Weave Code
Security Advisories Laravel Package
roave/security-advisories
Composer dev-only package that blocks installing dependencies with known security vulnerabilities by adding conflict rules. No runtime code or API—just prevents insecure versions during composer require/update to keep your PHP/Laravel supply chain safer.
|
Package
|
Description
|
Stars
|
Likes
|
Forks
|
Downloads
|
Issues
|
Score
|
Opportunity
|
License
|
Last Release
|
|
|---|---|---|---|---|---|---|---|---|---|---|---|
| composer-unused/symbol-parser | composer-unused/symbol-parser is a small toolkit that parses PHP symbols from a Composer package, helping tools like composer-unused detect what code is actually referenced. Useful for analyzing dependencies, exports, and usage across a project. | 14 | 14 | 13 | 216K | 0 | 28.8 | 65.0 | MIT | 2 months ago | |
| icanhazstring/composer-unused | composer-unused detects and removes unused Composer dependencies in PHP/Laravel projects. It analyzes your codebase to find packages not referenced, reports what can be safely removed, and helps keep composer.json/lock lean and maintainable. | 1,676 | 1,678 | 57 | 220K | 10 | 42.2 | 39.4 | MIT | 2 months ago | |
| inertiajs/inertia-laravel | Laravel adapter for Inertia.js: build modern single-page apps using classic server-side routing and controllers. Provides middleware, helpers, and response rendering to connect Laravel with your Vue/React/Svelte pages while keeping the full Laravel backend workflow. | 2,417 | 2,426 | 283 | 3M | 1 | 53.3 | 50.6 | MIT | 21 hours ago | |
| laravolt/avatar | Generate unique user avatars from names or emails (initials-based) for Laravel and PHP. Output as base64 data URI, save as PNG/JPG, or fall back to Gravatar. Easy install, configurable, supports Laravel, Lumen, and non-Laravel projects. | 1,986 | 2,014 | 182 | 128K | 1 | 44.8 | 29.5 | MIT | 1 month ago | |
| lcobucci/coding-standard | lcobucci/coding-standard provides a PHP_CodeSniffer ruleset based on Doctrine’s coding standard, with a few tweaks. Use it to enforce consistent code style and best practices across PHP projects via phpcs in CI and local development. | 6 | 6 | 2 | 4K | 1 | 24.8 | 44.5 | MIT | 5 months ago | |
| league/container | PSR-11–compliant dependency injection container from The PHP League. Register services, factories and shared instances, then resolve dependencies with autowiring support. Modern PHP (8.3+) with full docs, tests, and MIT license. | 863 | 905 | 104 | 2M | 5 | 38.1 | 56.2 | MIT | 2 weeks ago | |
| league/oauth2-server | Standards-compliant OAuth 2.0 authorization server for PHP. Protect APIs with bearer access tokens, issue and refresh tokens, and support common grants (auth code, client credentials, device, implicit, password, refresh) with PSR-7 interoperability and RFC support. | 6,642 | 6,724 | 1,135 | 3M | 53 | 86.1 | 74.8 | MIT | 4 months ago | |
| league/tactician | Tactician is a small, pluggable PHP command bus. Route commands to handlers and extend behavior via middleware and plugins (logging, containers, Doctrine transactions, queuing, events, locking). Install with Composer and integrate with your framework of choice. | 864 | 872 | 86 | 206K | 2 | 31.0 | 39.1 | MIT | 3 months ago | |
| mateusjunges/avro-serde-php | PHP 7.3+/8 Avro serializer/deserializer implementing Confluent wire format with Schema Registry integration. Supports schema evolution via Confluent compatibility policies and works with FlixTech’s schema-registry-php-client (recommended with caching). | 1 | 1 | 0 | 122K | 0 | 20.6 | 65.0 | MIT | 1 year ago | |
| mehr-als-nix/assumptions | Assumptions for PHPUnit: skip tests when preconditions aren’t met (PHP version, extensions, etc.). Provides assumeTrue/assumeThat and Hamcrest matchers; failed assumptions are treated as skipped, including in @before/@beforeClass. Similar to @requires. | 2 | 3 | 2 | 0 | 0 | 22.2 | — | MIT | 8 years ago | |
| oddvalue/laravel-drafts | Drop-in drafts and revisions for Laravel Eloquent models. Create, save, publish, and preview revisions with a simple API, middleware support, and minimal setup—ideal for CMS-style editing workflows without building a custom versioning system. | 431 | 419 | 21 | 10K | 0 | 29.8 | 22.6 | MIT | 2 months ago | |
| phing/phing | Phing is a PHP build tool based on Apache Ant. Define XML build files to automate testing (PHPUnit), packaging, deployments, file transforms, filesystem tasks, SQL, SCM ops (Git/SVN/Hg), and docs generation. Extensible via custom PHP tasks. | 1,166 | 1,202 | 318 | 279K | 5 | 46.5 | 43.6 | LGPL-3.0 | 2 months ago | |
| phing/phing-composer-configurator | Composer plugin that installs and configures Phing from composer.json. Ensures the Phing binary and settings are set up during Composer install/update, simplifying Phing integration in PHP projects and keeping build tooling consistent. | 5 | 5 | 1 | 782 | 0 | 0.2 | 29.3 | — | — | |
