Search by 
artisanpack-ui / security
Core Laravel security toolkit — input sanitization, output escaping, KSES filtering, security headers, XSS protection, basic rate limiting, and Content Security Policy. Authentication / 2FA / RBAC / file uploads / analytics / compliance live in sibling packages.
Maintainers
2.0.1
2026-05-21 15:10 UTC
Requires
- php: ^8.2
- artisanpack-ui/core: ^1.0
- illuminate/support: ^10.0|^11.0|^12.0
- laminas/laminas-escaper: ^2.16
- laravel/sanctum: ^4.0
Requires (Dev)
- artisanpack-ui/code-style: ^1.1
- artisanpack-ui/code-style-pint: ^1.1
- dealerdirect/phpcodesniffer-composer-installer: ^1.0
- friendsofphp/php-cs-fixer: ^3.75
- laravel/pint: ^1.26
- livewire/livewire: ^3.6|^4.0
- orchestra/testbench: ^10.2
- pestphp/pest: ^3.8
- pestphp/pest-plugin-laravel: ^3.1
Suggests
- artisanpack-ui/compliance: GDPR / CCPA / LGPD compliance toolkit — consent, DSR (erasure + portability), DPIA, data minimization, retention.
- artisanpack-ui/rbac: Roles + permissions consolidation (Blade directives, Gate integration, Artisan commands).
- artisanpack-ui/secure-uploads: File upload validation, malware scanning (ClamAV / VirusTotal), rate limiting, secure storage.
- artisanpack-ui/security-advanced-auth: Adds WebAuthn / FIDO2, SSO (SAML/OIDC), social auth, biometric, device fingerprinting.
- artisanpack-ui/security-analytics: Security event logging, anomaly detection, threat intelligence, SIEM export, incident response, alerting, dashboards.
- artisanpack-ui/security-auth: Adds 2FA (email/TOTP), password complexity + breach checking, account lockout, advanced session management.
This package is auto-updated.
Last update: 2026-05-21 15:12:50 UTC
README
The core Laravel security toolkit in the ArtisanPack UI ecosystem. Focused on input sanitization, output escaping, KSES filtering, security headers, XSS protection, basic rate limiting, and Content Security Policy.
Security 2.0 — core-only. Authentication, 2FA, RBAC, file uploads, analytics, and compliance have moved to dedicated sibling packages. See UPGRADE.md for migrating from 1.x.
What's in this package
- Sanitization —
sanitizeEmail,sanitizeUrl,sanitizeText,sanitizeInt,sanitizeArray, … - Escaping —
escHtml,escAttr,escUrl,escJs,escCss(Laminas Escaper backed) - KSES filtering —
kses()WordPress-style allowed-tag filtering - Validation rules —
NoHtml,SecureUrl - Middleware —
csp,security.headers,xss.protection,api.security,api.rate_limit - Content Security Policy — nonce generator, policy builder, presets, violation reporting endpoint, CSP dashboard Livewire component (optional — requires
livewire/livewire), Artisan commands (csp:test,csp:stats,csp:prune,security:generate-csp) - Security audit commands —
security:audit,security:scan,security:baseline,security:benchmark,security:check-config,security:test-headers,security:scan-deps - Testing infrastructure — OWASP scanner, configuration scanner, penetration testing helpers, performance benchmarks, report generators
What's NOT in this package (sibling packages)
| Capability | Package |
|---|---|
| Authentication, 2FA, password complexity, breach checking, account lockout, advanced sessions | artisanpack-ui/security-auth |
| WebAuthn / FIDO2, SSO (SAML/OIDC), social auth, biometrics, device fingerprinting | artisanpack-ui/security-advanced-auth |
| Roles + permissions (Blade directives, Gate integration, Artisan commands) | artisanpack-ui/rbac |
| Secure uploads, malware scanning (ClamAV / VirusTotal), upload rate limiting | artisanpack-ui/secure-uploads |
| Security event logging, anomaly detection, threat intel, SIEM export, dashboards | artisanpack-ui/security-analytics |
| GDPR / CCPA / LGPD — consent, DSR, DPIA, data minimization, retention | artisanpack-ui/compliance |
Installation
composer require artisanpack-ui/security
Publish the config:
php artisan vendor:publish --tag=security-config
Quick Start
use ArtisanPackUI\Security\Facades\Security; $cleanEmail = Security::sanitizeEmail($userEmail); echo Security::escHtml($userContent);
Or use the global helpers:
$cleanEmail = sanitizeEmail($userEmail); echo escHtml($userContent);
Middleware
Route::middleware(['csp', 'security.headers', 'xss.protection'])->group(function () { // ... }); Route::middleware('api.rate_limit:api')->group(function () { // ... });
CSP nonces in Blade
<script @csp_nonce> // ... </script>
Documentation
Requirements
- PHP 8.2+
- Laravel 10 / 11 / 12
Sibling packages
| Package | Scope |
|---|---|
artisanpack-ui/security-full |
Meta-package — pulls in the full security suite (all six packages below) in a single require |
artisanpack-ui/rbac |
Roles, permissions, hierarchy, Blade directives, Gate integration |
artisanpack-ui/security-auth |
2FA, password complexity, account lockout, sessions |
artisanpack-ui/security-advanced-auth |
WebAuthn, SSO, social login, biometric, device fingerprinting |
artisanpack-ui/secure-uploads |
File validation, malware scanning, signed-URL serving |
artisanpack-ui/security-analytics |
Event logging, anomaly detection, SIEM, dashboards |
artisanpack-ui/compliance |
GDPR / CCPA / LGPD consent, data subject rights, DPIA, retention, monitoring |
License
MIT — see LICENSE.