Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Health
Assessments

Laravel Health Laravel Package

spatie/laravel-health

Monitor your Laravel app’s health by registering configurable checks (disk space, queues, cache, etc.). Get warnings or failures and receive notifications via mail or Slack, with an easy API for adding custom checks and reporting status.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Pros:

    • Security Updates: Release 1.39.3 includes critical dependency updates to resolve security vulnerabilities (e.g., rebecca-canyon's PR #314), aligning with Laravel’s security-first philosophy. No architectural changes required.
    • Modularity Retained: Core design (service container, facades, event-driven checks) remains unchanged, preserving Laravel integration.
    • Extensibility: Custom checks and notification channels (e.g., Slack, Oh Dear) continue to leverage Laravel’s DI and service providers without disruption.
    • Observability: Notification-driven alerts (mail, Slack) and Oh Dear compatibility remain intact for external monitoring.

  • Cons:

    • Security Dependency Risk: While updates resolve vulnerabilities, new dependencies may introduce minor compatibility risks with Laravel’s ecosystem (e.g., PHP 8.0+ constraints). Validate with composer validate.
    • Performance: No changes to check execution overhead or caching mechanisms. Original risks (e.g., real-time checks on high-traffic endpoints) persist.
    • State Management: Database-backed HealthResultStore still requires careful handling of concurrent writes or restarts with InMemoryHealthResultStore.

Integration Feasibility

  • Low Risk:

    • Composer Update: Zero breaking changes for Laravel 8+ apps. Run: 
      composer update spatie/laravel-health --with-dependencies
    • Configuration: No config file changes needed; security updates are under the hood.
    • Notification Channels: Existing Slack/email setups remain functional (e.g., laravel/slack-notification-channel compatibility unchanged).

  • Potential Challenges:

    • Dependency Conflicts: Updated packages (e.g., spatie/laravel-package-tools) may conflict with other Spatie packages or Laravel core. Test with: 
      composer why-not spatie/laravel-health
    • Secret Management: Security updates may tighten validation for secrets (e.g., Oh Dear webhook URLs). Audit .env for compliance.

Technical Risk

  • Minor Risks:

    • Security Validation: Ensure all custom checks and third-party integrations (e.g., HTTP clients) align with updated dependency security policies. Use: 
      composer audit
    • Notification Throttling: Default 1-hour throttle unchanged; validate if new security constraints affect alert delivery (e.g., rate-limited Slack webhooks).
    • Oh Dear Endpoint: Security updates may enforce stricter endpoint validation. Test Oh Dear’s /health-check route with: 
      curl -X GET http://your-app.test/health-check -H "Authorization: Bearer $OH_DEAR_SECRET"

  • Critical Risks:

    • False Positives/Negatives: Security updates could alter behavior of underlying checks (e.g., database connectivity). Re-test critical checks in staging.
    • Database Locking: Concurrent writes to DatabaseHealthResultStore remain a risk. Mitigate with transactions or Redis caching.

Key Questions

  1. Security Compliance:

    • Have all custom checks been audited for compliance with the updated dependency security policies?
    • Are there third-party APIs or services integrated into custom checks that may now require updated authentication (e.g., OAuth tokens)?

  2. Dependency Conflicts:

    • Could the updated spatie/laravel-package-tools or other dependencies conflict with existing Spatie packages (e.g., laravel-permission)?
    • Should a composer.lock be committed to freeze dependencies post-update?

  3. Alerting Reliability:

    • Do the security updates affect notification channel reliability (e.g., Slack webhook timeouts, email delivery)?
    • Should alert thresholds be adjusted post-update (e.g., shorter throttling for critical checks)?

  4. Oh Dear Integration:

    • Are there new security requirements for Oh Dear’s webhook secret or endpoint validation?
    • Should the Oh Dear endpoint be rate-limited to prevent abuse?

  5. Custom Check Validation:

    • How will custom checks be validated to ensure they adhere to the updated security standards (e.g., no deprecated functions like create_function)?
    • Are there plans to migrate custom checks to use newer PHP features (e.g., attributes for check registration)?

  6. Rollback Plan:

    • What is the rollback strategy if the update introduces regressions (e.g., broken notifications or false positives)?
    • Should the previous version (1.39.2) be retained temporarily for rollback?

