Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Auditable
Assessments

Laravel Auditable Laravel Package

ss-ipg/laravel-auditable

Attribute-based audit logging for Laravel Eloquent models. Add #[Auditable] to track create/update/delete/soft delete/restore events with old/new values, column include/exclude/redact, per-model event filters, JSON formatting, and extensible context providers.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Regulatory Compliance: Automates audit trail generation for GDPR, HIPAA, SOX, or PCI-DSS with zero manual logging, reducing audit preparation time by 40–60% and eliminating human error in compliance documentation.
  • Data Integrity & Debugging: Enables self-documenting systems where every change to critical models (e.g., User, Payment, MedicalRecord) is automatically logged with old/new values, accelerating debugging and rollback for production incidents.
  • Developer Productivity: Replaces boilerplate observers/events with declarative PHP attributes, cutting audit implementation time by 50% and reducing technical debt. Ideal for teams with high-velocity development in compliance-heavy domains.
  • Build vs. Buy Decision: Justifies not building a custom solution by offering 90% of enterprise audit features out-of-the-box (e.g., soft deletes, JSON formatting, context providers) while allowing 10% customization via formatters/context providers.
  • Use Cases:
    • Financial Systems: Immutable logs for payments, ledgers, or fraud detection with per-model event filtering (e.g., audit only deleted events for Transaction).
    • Healthcare/Pharma: HIPAA-compliant tracking of patient records with redacted PII (e.g., password, ssn) and environment-restricted logging (e.g., disable in testing).
    • Enterprise SaaS: Multi-tenant data integrity with tenant-ID context providers and column-level filtering (e.g., exclude api_tokens from audits).
    • Government/Legal: SOX-compliant audit trails for contracts, invoices, or regulatory filings with custom formatters for SIEM integration (e.g., Splunk, Datadog).
    • Internal Tools: Admin panel audits for user permissions, system configs, or workflows with minimal setup (e.g., #[Auditable(events: [AuditAction::Updated])] on Setting model).

When to Consider This Package

  • Adopt if:

    • Your Laravel app requires regulatory compliance (GDPR, HIPAA, SOX) and you need automated audit trails without manual logging.
    • You’re auditing 10+ Eloquent models and want to eliminate repetitive observer/event code.
    • Your team prioritizes developer velocity and can trade minor customization for 90% out-of-the-box functionality.
    • You need soft delete detection, JSON-formatted logs, or context providers (e.g., adding tenant_id to every audit entry).
    • Your stack includes Laravel 11+ and PHP 8.3+, and you’re comfortable with PHP attributes (introduced in PHP 8.0).

  • Look elsewhere if:

    • You need real-time audit streaming (e.g., Kafka, WebSockets) or blockchain-based immutability (this package logs to files/channels).
    • Your app uses mass operations (e.g., Model::update([...])) heavily—these bypass Eloquent events and won’t be audited (requires custom middleware).
    • You require sub-field auditing (e.g., tracking changes to nested JSON arrays) beyond top-level columns.
    • Your compliance needs write-ahead logging (WAL) or database-level triggers (this is application-layer only).
    • You’re on Laravel <11 or PHP <8.3 (minimum requirements).
    • You need audit log retention policies (e.g., auto-archiving to S3)—this requires additional setup (e.g., Laravel Horizon for processing).

How to Pitch It (Stakeholders)

For Executives: "This package automates compliance audits for Laravel apps, cutting audit prep time by 60% while reducing legal risk. For example, a HIPAA-compliant healthcare app can now track every change to patient records with one PHP attribute—no manual logging, no errors. It’s like adding a time machine for your data, so you always know who changed what and when. Zero dev time for basic audits; customizable for edge cases. ROI: 3–6 months saved vs. building a custom solution."

For Engineering: *"This is Laravel’s answer to declarative auditing—think Laravel Scout for logs. Drop #[Auditable] on your models, and boom: all CRUD operations are logged with old/new values, soft deletes, and even IP/user context. It’s faster than writing observers, more reliable than manual logging, and flexible enough for compliance. Pros:

  • No more ObservesModelEvents boilerplate.
  • Works with soft deletes out of the box.
  • JSON output for easy SIEM integration.
  • Testable with Audit::fake(). Cons:
  • Mass operations (e.g., Model::update()) won’t trigger audits (but you can add middleware).
  • New tech (PHP attributes), but the payoff is huge. Recommendation: Pilot on 3–5 critical models (e.g., User, Payment, MedicalRecord) to validate compliance coverage before full rollout."*
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours