Simplifying Service Providers With Laravel Package Tools

 

Laravel Package Tools is a package by Spatie that provides an opinionated base service provider you can use to streamline the registration of your package’s config files, migrations, commands, and more.

Here’s how to simplify service providers in @laravelphp packageshttps://t.co/qKmIO7nUJY

Spoiler: I released a package for that https://t.co/URH2udPbiJ#php #laravel pic.twitter.com/tWCGuE8HG8

— Freek Van der Herten (@freekmurze) January 25, 2021

I think you’ll agree that this package can streamline common use-cases found in package service providers:

use Spatie\LaravelPackageTools\PackageServiceProvider;

use Spatie\LaravelPackageTools\Package;

class YourPackageServiceProvider extends PackageServiceProvider

{

    public function configurePackage(Package $package) : void

    {

        $package

            ->name('your-package-name')

            ->hasConfigFile()

            ->hasViews()

            ->hasTranslations()

            ->hasMigration('create_package_tables')

            ->hasCommand(YourCoolPackageCommand::class);

    }

}

Spatie also provides a skeleton Laravel package you can use as a template for your next package project. The Laravel skeleton uses the package tools service provider out of the box.

Read More

Use Basecamp’s Hotwire in Laravel

 

Turbo Laravel is a package that gives you a set of conventions to get the most out of Hotwire in Laravel. Turbo is inspired by the turbo-rails gem, giving Laravel developers a similar experience as those developing with Hotwire in the Ruby world.

Hotwire is an open-source tool built by Basecamp (it powers the HEY email service), which provides an alternative approach to building modern web applications without using much JavaScript and sending HTML instead of JSON over the wire.

Turbo Laravel supports Turbo features outlined by the Hotwire documentation. For those new to Hotwire, here are the descriptions of each technique from the website:

• Turbo Drive – accelerates links and form submissions by negating the need for full page reloads.
• Turbo Frames – decompose pages into independent contexts, which scope navigation and can be lazily loaded.
• Turbo Streams – deliver page changes over WebSocket, SSE or in response to form submissions using just HTML and a set of CRUD-like actions.
• Turbo Native – lets your majestic monolith form the center of your native iOS and Android apps, with seamless transitions between the web and native sections.

Along with this package, there is a turbo-laravel-test-helpers companion package that adds a couple of macros and assertion helpers to test your applications built with Turbo Laravel:

/** @test */

public function turbo_stream_test()

{

    $response = $this->turbo()->post('my-route');

    $response->assertTurboStream();

    // Checks if one of the Turbo Stream responses matches these criteria.

    $response->assertHasTurboStream($target = 'users', $action = 'append');

    // Checks if there is no Turbo Stream tag for the criteria.

    $response->assertDoesntHaveTurboStream($target = 'empty_users', $action = 'remove');

}

Read More

CLI to Check For PHP Security Vulnerabilities

 

Enlightn Security Checker (from the folks behind Enlightn) is a command-line tool that checks if your application uses dependencies with known security vulnerabilities.

You can install it globally via composer to start checking projects:

composer global require enlightn/security-checker

Using the security-checker CLI, you provide a path to your project’s composer.lock file to get a report of any vulnerabilities:

⇒ security-checker security:check /path/to/composer.lock

{

    "laravel\/framework": {

        "version": "5.7.29",

        "time": "2020-04-14T14:16:19+00:00",

        "advisories": [

            {

                "title": "RCE vulnerability in \"cookie\" session driver",

                "link": "https:\/\/blog.laravel.com\/laravel-cookie-security-releases",

                "cve": null

            }

        ]

    },

    "robrichards\/xmlseclibs": {

        "version": "2.1.1",

        "time": "2019-11-05T11:51:00+00:00",

        "advisories": [

            {

                "title": "Filter input to avoid XPath injection",

                "link": "https:\/\/github.com\/robrichards\/xmlseclibs\/commit\/649032643f7aac493e91ca318da0339aec72aa4a",

                "cve": null

            }

        ]

    }

}

You can programmatically get a report with the following PHP code:

use Enlightn\SecurityChecker\SecurityChecker;

$result = (new SecurityChecker)->check('/path/to/composer.lock');

/*

{

  "laravel/framework": {

    "version": "8.22.0",

    "time": "2021-01-13T13:37:56+00:00",

    "advisories": [{

      "title": "Unexpected bindings in QueryBuilder",

      "link": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",

      "cve": null

    }]

  }

}

*/

The Enlightn Security Checker uses the security advisories database to reference known security vulnerabilities in PHP projects and libraries. You can learn more about this package and view the source code on GitHub.

Read More