PHPackages                             sytxlabs/laravel-filesanitizer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. sytxlabs/laravel-filesanitizer

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

sytxlabs/laravel-filesanitizer
==============================

Laravel integration for sytxlabs/filesanitizer

1.0.0(3mo ago)0403↓20.9%MITPHPPHP ^8.1

Since Apr 2Pushed 1mo agoCompare

[ Source](https://github.com/SytxLabs/laravel-filesanitizer)[ Packagist](https://packagist.org/packages/sytxlabs/laravel-filesanitizer)[ RSS](/packages/sytxlabs-laravel-filesanitizer/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (2)Dependencies (7)Versions (2)Used By (0)

Laravel FileSanitizer
=====================

[](#laravel-filesanitizer)

[![MIT Licensed](https://camo.githubusercontent.com/c2bffd81d308ced1cc3b0d66fb0ed453ab478a5e17c988b780f9de986a390ee2/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Check code style](https://github.com/sytxlabs/laravel-filesanitizer/actions/workflows/code-style.yml/badge.svg?style=flat-square)](https://github.com/sytxlabs/laravel-filesanitizer/actions/workflows/code-style.yml)[![Tests](https://github.com/sytxlabs/laravel-filesanitizer/actions/workflows/tests.yml/badge.svg?style=flat-square)](https://github.com/sytxlabs/laravel-filesanitizer/actions/workflows/code-style.yml)[![Latest Version on Packagist](https://camo.githubusercontent.com/e14fd5d8bc28761b8b690dd484c3b2c6f4bd2525fbcea5c312dde28cb80237a9/68747470733a2f2f706f7365722e707567782e6f72672f737974786c6162732f6c61726176656c2d66696c6573616e6974697a65722f762f737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/sytxlabs/laravel-filesanitizer)[![Total Downloads](https://camo.githubusercontent.com/f4636c64709195115b1475a6e2e7b5ed1b9924db53d8c264ede7eb69a14e577d/68747470733a2f2f706f7365722e707567782e6f72672f737974786c6162732f6c61726176656c2d66696c6573616e6974697a65722f646f776e6c6f6164733f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/sytxlabs/laravel-filesanitizer)

Laravel integration for [`sytxlabs/filesanitizer`](https://github.com/SytxLabs/FileSanitizer).

Requirements
------------

[](#requirements)

- PHP `^8.1`
- Laravel `10.x`, `11.x`, `12.x`, or `13.x`

Installation
------------

[](#installation)

```
composer require sytxlabs/laravel-filesanitizer
php artisan vendor:publish --tag=filesanitizer-config
```

The service provider and the `FileSanitizer` facade alias are registered automatically via Laravel's package discovery.

Configuration
-------------

[](#configuration)

After publishing, edit `config/filesanitizer.php`:

```
return [
    // Sanitize every file unconditionally, even if it is already considered safe.
    'sanitize_always' => env('FILESANITIZER_SANITIZE_ALWAYS', false),
];
```

Usage
-----

[](#usage)

### Facade

[](#facade)

```
use SytxLabs\LaravelFileSanitizer\Facades\FileSanitizer;

// Process a file on the local filesystem
$result = FileSanitizer::process(storage_path('app/uploads/file.pdf'));

// Force sanitization regardless of the config setting
$result = FileSanitizer::sanitizeAlways(storage_path('app/uploads/file.pdf'));

// Write the sanitized output to a specific path
$result = FileSanitizer::process(
    storage_path('app/uploads/file.pdf'),
    storage_path('app/clean/file.pdf'),
);

// Process a file stored on a named Laravel Storage disk
$result = FileSanitizer::process('uploads/file.pdf', 'clean/file.pdf', null, 's3');

// Check whether the result is safe and inspect issues
if (! FileSanitizer::safe($result)) {
    foreach (FileSanitizer::issues($result) as $issue) {
        echo is_object($issue) ? $issue->code : ($issue['code'] ?? 'unsafe');
        echo PHP_EOL;
    }
}
```

### Process an UploadedFile directly

[](#process-an-uploadedfile-directly)

```
use SytxLabs\LaravelFileSanitizer\Facades\FileSanitizer;

$result = FileSanitizer::processUploadedFile($request->file('upload'));

if (! FileSanitizer::safe($result)) {
    // handle unsafe file
}
```

