox:remove-comments --backup --force ``` OptionDescription`--path`Directory or file to process (default: app)`--dry-run`Preview changes without modifying files`--force`Skip confirmation prompt`--backup`Create .bak files before modifying**Features:** - Preserves DocBlocks (/\*\* ... \*/) - Excludes Blade templates automatically - Shows all comments with line numbers before removal - Displays summary with bytes saved --- CI/CD Integration ----------------- [](#cicd-integration) All scan commands support `--json` and `--fail-on-issues` flags for pipeline integration: ``` # GitHub Actions example - name: Security Scan run: php artisan toolbox:scan-security --json --fail-on-issues - name: N+1 Query Check run: php artisan toolbox:scan-n1 --severity=high --fail-on-issues - name: Environment Check run: php artisan toolbox:scan-env --type=undefined --fail-on-issues - name: Dead Code Check run: php artisan toolbox:scan-dead-code --severity=high --fail-on-issues - name: Dependency Check run: php artisan toolbox:scan-dependencies --type=circular --fail-on-issues ``` --- Configuration ------------- [](#configuration) The configuration file allows you to customize scan paths, ignored patterns, and severity levels for each scanner. Key configuration sections: ``` return [ // Global settings 'table_prefix' => 'toolbox_', 'cache' => [ 'enabled' => true, 'ttl' => 3600, ], // N+1 Scanner 'n1-scanner' => [ 'paths' => ['app'], 'models_path' => 'app/Models', 'views_path' => 'resources/views', ], // Route Scanner 'route-scanner' => [ 'ignore_routes' => ['debugbar.*', 'sanctum.*'], ], // Query Scanner 'query-scanner' => [ 'paths' => ['app'], 'ignore_patterns' => ['*Test.php', '*/migrations/*'], ], // Environment Scanner 'env-scanner' => [ 'paths' => ['app', 'config', 'routes', 'database'], 'system_keys' => ['APP_*', 'DB_*', 'LOG_*'], ], // Translation Scanner 'translation-scanner' => [ 'paths' => ['app', 'resources/views'], 'lang_path' => 'lang', ], // Dead Code Scanner 'dead-code-scanner' => [ 'paths' => ['app'], 'exclude_classes' => ['*Controller', '*Command', '*ServiceProvider'], 'exclude_methods' => ['__*', 'boot', 'register', 'handle'], ], ]; ``` --- Roadmap ------- [](#roadmap) Future commands and features planned for Laravel Toolbox: ### Code Quality [](#code-quality) - **toolbox:scan-complexity** - Analyze cyclomatic complexity and suggest refactoring - **toolbox:scan-dead-code** - Detect unused classes, methods, and variables *(implemented)* - **toolbox:scan-dependencies** - Analyze class dependencies and coupling *(implemented)* - **toolbox:scan-duplicates** - Find duplicate or similar code blocks ### Database & Models [](#database--models) - **toolbox:scan-migrations** - Detect migration issues (missing indexes, large columns) - **toolbox:scan-models** - Validate model configurations (fillable, casts, relationships) - **toolbox:generate-indexes** - Suggest database indexes based on query analysis - **toolbox:scan-seeders** - Validate seeder data integrity ### API & Routes [](#api--routes) - **toolbox:scan-api** - Validate API responses against documentation - **toolbox:generate-openapi** - Generate OpenAPI spec from routes and controllers - **toolbox:scan-rate-limits** - Check rate limiting configuration ### Testing [](#testing) - **toolbox:scan-coverage** - Identify untested code paths - **toolbox:generate-tests** - Generate test stubs for controllers/services - **toolbox:scan-test-quality** - Analyze test quality and assertions ### Performance [](#performance) - **toolbox:scan-cache** - Detect caching opportunities - **toolbox:scan-lazy-load** - Find assets that should be lazy-loaded - **toolbox:profile-boot** - Analyze application boot performance ### Code Generation [](#code-generation) - **toolbox:make-service** - Generate service class with interface - **toolbox:make-action** - Generate single-action class - **toolbox:make-dto** - Generate data transfer object - **toolbox:make-enum** - Generate PHP enum with methods ### Maintenance [](#maintenance) - **toolbox:cleanup-logs** - Clean old log files with retention policy - **toolbox:cleanup-cache** - Clear stale cache entries - **toolbox:cleanup-storage** - Find orphaned files in storage ### Documentation [](#documentation) - **toolbox:generate-docs** - Generate API documentation from DocBlocks - **toolbox:scan-docblocks** - Validate DocBlock completeness ### DevOps [](#devops) - **toolbox:check-config** - Validate configuration for production - **toolbox:check-permissions** - Verify file/directory permissions - **toolbox:check-health** - Comprehensive application health check --- Contributing ------------ [](#contributing) Contributions are welcome! Please ensure: 1. Code follows PSR-12 and uses strict types 2. All new commands extend `BaseCommand` 3. Tests are written using Pest 4. Run `composer format` before submitting License ------- [](#license) MIT License. See [LICENSE](LICENSE) for details. ### Health Score 35 — LowBetter than 80% of packages Maintenance75 Regular maintenance activity Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 137d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d87ebbf74a104baab27d995cd55aafaee5da84fa34ccf32a907e5cf22a6c357d?d=identicon)[sabristratos](/maintainers/sabristratos) --- Top Contributors [![sabristratos](https://avatars.githubusercontent.com/u/178621997?v=4)](https://github.com/sabristratos "sabristratos (4 commits)") --- Tags clilaravelstatic analysistranslationsroutessecuritydead codeenvironmentcode qualityToolboxdependency-scanner ### Code Quality TestsPest Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/stratos-laravel-toolbox/health.svg) ``` [![Health](https://phpackages.com/badges/stratos-laravel-toolbox/health.svg)](https://phpackages.com/packages/stratos-laravel-toolbox) ``` ### Alternatives [nunomaduro/laravel-console-menu Laravel Console Menu is an output method for your Laravel/Laravel Zero commands. 815412.0k48](/packages/nunomaduro-laravel-console-menu)[nunomaduro/laravel-console-dusk Laravel Console Dusk allows the usage of Laravel Dusk in Laravel/Laravel Zero artisan commands. 16255.4k7](/packages/nunomaduro-laravel-console-dusk)[rahul900day/laravel-console-spinner Laravel Console Spinner is a spinner output for Laravel command line. 76125.4k1](/packages/rahul900day-laravel-console-spinner)[lowerends/laravel-security-checker The Symfony Security Advisories Checker for Laravel 301.5k](/packages/lowerends-laravel-security-checker)[socialengine/sniffer-rules A Lumen 5 and Laravel 5 SquizLabs Code Sniffer 2.0 artisan command. Detect violations of a defined coding standard. It helps your code remains clean and consistent. 1248.2k1](/packages/socialengine-sniffer-rules) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)