Skip to content

sneycampos/laravel-care

BranchesTags

Repository files navigation

Laravel Care Cover

Laravel Care

Health-Check and Audit Tool for Composer Dependencies. Find out which packages are well-maintained, secure, and which ones to avoid.

Inspired by nuxt.care, this package provides a dashboard to monitor the health of your Laravel project's dependencies.

Features

  • Health Scoring - Transparent 0-100 score based on reliable data
  • Security Audit - Vulnerability detection via Packagist and OSV.dev
  • Maintenance Status - Track release freshness, popularity, and documentation
  • Smart Filters - Filter by status, search by name, sort by score
  • Dark Mode - Beautiful dark theme with automatic detection
  • Caching - JSON-based caching with configurable TTL
  • CLI Support - Artisan command for terminal-based scanning

Screenshots

The dashboard features a modern design with:

  • Package grid with health score visualization
  • Glassmorphism effects and smooth animations
  • Fully responsive layout
  • Real-time search and filtering

Laravel Care Dashboard - Light Mode Laravel Care Dashboard - Dark Mode

Installation

Install the package via Composer:

composer require sneycampos/laravel-care --dev

Publish the configuration file (optional):

php artisan vendor:publish --tag="laravel-care-config"

Publish the views for customization (optional):

php artisan vendor:publish --tag="laravel-care-views"

Usage

Dashboard

Visit your application at /laravel-care to see the dependency health dashboard.

CLI Command

Scan dependencies from the terminal:

# Full scan with table output
php artisan laravel-care:scan

# Fresh scan (clear cache)
php artisan laravel-care:scan --fresh

# JSON output
php artisan laravel-care:scan --json

# Summary only
php artisan laravel-care:scan --summary

Programmatic Usage

use Sneycampos\LaravelCare\Facades\LaravelCare;

// Get all packages with health data
$packages = LaravelCare::scan();

// Get summary statistics
$summary = LaravelCare::summary();
// Returns: ['total' => 42, 'healthy' => 35, 'warning' => 5, 'critical' => 2, ...]

// Get specific package details
$package = LaravelCare::package('laravel/framework');

// Force refresh cache
LaravelCare::refresh();

Automatic Scanning (Composer Scripts)

You can configure Composer to automatically scan dependencies after every install or update. Add the following to your project's composer.json:

{
    "scripts": {
        "post-install-cmd": [
            "@php artisan laravel-care:scan --summary"
        ],
        "post-update-cmd": [
            "@php artisan laravel-care:scan --fresh --summary"
        ]
    }
}

This will:

  • After composer install: Show a summary of your dependencies' health
  • After composer update: Clear the cache and rescan (since packages changed)

Tip: Use --summary for a quick overview or remove it for the full table output.

CI/CD Integration

For continuous integration, you can fail the build if critical packages are detected:

# GitHub Actions example
- name: Check Dependency Health
  run: |
    php artisan laravel-care:scan --json > health.json
    CRITICAL=$(cat health.json | jq '.summary.critical')
    if [ "$CRITICAL" -gt "0" ]; then
      echo "Found $CRITICAL critical packages!"
      exit 1
    fi

Configuration

// config/laravel-care.php

return [
    // Route configuration
    'route_prefix' => 'laravel-care',
    'middleware' => ['web'], // Add 'auth' for protection

    // Cache configuration
    'cache' => [
        'driver' => 'json', // 'json' or 'sqlite'
        'ttl' => 28800, // 8 hours in seconds
    ],

    // Optional GitHub token for enhanced metadata
    'github_token' => env('LARAVEL_CARE_GITHUB_TOKEN'),

    // UI theme: 'light', 'dark', or 'auto'
    'theme' => 'auto',

    // Packages to ignore
    'ignore' => [
        'php',
        'ext-*',
    ],

    // Scoring weights (must total 100)
    'scoring' => [
        'security' => 30,
        'freshness' => 20,
        'maintenance' => 15,
        'popularity' => 10,
        'documentation' => 10,
        'testing' => 10,
        'laravel_compatibility' => 5,
    ],
];

How Scoring Works

Laravel Care calculates a Risk/Health Score from 0-100. This is not a popularity contest - we focus on reliability, maintenance, and security.

Score Breakdown

Category Max Points Description
Security 30 No known vulnerabilities
Freshness 20 Recent release (within 6 months)
Maintenance 15 Active maintenance, low issue count
Popularity 20 Download count (logarithmic scale)
Documentation 10 Has README, homepage, license
Testing 10 Has tests and CI
Laravel Compatibility 5 Supports recent Laravel versions

Penalties

  • Known CVE: -20 points
  • Abandoned Package: -30 points
  • No Release in 2+ years: -15 points (unless "stable & done")

Stable and Done Exception

Some packages are "done" - they work perfectly and don't need updates. A package gets the Stable and Done bonus if:

  • Published more than 1 year ago
  • No known vulnerabilities
  • Less than 10 open issues
  • Not abandoned

Security

The package checks vulnerabilities from:

Data Sources

Source Purpose
Packagist Package metadata, download stats
Packagist Security API Known vulnerabilities
OSV.dev Additional CVE data
GitHub API (optional) Repo stats, CI status

Testing

composer test

License

The MIT License (MIT). Please see License File for more information.

About

Laravel package that scans composer.lock and provides a beautiful dashboard with health scores, vulnerability detection, and maintenance insights.

Topics

security laravel packagist composer dashboard health-check audit vulnerabilities dependencies tailwindcss

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Contributors

Languages