Download the PHP package fragly/laravel-security-tools without Composer

On this page you can find all versions of the php package fragly/laravel-security-tools. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of fragly/laravel-security-tools

Informations about the package laravel-security-tools

๐Ÿ”’ Laravel Security Tools

Latest Version on Packagist Downloads License Sponsor

Automatically scan your Laravel project for common security vulnerabilities in .env and configuration files.
Detect unsafe values, missing keys, and misconfigured HTTPS, CORS, and cookie settings โ€” directly from your CLI.

Contents

๐Ÿš€ Features

โœ… Detects risky environment variables (APP_DEBUG=true, missing APP_KEY, etc.)
โœ… Scans for insecure configuration values (CORS *, SESSION_SECURE=false, QUEUE=sync, etc.)
โœ… Validates HTTPS usage in URLs and cookies
โœ… Generates CLI or Markdown reports for CI/CD pipelines
โœ… Includes strict mode (--strict) for automated fail conditions in CI
โœ… Lightweight and dependency-free โ€” works out of the box

๐Ÿ“ฆ Installation

Laravel will auto-discover the service provider.

Alternatively, you can register it manually in config/app.php:

โš™๏ธ Usage

Run a full scan

Generate Markdown report (for CI or audit logs)

Output file (by default): storage/logs/security-report.md

Strict mode (fail build on warnings)

๐Ÿง  What It Checks

Environment (.env)

Category Example Description
Required Keys APP_KEY, APP_URL, DB_* Must exist and be non-empty
Dangerous Values APP_DEBUG=true Warns if enabled in any environment
Forbidden in Production SESSION_DRIVER=array, QUEUE=sync Not allowed in production
Format Validation APP_KEY, APP_URL Must match regex and be valid
HTTPS Enforcement APP_URL, ASSET_URL Must start with https:// in production

Config Checks (config())

Check Description
app.debug=false in production Prevents debug mode in prod
session.secure=true Enforces HTTPS cookies
session.http_only=true Protects from JS access
cors.allowed_origins โ‰  * Disallows wildcard CORS
cache.default โ‰  array Production cache driver check
queue.default โ‰  sync Warns if queue runs inline
mail.default โ‰  log Ensures real mailer in prod
log.level โ‰  debug Avoid verbose logs in prod
trustedproxy.proxies โ‰  * Ensures proxy whitelist
app.url uses HTTPS Verifies production HTTPS URL

๐Ÿงพ Markdown Report Example

When you run:

It generates:

Laravel Security Tools Report

Level Area Key Message Hint
ERROR env APP_DEBUG Dangerous value: true Set APP_DEBUG=false in production.
WARNING config cors.allowed_origins CORS allows all origins (*) Avoid "*" in production.

โšก Configuration

You can publish the config file to customize checks:

Config file: config/security-tools.php

๐Ÿงช CI/CD Integration Example

GitHub Actions

๐Ÿงฉ Compatibility

- Laravel: 9.x โ€“ 12.x

- PHP: >=8.2

โค๏ธ Support & Sponsorship

If you like this package, you can support its development and get access to exclusive Laravel & Next.js dev tools:

Support on Patreon

๐ŸŽ Get early access to private packages, beta features, and developer insights.

Or buy me a coffee โ˜•

๐Ÿง‘โ€๐Ÿ’ป About the Author

Fragly Dev โ€” Building tools for modern Laravel & Next.js developers.

Follow for more developer utilities, security helpers, and SaaS-ready boilerplates.

GitHub

Patreon

Website

๐Ÿชช License

This package is open-sourced software licensed under the MIT license.

Made with โค๏ธ by Fragly Dev โ€” making Laravel projects safer by default.

๐Ÿ” SEO Keywords laravel security, laravel security scan, laravel .env checker, laravel vulnerability scanner, laravel config security, laravel audit tool, laravel .env validation, laravel production best practices, laravel https cookie secure, laravel cors security, laravel session security, laravel debugging safe setup, laravel security tools by Fragly, laravel security artisan command, laravel security report generator, fraglydev, fragly security, fragly.net packages

All versions of laravel-security-tools with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2
illuminate/support Version ^10.0 || ^11.0 || ^12.0
illuminate/console Version ^10.0 || ^11.0 || ^12.0
symfony/finder Version ^7.0
symfony/string Version ^7.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package fragly/laravel-security-tools contains the following files

Loading the files please wait ...