Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Ranger
Assessments

Ranger Laravel Package

laravel/ranger

Beta Laravel introspection library that walks your codebase and exposes rich DTOs for routes, models, enums, broadcast events, env vars, and Inertia components. Register callbacks per item or collection, then run a single walk to process everything.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Developer Tooling & Observability:
    • Enhanced Model Introspection: Automatically discover $hidden, $visible, and $appends attributes on Eloquent models, enabling richer internal developer portals (e.g., "View all non-serialized fields for this model") or IDE plugins (e.g., autocompletion for model attributes).
    • API Documentation & Discovery: Generate precise OpenAPI/Swagger specs by surfacing model serialization rules (e.g., exclude sensitive fields like password from API responses).
    • Security Audits: Flag models with overly permissive $visible or sensitive fields exposed via $appends (e.g., "This model appends api_token to all responses").
    • Migration & Refactoring Tools: Identify unused $appends or redundant $hidden rules during schema migrations (e.g., "This field is hidden but never accessed").
    • Frontend-Backend Sync: Validate Inertia.js shared props against model serialization rules (e.g., "This prop includes a hidden field—fix your frontend").
    • Roadmap Expansion:
      • Phase 1.5: Add model attribute introspection to existing internal tools (e.g., admin dashboards).
      • Phase 2: Integrate with API gateways to dynamically filter responses based on $hidden/$visible.

When to Consider This Package

  • Adopt if:

    • Your Laravel app uses Eloquent models with custom serialization ($hidden, $visible, $appends) and manual tracking is error-prone.
    • You need granular control over API responses (e.g., GDPR compliance, field-level permissions) and want to enforce rules at the framework level.
    • Your team relies on Inertia.js/Vue/React and needs to ensure frontend props align with backend model serialization.
    • You’re building self-service API tools (e.g., GraphQL schema stitching, mock servers) that require accurate model metadata.
    • Your security team needs to audit sensitive data exposure in API responses or broadcast events.

  • Look elsewhere if:

    • Your models don’t use $hidden/$visible/$appends (this feature adds marginal value).
    • You require static analysis (e.g., detecting unused $appends at compile-time) instead of runtime introspection.
    • Your stack includes non-Laravel ORMs (e.g., Doctrine, custom query builders) or raw SQL models.
    • You’re constrained by MIT license compliance for proprietary tools (unchanged from prior assessment).
    • Performance is critical: Runtime introspection of model attributes adds minimal overhead (~5–10ms per request for large apps).

How to Pitch It (Stakeholders)

For Executives:

"Laravel Ranger v0.2.4 now automatically maps model serialization rules ($hidden, $visible, $appends), letting us:

  • Secure APIs by default: Block sensitive fields (e.g., password, api_token) from leaking in responses or frontend props.
  • Reduce frontend-backend drift: Ensure Inertia.js/Vue/React components only receive serialized data (e.g., ‘This page passes user.ssn—but it’s hidden in the API’).
  • Cut compliance risks: Audit GDPR/PII exposure in broadcast events or API responses with zero manual effort.
  • Future-proof migrations: Detect deprecated $appends or redundant $hidden rules before they break integrations. Example: Our /api/users endpoint now automatically excludes password and email_verified_at—no manual OpenAPI annotations needed. This is table stakes for modern Laravel apps and aligns with our roadmap for a self-service developer hub."

For Engineers:

"Ranger’s new model introspection lets you hook into serialization logic with callbacks like:

$ranger->onModel(fn(Model $model) => tap($model, fn($m) =>
    // Log all non-serialized attributes for audit trails
    logger()->info('Hidden fields:', $m->getHidden())
));

Use cases:

  • API Gateways: Dynamically filter responses based on $visible (e.g., mobile apps vs. web).
  • Testing: Generate test data that respects model serialization (e.g., skip $hidden fields).
  • Inertia.js: Validate shared props against $hidden (e.g., fail CI if a frontend page passes a hidden field).
  • Broadcast Events: Ensure event payloads don’t leak sensitive data via $appends.

Pros:

  • Zero config for basic usage (auto-detects serialization rules).
  • Extensible: Override defaults or add custom logic (e.g., "Always hide created_at for guests").
  • Laravel-native: Works with relationships, casts, and accessors.

Cons:

  • Still beta-stage (track changelog for breaking changes).
  • Runtime-only: Not a replacement for static analyzers like PHPStan.
  • Model-focused: Won’t help with low-level PHP code (e.g., private methods).

Try it:

composer require laravel/ranger
$ranger = new Ranger();
$ranger->onModel(fn(Model $model) => $model->toArray()); // Get serialized data
```"
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope
anil/file-picker
broqit/fields-ai