Utilities Laravel Package

Getting Started

This package enables seamless transfer of PHP data (like config, user info, flash messages) into JavaScript for Laravel apps. Start by installing via Composer (composer require laracasts/utilities). In modern Laravel (5.5+), the service provider auto-registers—no manual registration needed. For older versions, add Laracasts\Utilities\JavaScript\ServiceProvider::class to config/app.php. Optionally publish the config with php artisan vendor:publish --provider="Laracasts\Utilities\JavaScript\ServiceProvider" to customize encoding behavior. The simplest first use: in a controller or middleware, call JavaScript::put('key', $value) before returning a view, then output the data in Blade with @javascript inside a <script> tag.

Implementation Patterns

• Middleware for dynamic data: Create a global middleware (e.g., PassVarsToJs) to inject per-request data like currentUser, flash messages, or locale settings—ensuring consistency across pages.
• Blade integration: Always place @javascript after all JavaScript::put() calls. Wrap it in a <script> block to make the data available client-side:

  <script>
    var App = @javascript;
  </script>
  

  This binds the entire dataset to window.App for easy access in frontend code.
• Selective data control: Avoid overloading JavaScript by explicitly passing only needed fields (e.g., auth()->user()?->only('id', 'name', 'email')) instead of full models or collections.
• Leverage JsonSerializable: Eloquent models and custom objects that implement JsonSerializable are automatically converted to JSON—ideal for API-like responses mixed into client-side state.

Gotchas and Tips

• Timing matters: put() must execute before @javascript renders. Middleware runs early and safely; putting logic in late-view composers or late in controller flow will fail silently or output empty data.
• XSS vigilance: While the package escapes problematic characters (including multi-line strings and </script>), avoid embedding unsanitized user input directly—JavaScript::put() serializes to JSON, but malicious scripts in strings may still execute if used in eval() or unsafe DOM insertion. Sanitize inputs or use e()/json_encode() manually for risky data.
• Debug output: Temporarily add {{ dd((string) view('javascript')->render()) }} or inspect the HTML source to verify the generated JS matches expectations before debugging frontend side.
• Config overrides: Edit config/javascript.php to tweak JSON options (e.g., JSON_PRETTY_PRINT for dev debugging, or JSON_INVALID_UTF8_IGNORE) or set a custom namespace (default: var laracasts = ...).
• Size vs. laziness: Don’t pass large datasets (e.g., 10k+ records). Prefer small, focused payloads and use AJAX/API calls for dynamic or large data instead.
• Laravel 12+ note: Confirmed support up to Laravel 12; no breaking changes expected in typical usage, but test if relying on internal facade or config structure.