PHPackages xchimx/laravel-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. xchimx/laravel-security ActiveLibrary[Security](/categories/security) xchimx/laravel-security ======================= A Laravel package for automated monitoring of security vulnerabilities and outdated packages in Composer and NPM dependencies. v1.3(2mo ago)7130[1 PRs](https://github.com/xchimx/laravel-security/pulls)MITPHPPHP ^8.3CI passing Since Jan 26Pushed 1mo agoCompare [ Source](https://github.com/xchimx/laravel-security)[ Packagist](https://packagist.org/packages/xchimx/laravel-security)[ Docs](https://github.com/xchimx/laravel-security)[ GitHub Sponsors](https://github.com/xchimx)[ RSS](/packages/xchimx-laravel-security/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (7)Dependencies (30)Versions (12)Used By (0) Laravel Security Package ======================== [](#laravel-security-package) [![Latest Version on Packagist](https://camo.githubusercontent.com/2608424ca313fb80c2ce7cc77b9b9f8784da5c87ba71e54797d43e10cecf4413/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f786368696d782f6c61726176656c2d73656375726974792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/xchimx/laravel-security)[![GitHub Tests Action Status](https://camo.githubusercontent.com/9e4745544fe485b2ef9a706864bb615bbf9bfae1b6139e3a840ab4a9ac39d330/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f786368696d782f6c61726176656c2d73656375726974792f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/xchimx/laravel-security/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/73336ace09787c6b3aaeb9d8b25d06c6e40721b57a14acc576cc30363ff65269/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f786368696d782f6c61726176656c2d73656375726974792f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/xchimx/laravel-security/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/a4f26c1c3f52ddb930ed343f4bab7a5cb3f6bad98177daa7481eb3732fa6374c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f786368696d782f6c61726176656c2d73656375726974792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/xchimx/laravel-security) [![](resources/images/logo.png)](resources/images/logo.png) A Laravel package for automated monitoring of security vulnerabilities and outdated packages in Composer and NPM dependencies. Installation ------------ [](#installation) You can install the package via composer: ``` composer require xchimx/laravel-security ``` You can publish and run the migrations with: ``` php artisan vendor:publish --tag="security-migrations" php artisan migrate ``` You can publish the config file with: ``` php artisan vendor:publish --tag="security-config" ``` You can publish the views, or you add this line to your app.css: ``` @source '../../../../vendor/xchimx/laravel-security/resources/views/**/*.blade.php'; ``` Customize the `config/security.php` file according to your requirements or set the corresponding ENV variables: ``` # App Info APP_NAME=MyApp APP_URL=https://myapp.com # Security Audit SECURITY_AUDIT_ENABLED=true SECURITY_AUDIT_TIME=02:00 SECURITY_AUDIT_COMPOSER=true SECURITY_AUDIT_NPM=true # Outdated Checks SECURITY_OUTDATED_ENABLED=true SECURITY_OUTDATED_TIME=03:00 SECURITY_OUTDATED_COMPOSER=true SECURITY_OUTDATED_NPM=true # Notifications SECURITY_NOTIFY_USER_ID=1 SECURITY_NOTIFICATIONS_USER_MODEL=App\Models\User SECURITY_NOTIFICATIONS_ROUTE=admin.security SECURITY_NOTIFY_MAIL=true SECURITY_NOTIFY_DATABASE=true SECURITY_NOTIFY_DATABASE_MAIL=false SECURITY_NOTIFY_SLACK=false SECURITY_MAIL_TO=admin@example.com SLACK_BOT_USER_OAUTH_TOKEN=xxx-xxx-xxx SLACK_BOT_USER_DEFAULT_CHANNEL="#security-alerts" ``` Optionally, you can publish the views using ``` php artisan vendor:publish --tag="security-views" ``` Usage ----- [](#usage) The package automatically registers the following tasks in the Laravel Scheduler: - **Security Audit**: Daily at 02:00 (configurable) - **Outdated Check**: Weekly on Mondays at 3:00 a.m. (configurable) Ensure that the Laravel Scheduler is running: ``` * * * * * cd /path-to-your-project && php artisan schedule:run >> /dev/null 2>&1 ``` ### Manual Usage [](#manual-usage) ``` # Perform security audit php artisan security:audit # Check Composer only php artisan security:audit --composer # Check NPM only php artisan security:audit --npm # Check for outdated packages php artisan security:outdated # Check Composer only php artisan security:outdated --composer # Check NPM only php artisan security:outdated --npm ``` ### Dashboard