| php-standard-library/psalm-plugin | Psalm plugin for PHP Standard Library (PSL) that improves type inference for PSL Type\specifications. Enables more precise array/shape types (e.g., Type\shape coercions) so Psalm reports correct, specific types during static analysis. | 25 | 25 | 7 | 27K | 1 | 25.2 | 49.1 | MIT | 3 weeks ago | |
| ramsey/collection | ramsey/collection is a PHP library for representing and manipulating typed collections. Provides data structures and APIs inspired by the Java Collections Framework, helping you store, validate, and work with groups of objects and values consistently. | 1,194 | 1,209 | 56 | 13M | 4 | 34.3 | 66.8 | MIT | 1 year ago | |
| ramsey/composer-repl | Interactive REPL for Composer projects. Quickly bootstrap a PHP shell that autoloads your dependencies and project classes, making it easy to explore APIs, test snippets, and debug in the context of your installed packages—without creating a script. | 105 | 105 | 3 | 2K | 0 | 25.4 | 20.3 | MIT | 1 year ago | |
| ramsey/composer-repl-lib | Library for building interactive Composer-powered PHP REPLs. Provides the core loop and helpers to evaluate code in a Composer project context, load autoloaded classes, and inspect results—useful for CLI shells, debugging tools, and developer consoles. | 2 | 2 | 2 | 2K | 0 | 22.4 | 46.9 | MIT | 1 month ago | |
| ramsey/conventional-commits | PHP library for parsing and working with Conventional Commits. Read commit messages into structured objects, validate format, and extract type/scope/description, body, footers, and breaking changes—useful for changelogs, release automation, and tooling. | 193 | 194 | 24 | 67K | 9 | 28.4 | 45.7 | MIT | 1 month ago | |
| ramsey/http-range | Parse, validate, and work with HTTP Range headers in PHP. ramsey/http-range helps you interpret byte ranges, handle partial content requests, and generate correct range responses for downloads, media streaming, and resumable transfers. | 33 | 33 | 7 | 10K | 0 | 22.4 | 39.9 | MIT | 1 year ago | |
| roave/backward-compatibility-check | CLI tool to detect backward-compatibility breaks between two versions of a PHP library. Compares the last SemVer git tag to current HEAD (or chosen refs) and fails CI on API breaks. Install via Composer or run with Docker. | 595 | 595 | 66 | 65K | 37 | 45.8 | 49.6 | MIT | 2 weeks ago | |
| solarium/solarium | Solarium is a PHP client library for Apache Solr that models Solr concepts with a clean, documented API, simplifying complex query parameters beyond basic HTTP calls. Requires PHP 8.1+ and supports cURL, a pure-PHP adapter, or any PSR-18 client. | 935 | 957 | 300 | 555K | 11 | 46.0 | 50.0 | NOASSERTION | 5 months ago | |
| spatie/laravel-csp | Easily add Content Security Policy (CSP) headers to your Laravel app. Define and enforce CSP directives, report violations, and tighten what scripts, styles, and other resources can load or connect to—helping mitigate XSS and malicious third‑party code. | 852 | 856 | 97 | 414K | 0 | 36.5 | 43.7 | MIT | 1 month ago | |
| spiral/roadrunner-jobs | Spiral RoadRunner Jobs driver and client for PHP. Run background tasks with RoadRunner’s jobs plugin, supporting queue configuration, message serialization, consuming and publishing jobs, and integrating into Spiral apps and workers for fast, reliable async processing. | 27 | 27 | 14 | 238K | 0 | 29.7 | 63.9 | MIT | 5 months ago | |
| spiral/roadrunner-kv | RoadRunner KV provides a fast, simple key-value storage layer for PHP apps running on RoadRunner. Store and retrieve data via an in-memory or configured KV backend with minimal overhead—useful for caching, flags, and lightweight shared state across workers. | 10 | 10 | 3 | 292K | 0 | 22.8 | 65.0 | MIT | 11 months ago | |
| spiral-packages/league-event | Spiral Framework bridge for The League Event dispatcher. Provides an EventBootloader to wire PSR-style event dispatching, define event classes, and register listeners via attributes or config. Requires PHP 8.1+ and Spiral 3.0+. | 1 | 1 | 1 | 3K | 0 | 20.8 | 51.2 | MIT | 3 years ago | |
| spomky-labs/cbor-php | Comprehensive PHP 8+ CBOR (RFC 8949) encoder/decoder with full major type support, extensible tags, streaming decoding, indefinite-length handling, and normalization to native PHP types; includes common tags and custom tag support. | 57 | 57 | 14 | 491K | 1 | 26.6 | 63.8 | MIT | 1 week ago | |
| spomky-labs/pki-framework | PHP 8.1+ framework for PKI: X.509 certificates, ASN.1 (X.690 DER) encoding/decoding, X.501/X.520 DN parsing, PEM (RFC 7468) support, and cryptographic/PKCS-related ASN.1 types. mbstring required; gmp/bcmath recommended. | 27 | 27 | 5 | 2M | 0 | 24.0 | 65.0 | MIT | 2 weeks ago | |
| vonage/client-core | Core PHP client library for Vonage APIs (PHP 8.1+). Create a Vonage\Client with your API key/secret, make requests, and optionally customize base API URLs for testing. Install via Composer (vonage/client) or use core with your own HTTP client. | 928 | 929 | 179 | 338K | 2 | 39.5 | 42.1 | Apache-2.0 | 1 week ago |
Weaver
How can I help you explore Laravel packages today?