sneycampos / laravel-care
Health-Check & Audit Tool for Composer Dependencies - Find out which packages are well-maintained, secure, and which ones to avoid.
Maintainers
Requires
- php: ^8.1
- illuminate/contracts: ^10.0|^11.0
- laravel/prompts: ^0.3.10
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1
- orchestra/testbench: ^9.0
- pestphp/pest: ^2.34
- pestphp/pest-plugin-arch: ^2.7
- pestphp/pest-plugin-laravel: ^2.3
This package is auto-updated.
Last update: 2026-03-27 21:57:42 UTC
README
Laravel Care
Health-Check and Audit Tool for Composer Dependencies. Find out which packages are well-maintained, secure, and which ones to avoid.
Inspired by nuxt.care, this package provides a dashboard to monitor the health of your Laravel project's dependencies.
Features
- Health Scoring - Transparent 0-100 score based on reliable data
- Security Audit - Vulnerability detection via Packagist and OSV.dev
- Maintenance Status - Track release freshness, popularity, and documentation
- Smart Filters - Filter by status, search by name, sort by score
- Dark Mode - Beautiful dark theme with automatic detection
- Caching - JSON-based caching with configurable TTL
- CLI Support - Artisan command for terminal-based scanning
Screenshots
The dashboard features a modern design with:
- Package grid with health score visualization
- Glassmorphism effects and smooth animations
- Fully responsive layout
- Real-time search and filtering
Installation
Install the package via Composer:
composer require sneycampos/laravel-care --dev
Publish the configuration file (optional):
php artisan vendor:publish --tag="laravel-care-config"
Publish the views for customization (optional):
php artisan vendor:publish --tag="laravel-care-views"
Usage
Dashboard
Visit your application at /laravel-care to see the dependency health dashboard.
CLI Command
Scan dependencies from the terminal:
# Full scan with table output php artisan laravel-care:scan # Fresh scan (clear cache) php artisan laravel-care:scan --fresh # JSON output php artisan laravel-care:scan --json # Summary only php artisan laravel-care:scan --summary
Programmatic Usage
use Sneycampos\LaravelCare\Facades\LaravelCare; // Get all packages with health data $packages = LaravelCare::scan(); // Get summary statistics $summary = LaravelCare::summary(); // Returns: ['total' => 42, 'healthy' => 35, 'warning' => 5, 'critical' => 2, ...] // Get specific package details $package = LaravelCare::package('laravel/framework'); // Force refresh cache LaravelCare::refresh();
Automatic Scanning (Composer Scripts)
You can configure Composer to automatically scan dependencies after every install or update. Add the following to your project's composer.json:
{
"scripts": {
"post-install-cmd": [
"@php artisan laravel-care:scan --summary"
],
"post-update-cmd": [
"@php artisan laravel-care:scan --fresh --summary"
]
}
}
This will:
- After
composer install: Show a summary of your dependencies' health - After
composer update: Clear the cache and rescan (since packages changed)
Tip: Use
--summaryfor a quick overview or remove it for the full table output.
CI/CD Integration
For continuous integration, you can fail the build if critical packages are detected:
# GitHub Actions example - name: Check Dependency Health run: | php artisan laravel-care:scan --json > health.json CRITICAL=$(cat health.json | jq '.summary.critical') if [ "$CRITICAL" -gt "0" ]; then echo "Found $CRITICAL critical packages!" exit 1 fi
Configuration
// config/laravel-care.php return [ // Route configuration 'route_prefix' => 'laravel-care', 'middleware' => ['web'], // Add 'auth' for protection // Cache configuration 'cache' => [ 'driver' => 'json', // 'json' or 'sqlite' 'ttl' => 28800, // 8 hours in seconds ], // Optional GitHub token for enhanced metadata 'github_token' => env('LARAVEL_CARE_GITHUB_TOKEN'), // UI theme: 'light', 'dark', or 'auto' 'theme' => 'auto', // Packages to ignore 'ignore' => [ 'php', 'ext-*', ], // Scoring weights (must total 100) 'scoring' => [ 'security' => 30, 'freshness' => 20, 'maintenance' => 15, 'popularity' => 10, 'documentation' => 10, 'testing' => 10, 'laravel_compatibility' => 5, ], ];
How Scoring Works
Laravel Care calculates a Risk/Health Score from 0-100. This is not a popularity contest - we focus on reliability, maintenance, and security.
Score Breakdown
| Category | Max Points | Description |
|---|---|---|
| Security | 30 | No known vulnerabilities |
| Freshness | 20 | Recent release (within 6 months) |
| Maintenance | 15 | Active maintenance, low issue count |
| Popularity | 20 | Download count (logarithmic scale) |
| Documentation | 10 | Has README, homepage, license |
| Testing | 10 | Has tests and CI |
| Laravel Compatibility | 5 | Supports recent Laravel versions |
Penalties
- Known CVE: -20 points
- Abandoned Package: -30 points
- No Release in 2+ years: -15 points (unless "stable & done")
Stable and Done Exception
Some packages are "done" - they work perfectly and don't need updates. A package gets the Stable and Done bonus if:
- Published more than 1 year ago
- No known vulnerabilities
- Less than 10 open issues
- Not abandoned
Security
The package checks vulnerabilities from:
- Packagist Security Advisories
- OSV.dev for additional CVE information
Data Sources
| Source | Purpose |
|---|---|
| Packagist | Package metadata, download stats |
| Packagist Security API | Known vulnerabilities |
| OSV.dev | Additional CVE data |
| GitHub API (optional) | Repo stats, CI status |
Testing
composer test
License
The MIT License (MIT). Please see License File for more information.