### Process raw string, binary, or Base64 data

[](#process-raw-string-binary-or-base64-data)

```
use SytxLabs\LaravelFileSanitizer\Facades\FileSanitizer;

// Plain string content
$result = FileSanitizer::processString($content, 'document.pdf');

// Raw binary data
$result = FileSanitizer::processBinary($binaryData, 'image.png');

// Base64-encoded data
$result = FileSanitizer::processBase64($base64Data, 'archive.zip');
```

All three methods share the same signature:

ParameterTypeDescription`$data``string`The file content`$filenameHint``string|null`Optional filename used for MIME detection`$outputPath``bool|string|null`Output path, `true` to overwrite in-place, or `null``$sanitizeAlways``bool`Force sanitization`$mimeType``string|null`Explicit MIME type hint### Access the underlying sanitizer

[](#access-the-underlying-sanitizer)

```
$sanitizer = FileSanitizer::getSanitizer(); // SytxLabs\FileSanitizer\FileSanitizer
```

Validation rule
---------------

[](#validation-rule)

### Class-based rule (`SafeFile`)

[](#class-based-rule-safefile)

```
use SytxLabs\LaravelFileSanitizer\Rules\SafeFile;

// Basic usage
$request->validate([
    'upload' => ['required', 'file', new SafeFile()],
]);

// Force sanitization and use a custom error message
$request->validate([
    'upload' => ['required', 'file', new SafeFile(sanitizeAlways: true, message: 'This file is not allowed.')],
]);
```

ParameterTypeDefaultDescription`$sanitizeAlways``bool|null``null`Override the config `sanitize_always` value`$message``string|null``null`Custom validation error messageWhen no custom message is provided the rule reports the detected issue codes, e.g.: `The upload contains unsafe content (macro_detected, embedded_script).`

### String rule

[](#string-rule)

```
$request->validate([
    'upload' => ['required', 'file', 'safe_file'],
]);
```

`UploadedFile` macro
--------------------

[](#uploadedfile-macro)

A `sanitize()` macro is registered on `Illuminate\Http\UploadedFile`:

```
$sanitized = $request->file('upload')->sanitize();

// $sanitized is an array with three keys:
// 'result' => the raw scan result array
// 'file'   => a new UploadedFile pointing to the sanitized temporary file
// 'path'   => absolute path to the sanitized temporary file

if (! FileSanitizer::safe($sanitized['result'])) {
    // handle unsafe file
}

// Store the sanitized file
$sanitized['file']->store('uploads');
```

The macro signature:

```
$request->file('upload')->sanitize(
    targetPath: null,         // Custom output path; auto-generated temp file when null
    sanitizeAlways: null,     // Override config; null uses the config value
    diskName: null,           // Laravel Storage disk name
);
```

###  Health Score

41

—

FairBetter than 87% of packages

Maintenance89

Actively maintained with recent releases

Popularity17

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity42

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

91d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/e0cf11374b4a8a93b44dddc0727e0d45982efad5a1871a8b0161c4a6bc906458?d=identicon)[SytxLabs](/maintainers/SytxLabs)

---

Top Contributors

[![shaunluedeke](https://avatars.githubusercontent.com/u/77498048?v=4)](https://github.com/shaunluedeke "shaunluedeke (9 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/sytxlabs-laravel-filesanitizer/health.svg)

```
[![Health](https://phpackages.com/badges/sytxlabs-laravel-filesanitizer/health.svg)](https://phpackages.com/packages/sytxlabs-laravel-filesanitizer)
```

###  Alternatives

[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M145](/packages/laravel-mcp)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[spatie/laravel-honeypot

Preventing spam submitted through forms

1.6k6.8M75](/packages/spatie-laravel-honeypot)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9762.4M129](/packages/roots-acorn)[wendelladriel/laravel-validated-dto

Data Transfer Objects with validation for Laravel applications

762649.9k18](/packages/wendelladriel-laravel-validated-dto)[jasara/php-amzn-selling-partner-api

A fluent interface for Amazon's Selling Partner API in PHP

1348.7k1](/packages/jasara-php-amzn-selling-partner-api)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
