How does `valorin/random` compare to Laravel’s built-in `Str::random()` for security?

`valorin/random` uses PHP’s `random_bytes()` under the hood, just like `Str::random()`, ensuring cryptographic security for tokens, IDs, or salts. However, it offers more control—custom character sets, length constraints, and batch generation—making it ideal for niche use cases like hex tokens or alphanumeric IDs where `Str::random()` falls short.

Can I use this package in Laravel 8.x or do I need Laravel 9+?

The package supports PHP 8.1+ (Laravel 9+) by default but can be installed in Laravel 8.x via Composer constraints. Check the [GitHub](https://github.com/valorin/random) for version-specific notes. For Laravel 8.x, ensure your `composer.json` specifies `^1.0` to avoid PHP 8.1+ dependencies.

Will this package slow down my application if I generate thousands of random strings?

While `random_bytes()` is secure, generating large batches (e.g., 10,000+ strings) may impact memory or performance. Benchmark in your environment. For bulk operations, consider chunking or parallel processing. The package is stateless, so no race conditions exist, but test under load if randomness is critical for high-throughput APIs.

How do I mock `valorin/random` in PHPUnit for testing?

Use PHPUnit’s `createMock()` or Laravel’s `Mockery` to replace the `Random` facade/class. For example: `$mock = Mockery::mock('alias:Random')->shouldReceive('string')->andReturn('test123')->once();`. The package’s stateless design makes mocking straightforward, and no side effects exist to test.

Does this package support custom character sets (e.g., hex, base64, or emoji)?

Yes, you can define custom character sets via the `characters()` method, such as `Random::string(32, '0123456789abcdef')` for hex. However, validate sets for encoding issues (e.g., UTF-8 emojis may cause problems). Avoid non-ASCII unless explicitly tested for your use case.

Is `valorin/random` safe for generating CSRF tokens or password reset links?

Absolutely. The package leverages `random_bytes()`, meeting Laravel’s security standards for sensitive operations. For CSRF tokens, use `Random::string(64)` or similar. Always pair with Laravel’s built-in validation (e.g., `csrf_token()`) to ensure end-to-end protection.

Can I integrate this with Laravel Scout for custom random IDs?

Yes! Replace Scout’s default UUIDs with `Random::string(20, '0123456789abcdef')` for hex IDs or `Random::uuid()` for UUIDs. This works seamlessly with Scout’s `modelId()` method. Just ensure your custom IDs don’t collide with existing database constraints.

What’s the difference between `Random::number()` and PHP’s `random_int()`?

`Random::number()` is a convenience wrapper for `random_int()` but adds Laravel-like syntax (e.g., `Random::number(1, 100)`). Use `random_int()` directly if you need raw performance or seed-based reproducibility. The package recommends `random_int()` for most integer use cases due to simplicity.

Are there any alternatives to `valorin/random` for Laravel?

Laravel’s `Str::random()` is the closest built-in alternative, but it lacks customization. Other options include `ramsey/uuid` (for UUIDs) or `paragonie/random_compat` (legacy PHP support). `valorin/random` stands out for its balance of security, simplicity, and Laravel integration without external dependencies.

How do I generate an array of random strings efficiently in Laravel?

Use `Random::times(10, fn() => Random::string(16))` to generate an array of 10 random strings. For bulk operations, leverage Laravel Collections: `collect(range(1, 100))->map(fn() => Random::string(32))->all()`. This avoids loops and keeps code clean while maintaining performance.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Random Laravel Package

valorin/random

Laravel helper for generating random strings, numbers, and values with a clean API. Create secure tokens, readable IDs, and randomized data for testing or seeding, with configurable length, character sets, and formats.

View on GitHub

Deep Wiki

Context7

Random is a simple helper package that makes it easy to generate a range of different cryptographically secure random values.

