fr3on / laravel-prism
Static Eloquent model auditor - catches $fillable, $casts, $hidden, and factory drift before tests fail silently.
Maintainers
Requires
- php: ^8.2
- illuminate/console: ^11.0
- illuminate/database: ^11.0
- illuminate/support: ^11.0
Requires (Dev)
- laravel/pint: ^1.15
- orchestra/testbench: ^9.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
README
Static Eloquent model auditor — catches $fillable, $casts, $hidden, and factory drift before tests fail silently.
Eloquent models accumulate drift. You add a column to a migration, forget to add it to $fillable. A new $cast is declared for a column that no longer exists. A password column sits in $fillable but not in $hidden. A factory produces string for a field that the model casts as array. None of these problems throw an error — they fail silently, corrupt data, or create security holes that only show up under specific conditions.
Prism surfaces these silent issues through static model auditing.
Features
Prism detects 5 major drift patterns:
- Sensitive field in
$fillablebut not$hidden(Potential Data Leak) $castsdeclares a column not in the DB (Dead Cast)- DB column exists but is absent from
$fillable(Missing Fillable) - Factory type mismatches model
$casts(Factory Mismatch) $guarded = []with no$fillabledefined (Unguarded Model)
Installation
You can install the package via composer:
composer require fr3on/laravel-prism --dev
You can publish the config file with:
php artisan vendor:publish --tag="prism-config"
Usage
Simply run the auditor against your application's models:
php artisan model:audit
To integrate with your CI testing pipeline and gate deployments on model drift:
php artisan model:audit --ci
You can also specify particular models to scan:
php artisan model:audit --model=User
License
The MIT License (MIT). Please see License File for more information.