Component [](#dashboard-component) Integrate the Security Dashboard Component into your Blade views: ``` ``` ### Programmatic Access [](#programmatic-access) ``` use Xchimx\LaravelSecurity\Models\SecurityAudit; // Retrieve latest Composer audit $audit = SecurityAudit::getLatestAudit('composer'); // Latest outdated check for NPM $outdated = SecurityAudit::getLatestOutdated('npm'); // All audits with issuesen $issues = SecurityAudit::withIssues()->get(); // Audits from the last 7 days $recent = SecurityAudit::where('executed_at', '>=', now()->subDays(7))->get(); ``` Notifications ------------- [](#notifications) ### Database notifications [](#database-notifications) Database notifications are sent to the user ID configured in `SECURITY_NOTIFY_USER_ID`. If the user has an email address and `SECURITY_NOTIFY_DATABASE_MAIL` is set to `true`, the notification is also sent to that address When database notifications are enabled, notifications are stored in the `notifications` table. This requires the standard Laravel notifications migration: ``` SECURITY_NOTIFY_USER_ID=1 #User ID SECURITY_NOTIFICATIONS_USER_MODEL=App\Models\User #User Model SECURITY_NOTIFY_DATABASE=true #Set database notification to enabled SECURITY_NOTIFY_DATABASE_MAIL=false #User receives database notification without email. Set to “true” if an email should also be sent. ``` ``` php artisan notifications:table php artisan migrate ``` ### Email notifications [](#email-notifications) Emails are sent to the address configured in `SECURITY_MAIL_TO`. You can separate multiple addresses with commas: ``` SECURITY_MAIL_TO=admin@example.com,security@example.com ``` ### Slack notifications [](#slack-notifications) Configure your Slack token: ``` SECURITY_NOTIFY_SLACK=true SLACK_BOT_USER_OAUTH_TOKEN=xxx-xxx-xxx SLACK_BOT_USER_DEFAULT_CHANNEL="#security-alerts" ``` Data model ---------- [](#data-model) The `security_audits` table stores: - `type`: 'audit' or 'outdated' - `source`: 'composer' or 'npm' - `results`: JSON with details about the issues found - `vulnerabilities_count`: Number of security vulnerabilities - `outdated_count`: Number of outdated packages - `has_issues`: Boolean flag - `raw_output`: Raw output of the command - `executed_at`: Time of execution Requirements ------------ [](#requirements) - PHP ^8.3 - Laravel ^13.0 - Composer (installed on the server) - NPM (Optional if NPM packages are to be checked) Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Credits ------- [](#credits) - [Tobias Schottstädt](https://www.schottstaedt.net) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. Views ----- [](#views) Dashboard [![](resources/images/dashboard.png)](resources/images/dashboard.png) Mail Notification [![](resources/images/mail.png)](resources/images/mail.png) Slack Notification Audit [![](resources/images/slack_audit.png)](resources/images/slack_audit.png) Slack Notification Outdated [![](resources/images/slack_outdated.png)](resources/images/slack_outdated.png) ### Health Score 46 — FairBetter than 93% of packages Maintenance89 Actively maintained with recent releases Popularity19 Limited adoption so far Community8 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 92.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Recently: every ~0 days Total 10 Last Release 61d ago Major Versions v1.3 → 12.x-dev2026-03-18 v1.2.1 → 11.x-dev2026-03-18 v1.0.2 → 10.x-dev2026-03-18 PHP version history (3 changes)v1.0.0PHP ^8.3 11.x-devPHP ^8.2 v1.0.2PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/e2d73ea67bfaa26a0421424b9baac10286c4f68dfae5d6d3a124be91abc565a0?d=identicon)[xchimx](/maintainers/xchimx) --- Top Contributors [![xchimx](https://avatars.githubusercontent.com/u/3500927?v=4)](https://github.com/xchimx "xchimx (13 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") --- Tags composerlaravelsecurityAuditLaravel Securitynpmvulnerabilityxchimx ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/xchimx-laravel-security/health.svg) ``` [![Health](https://phpackages.com/badges/xchimx-laravel-security/health.svg)](https://phpackages.com/packages/xchimx-laravel-security) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[jorijn/laravel-security-checker Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you. 2021.8M1](/packages/jorijn-laravel-security-checker)[spatie/laravel-ciphersweet Use ciphersweet in your Laravel project 416718.4k1](/packages/spatie-laravel-ciphersweet)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)