Frequently asked questions about Random

How does `valorin/random` compare to Laravel’s built-in `Str::random()` for security?: `valorin/random` uses PHP’s `random_bytes()` under the hood, just like `Str::random()`, ensuring cryptographic security for tokens, IDs, or salts. However, it offers more control—custom character sets, length constraints, and batch generation—making it ideal for niche use cases like hex tokens or alphanumeric IDs where `Str::random()` falls short.
Can I use this package in Laravel 8.x or do I need Laravel 9+?: The package supports PHP 8.1+ (Laravel 9+) by default but can be installed in Laravel 8.x via Composer constraints. Check the [GitHub](https://github.com/valorin/random) for version-specific notes. For Laravel 8.x, ensure your `composer.json` specifies `^1.0` to avoid PHP 8.1+ dependencies.
Will this package slow down my application if I generate thousands of random strings?: While `random_bytes()` is secure, generating large batches (e.g., 10,000+ strings) may impact memory or performance. Benchmark in your environment. For bulk operations, consider chunking or parallel processing. The package is stateless, so no race conditions exist, but test under load if randomness is critical for high-throughput APIs.
How do I mock `valorin/random` in PHPUnit for testing?: Use PHPUnit’s `createMock()` or Laravel’s `Mockery` to replace the `Random` facade/class. For example: `$mock = Mockery::mock('alias:Random')->shouldReceive('string')->andReturn('test123')->once();`. The package’s stateless design makes mocking straightforward, and no side effects exist to test.
Does this package support custom character sets (e.g., hex, base64, or emoji)?: Yes, you can define custom character sets via the `characters()` method, such as `Random::string(32, '0123456789abcdef')` for hex. However, validate sets for encoding issues (e.g., UTF-8 emojis may cause problems). Avoid non-ASCII unless explicitly tested for your use case.
Is `valorin/random` safe for generating CSRF tokens or password reset links?: Absolutely. The package leverages `random_bytes()`, meeting Laravel’s security standards for sensitive operations. For CSRF tokens, use `Random::string(64)` or similar. Always pair with Laravel’s built-in validation (e.g., `csrf_token()`) to ensure end-to-end protection.
Can I integrate this with Laravel Scout for custom random IDs?: Yes! Replace Scout’s default UUIDs with `Random::string(20, '0123456789abcdef')` for hex IDs or `Random::uuid()` for UUIDs. This works seamlessly with Scout’s `modelId()` method. Just ensure your custom IDs don’t collide with existing database constraints.
What’s the difference between `Random::number()` and PHP’s `random_int()`?: `Random::number()` is a convenience wrapper for `random_int()` but adds Laravel-like syntax (e.g., `Random::number(1, 100)`). Use `random_int()` directly if you need raw performance or seed-based reproducibility. The package recommends `random_int()` for most integer use cases due to simplicity.
Are there any alternatives to `valorin/random` for Laravel?: Laravel’s `Str::random()` is the closest built-in alternative, but it lacks customization. Other options include `ramsey/uuid` (for UUIDs) or `paragonie/random_compat` (legacy PHP support). `valorin/random` stands out for its balance of security, simplicity, and Laravel integration without external dependencies.
How do I generate an array of random strings efficiently in Laravel?: Use `Random::times(10, fn() => Random::string(16))` to generate an array of 10 random strings. For bulk operations, leverage Laravel Collections: `collect(range(1, 100))->map(fn() => Random::string(32))->all()`. This avoids loops and keeps code clean while maintaining performance.

Popularity trends

Recorded values over time (once-a-day snapshots). May 10, 2026 – Jun 8, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

228

Favorites

228

Forks

Score

3.9

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 228

+1.1
Forks

input: 12

+0.4
Open issues + PRs

input: 0

+0.0
Releases

input: 8

+2.4
Recency

input: 447

+0.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 3.9

Opportunity

27.0

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

48.7
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.85

Total 26.9

License

MIT

Last release

Mar 18, 2025

Watchers

Downloads

20K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours