How do I securely serialize closures for Laravel queues (e.g., Bus::chain or delayed jobs)?

Use `SerializableClosure` to wrap your closure, then serialize it with `serialize()`. Set a strong secret key via `SerializableClosure::setSecretKey()` to prevent tampering. This works seamlessly with Laravel’s queue system, including delayed jobs and chained jobs. Always store the serialized output in a queue payload or cache.

Can I use this package to store closures in Redis or Memcached for later execution?

Yes, this package is perfect for caching closures in Redis or Memcached. Serialize the `SerializableClosure` object and store it as a string. When retrieving, unserialize and call `getClosure()` to execute it. Ensure your secret key is securely managed (e.g., via Laravel’s `.env` or Vault).

What Laravel versions and PHP versions does this package support?

This package is compatible with Laravel 10+, 11, 12, and 13, and requires PHP 7.4+. For modern Laravel apps (12/13), use PHP 8.4 or 8.5. Check the [Packagist page](https://packagist.org/packages/laravel/serializable-closure) for the latest version compatibility. Avoid PHP <7.4 due to unsupported features.

How do I set the secret key for signing serialized closures?

Call `SerializableClosure::setSecretKey('your_secure_key_here')` in your application’s bootstrap (e.g., `bootstrap/app.php` or a service provider). Store the key in an environment variable (e.g., `.env`) or Laravel Vault for security. Rotate keys periodically and handle existing serialized closures carefully during rotation.

Will this work with Laravel’s event listeners or dynamic middleware?

Absolutely. Serialize closures for event listeners (e.g., `Event::listen`) or middleware logic to store them in caches or queues. For example, serialize a closure for a delayed event listener and restore it later. Just ensure the closure’s dependencies (e.g., class instances) are available when deserialized.

Is there a performance overhead when serializing/deserializing closures?

Yes, serialization adds CPU overhead, but it’s minimal for most use cases. Benchmark in staging to assess impact. For performance-critical paths, cache the serialized closures (e.g., in Redis) to avoid repeated serialization. Avoid serializing closures in tight loops or high-frequency operations.

Can I use this package in Laravel Tinker or REPL environments?

No, this package does not support REPL environments like Laravel Tinker. Serialization in REPL contexts can lead to unpredictable behavior or errors. Restrict usage to non-interactive contexts like HTTP requests, CLI commands, or queue workers.

What happens if I don’t set a secret key? Are serialized closures still secure?

Without a secret key, serialized closures are vulnerable to tampering or injection attacks. The package enforces signing by default, but you must explicitly set a key. Always configure `SerializableClosure::setSecretKey()` in production. Treat the key like a cryptographic secret (e.g., store it in `.env` or Vault).

Are there alternatives to this package for simpler use cases?

For basic serialization, Laravel’s built-in `serialize()` may work, but it lacks security features like signing. The `opis/closure` package (FFI-based) is another option, but it requires FFI support (not enabled by default in web requests). This package is a Laravel-optimized fork of `opis/closure 3.x` without FFI dependencies.

How do I test closures after deserialization in CI or unit tests?

Test deserialized closures by mocking the `SerializableClosure` object or using real closures in test cases. Avoid REPL-like environments in CI. For Laravel-specific tests, simulate queue jobs or event listeners by serializing closures and verifying their output. Use PHPUnit’s assertions to validate closure execution results.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Serializable Closure Laravel Package

Q: How do I set the secret key for signing serialized closures?

Call `SerializableClosure::setSecretKey('your_secure_key_here')` in your application’s bootstrap (e.g., `bootstrap/app.php` or a service provider). Store the key in an environment variable (e.g., `.env`) or Laravel Vault for security. Rotate keys periodically and handle existing serialized closures carefully during rotation.

Q: Will this work with Laravel’s event listeners or dynamic middleware?

Absolutely. Serialize closures for event listeners (e.g., `Event::listen`) or middleware logic to store them in caches or queues. For example, serialize a closure for a delayed event listener and restore it later. Just ensure the closure’s dependencies (e.g., class instances) are available when deserialized.

Q: Is there a performance overhead when serializing/deserializing closures?

Yes, serialization adds CPU overhead, but it’s minimal for most use cases. Benchmark in staging to assess impact. For performance-critical paths, cache the serialized closures (e.g., in Redis) to avoid repeated serialization. Avoid serializing closures in tight loops or high-frequency operations.

Q: Can I use this package in Laravel Tinker or REPL environments?

No, this package does not support REPL environments like Laravel Tinker. Serialization in REPL contexts can lead to unpredictable behavior or errors. Restrict usage to non-interactive contexts like HTTP requests, CLI commands, or queue workers.

Q: What happens if I don’t set a secret key? Are serialized closures still secure?

Without a secret key, serialized closures are vulnerable to tampering or injection attacks. The package enforces signing by default, but you must explicitly set a key. Always configure `SerializableClosure::setSecretKey()` in production. Treat the key like a cryptographic secret (e.g., store it in `.env` or Vault).

