Laravel Web Tinker Laravel Package
spatie/laravel-web-tinker
Browser-based Laravel Tinker console. Adds a route where you can run code, inspect your app, and iterate quickly with a light/dark UI. Dev-only tool—can execute arbitrary PHP, so don’t use in production.
Technical Evaluation
Architecture fit: The package integrates seamlessly into Laravel's ecosystem as a dev-only tool, leveraging PsySH for REPL functionality and extending Laravel's middleware stack. It adds a dedicated route and Vue-based frontend without altering core application structure. The config-driven approach aligns with Laravel conventions, using environment variables for safe default behavior.
Integration feasibility: High. Installation requires only composer require --dev and a single artisan command. No code changes needed beyond config adjustments. The package is explicitly designed for local development, making it trivial to include in dev environments while excluding it from production deployments.
Technical risk: Critical security exposure if enabled outside local environments (arbitrary code execution). Past vulnerabilities (e.g., HTML injection fixes) indicate ongoing security maintenance needs. Dependency on PsySH introduces potential compatibility issues during Laravel/PHP upgrades. The "last release" date (2026-02-21) appears erroneous but recent changelogs show active maintenance.
Key questions: How to enforce environment-specific enablement in CI/CD pipelines? What additional authorization layers (beyond Laravel Gate) are needed for non-local environments? How frequently are security audits conducted for PsySH dependencies? What is the actual support lifecycle for Laravel versions beyond v12?
Integration Approach
Stack fit: Fully compatible with Laravel 5.7
How can I help you explore Laravel packages today?