Integration Approach

Stack Fit

  • Laravel Ecosystem:

    • Core: Fully compatible with Laravel 8+ (tested up to v10+). Security updates target Laravel’s supported PHP versions (8.0+).
    • Dependencies:
      • Updated spatie/laravel-package-tools and related packages ensure compliance with Laravel’s security advisories.
      • Notification channels (mail, Slack) remain unchanged; no breaking changes to laravel/notifications.
    • Database: No changes to supported drivers (MySQL, PostgreSQL, SQLite). Security updates may include stricter SQL query validation.
    • Caching: CacheHealthResultStore continues to integrate with Laravel’s cache drivers (Redis, Memcached).

  • Non-Laravel Considerations:

    • PHP Version: Requires PHP 8.0+. Security updates may enforce stricter type hints or deprecate older PHP features.
    • Web Server: No changes to Oh Dear endpoint requirements, but validate CORS/CSRF protections for /health-check.

Migration Path

  1. Pre-Update Audit:

    • Run composer audit to identify existing vulnerabilities.
    • Test custom checks for deprecated functions or insecure patterns (e.g., eval, dynamic function calls).

  2. Update Process:

    • Update the package: 
      composer update spatie/laravel-health --with-dependencies
    • Validate the update: 
      php artisan health:checks
    • Clear caches: 
      php artisan cache:clear && php artisan config:clear

  3. Security Validation:

    • Audit .env for secrets (e.g., OH_DEAR_HEALTH_CHECK_SECRET, Slack webhook URLs).
    • Test Oh Dear integration: 
      curl -v http://your-app.test/health-check -H "Authorization: Bearer $OH_DEAR_SECRET"
    • Verify notifications (e.g., Slack, email) are delivered without errors.

  4. Custom Checks:

    • Re-test custom checks for:
      • Deprecated PHP functions (e.g., mysql_connect).
      • Insecure HTTP practices (e.g., plaintext credentials in URLs).
    • Update checks using newer PHP features (e.g., attributes for registration): 
      #[HealthCheck]
class CustomApiCheck extends Check { ... }

  5. Post-Update Monitoring:

    • Monitor health check performance (e.g., execution time, database queries).
    • Set up alerts for false positives/negatives in staging.

Compatibility

  • Laravel Versions: Confirmed compatible with Laravel 8+ (tested up to v10+). No version deprecations.
  • PHP Extensions: No new extensions required. Security updates may enforce stricter use of existing extensions (e.g., openssl for HTTPS).
  • Database Drivers: Unchanged compatibility with Laravel-supported databases.
  • Caching: No changes to cache driver integration.

Sequencing

  1. Phase 1: Security Validation

    • Update dependencies and audit for vulnerabilities.
    • Validate Oh Dear and notification channels.

  2. Phase 2: Custom Check Updates

    • Modernize custom checks to use updated PHP/security practices.
    • Test in staging with realistic failure scenarios.

  3. Phase 3: Performance Optimization

    • Re-evaluate check scheduling (e.g., artisan schedule:run) for performance.
    • Implement caching (CacheHealthResultStore) if checks are resource-intensive.

  4. Phase 4: Observability Enhancement

    • Expose health results via a dashboard (e.g., /health route with Laravel’s Route::get).
    • Integrate with APM tools (e.g., New Relic) for deeper monitoring.

Operational Impact

Maintenance

  • Pros:

    • Active Maintenance: Release 1.39.3 includes security-focused updates, indicating ongoing support. Roadmap aligns with Laravel’s LTS cycles.
    • Minimal Configuration: No config changes required; updates are under the hood. Existing config/health.php remains valid.
    • Dependency Management: composer update with --with-dependencies ensures transitive dependencies are secured.

  • Cons:

    • Dependency Bloat: Security updates may introduce minor dependency conflicts (e.g., spatie/laravel-package-tools). Monitor with: 
      composer why spatie/laravel-health
    • Custom Check Maintenance: Developers must proactively update custom checks to align with new security standards (e.g., PHP 8.1+ features).
    • Secret Rotation: Security updates may necessitate rotating secrets (e.g., Oh Dear, Slack webhooks). Automate with Laravel’s env management.

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope
anil/file-picker
broqit/fields-ai