Q: Are there alternatives to this package for simpler use cases?

For basic serialization, Laravel’s built-in `serialize()` may work, but it lacks security features like signing. The `opis/closure` package (FFI-based) is another option, but it requires FFI support (not enabled by default in web requests). This package is a Laravel-optimized fork of `opis/closure 3.x` without FFI dependencies.

Q: How do I test closures after deserialization in CI or unit tests?

Test deserialized closures by mocking the `SerializableClosure` object or using real closures in test cases. Avoid REPL-like environments in CI. For Laravel-specific tests, simulate queue jobs or event listeners by serializing closures and verifying their output. Use PHPUnit’s assertions to validate closure execution results.

laravel/serializable-closure

Securely serialize and unserialize PHP closures with Laravel’s fork of opis/closure 3.x, updated for modern PHP without requiring FFI. Wrap closures in SerializableClosure, set a secret key for signing, serialize safely, then restore with getClosure().

View on GitHub

Deep Wiki

Context7

Laravel Serializable Closure provides an easy and secure way to serialize closures in PHP.

Frequently asked questions about Serializable Closure

How do I securely serialize closures for Laravel queues (e.g., Bus::chain or delayed jobs)?: Use `SerializableClosure` to wrap your closure, then serialize it with `serialize()`. Set a strong secret key via `SerializableClosure::setSecretKey()` to prevent tampering. This works seamlessly with Laravel’s queue system, including delayed jobs and chained jobs. Always store the serialized output in a queue payload or cache.
Can I use this package to store closures in Redis or Memcached for later execution?: Yes, this package is perfect for caching closures in Redis or Memcached. Serialize the `SerializableClosure` object and store it as a string. When retrieving, unserialize and call `getClosure()` to execute it. Ensure your secret key is securely managed (e.g., via Laravel’s `.env` or Vault).
What Laravel versions and PHP versions does this package support?: This package is compatible with Laravel 10+, 11, 12, and 13, and requires PHP 7.4+. For modern Laravel apps (12/13), use PHP 8.4 or 8.5. Check the [Packagist page](https://packagist.org/packages/laravel/serializable-closure) for the latest version compatibility. Avoid PHP <7.4 due to unsupported features.
How do I set the secret key for signing serialized closures?: Call `SerializableClosure::setSecretKey('your_secure_key_here')` in your application’s bootstrap (e.g., `bootstrap/app.php` or a service provider). Store the key in an environment variable (e.g., `.env`) or Laravel Vault for security. Rotate keys periodically and handle existing serialized closures carefully during rotation.
Will this work with Laravel’s event listeners or dynamic middleware?: Absolutely. Serialize closures for event listeners (e.g., `Event::listen`) or middleware logic to store them in caches or queues. For example, serialize a closure for a delayed event listener and restore it later. Just ensure the closure’s dependencies (e.g., class instances) are available when deserialized.
Is there a performance overhead when serializing/deserializing closures?: Yes, serialization adds CPU overhead, but it’s minimal for most use cases. Benchmark in staging to assess impact. For performance-critical paths, cache the serialized closures (e.g., in Redis) to avoid repeated serialization. Avoid serializing closures in tight loops or high-frequency operations.
Can I use this package in Laravel Tinker or REPL environments?: No, this package does not support REPL environments like Laravel Tinker. Serialization in REPL contexts can lead to unpredictable behavior or errors. Restrict usage to non-interactive contexts like HTTP requests, CLI commands, or queue workers.
What happens if I don’t set a secret key? Are serialized closures still secure?: Without a secret key, serialized closures are vulnerable to tampering or injection attacks. The package enforces signing by default, but you must explicitly set a key. Always configure `SerializableClosure::setSecretKey()` in production. Treat the key like a cryptographic secret (e.g., store it in `.env` or Vault).
Are there alternatives to this package for simpler use cases?: For basic serialization, Laravel’s built-in `serialize()` may work, but it lacks security features like signing. The `opis/closure` package (FFI-based) is another option, but it requires FFI support (not enabled by default in web requests). This package is a Laravel-optimized fork of `opis/closure 3.x` without FFI dependencies.
How do I test closures after deserialization in CI or unit tests?: Test deserialized closures by mocking the `SerializableClosure` object or using real closures in test cases. Avoid REPL-like environments in CI. For Laravel-specific tests, simulate queue jobs or event listeners by serializing closures and verifying their output. Use PHPUnit’s assertions to validate closure execution results.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

603

Favorites

605

Forks

Score

33.2

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 603

+3.0
Forks

input: 47

+1.4
Open issues + PRs

input: 5

+0.5
Releases

input: 33

+9.9
Recency

input: 38

+17.9
Issue opportunity

input: 1

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 32.7

Opportunity

65.5

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

100.0
Contribution need

open_issues + open_prs: 5

3.8
Health factor

archived + recency + open issues

×0.98

Total 65.2

License

MIT

Last release

Apr 28, 2026

Watchers

Downloads

11M/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai