stellarsecurity/laravel-hardening

Stellar Security hardening guard for Laravel (blocks APP_DEBUG=true on production-like hosts).

Maintainers

Details

github.com/StellarSecurity-Packages/stellar-laravel-hardening

Source

Issues

Installs: 33

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

pkg:composer/stellarsecurity/laravel-hardening

v1.0.0 2025-12-10 01:15 UTC

Requires

  • php: ^8.0

proprietary c30351f035751b27fcb004cff894547c137a3424

This package is not auto-updated.

Last update: 2025-12-10 23:39:38 UTC

README

Tiny Laravel package that protects you from pushing APP_DEBUG=true to anything that smells like production.

What it does

  • Looks at:
    • APP_ENV / config('app.env')
    • APP_DEBUG / config('app.debug')
    • Current HTTP host
    • WEBSITE_SITE_NAME (Azure App Service)
  • If the environment is "production-like" and debug is enabled, it:
    • Logs a critical message
    • Aborts with HTTP 500

Install

composer require stellarsecurity/laravel-hardening

The service provider is auto-discovered.

Publish the config if you want to tweak the rules:

php artisan vendor:publish --tag=config --provider="Stellar\LaravelHardening\Providers\StellarHardeningServiceProvider"

Then edit config/stellar_hardening.php.