darvis/livewire-injection-stopper
Composer 安装命令:
composer require darvis/livewire-injection-stopper
包简介
Laravel middleware package to block spam robots and injection attempts, with Livewire security audit tools
关键字:
README 文档
README
Protect your Laravel + Livewire application from spam bots and security vulnerabilities.
What does this package do?
This package protects your Laravel application in three ways:
1. 🛡️ Blocks Spam Bots
Automatically blocks automated spam bots (like Python scripts, curl, wget) from accessing your website. No more spam form submissions!
2. 🔍 Finds Security Holes in Livewire
Scans your Livewire components and tells you which properties attackers could manipulate. For example, if you have public $isAdmin = false, an attacker could change it to true in their browser!
3. 🔇 Silences Sentry Errors from Bot Attacks
When bots manipulate Livewire payloads, they can trigger CannotUpdateLockedPropertyException or Livewire property-assignment TypeError exceptions. This package silently handles those bot-driven exceptions and prevents them from being reported to Sentry or other error tracking services, keeping your error logs clean.
Installation
composer require darvis/livewire-injection-stopper
That's it! The spam bot blocking is now active.
Check Your Security
Run this command to scan your Livewire components:
php artisan livewire-injection-stopper:audit
It will show you which properties need protection.
Example: Fixing a Security Issue
Before (Vulnerable):
class CheckoutComponent extends Component { public $price = 100.00; // ⚠️ Attacker can change this to $0.01! }
After (Secure):
use Livewire\Attributes\Locked; class CheckoutComponent extends Component { #[Locked] // ✅ Now protected! public $price = 100.00; }
What Gets Blocked?
By default, these bots are blocked:
- Python scripts (
python-requests) - Command-line tools (
curl,wget) - Web scrapers (
scrapy) - Generic bots and crawlers
Real browsers and users are never blocked.
Configuration (Optional)
Want to customize? Publish the config file:
php artisan vendor:publish --tag=livewire-injection-stopper-config
Now you can:
- Add or remove blocked bots
- Block specific IP addresses
- Whitelist certain routes (like webhooks)
- Enable/disable Sentry error silencing
Sentry Error Silencing
By default, this package silences bot-driven Livewire update exceptions, including:
CannotUpdateLockedPropertyException- Livewire property assignment
TypeErrorexceptions (for example:Cannot assign array to property ...)
This keeps your Sentry error logs clean.
How it works:
- Middleware blocks suspicious Livewire update payloads before component assignment when possible
- If Livewire still throws a protected-property or array-assignment exception, this package catches it and returns a 403 response
- The exception is logged locally (if logging is enabled) but NOT sent to Sentry
Important: Custom Exception Handlers
If your app overrides report() in app/Exceptions/Handler.php and directly calls Sentry (captureException), make sure you skip reporting when SilentExceptionHandler::shouldSilence($exception) returns true. Otherwise, your custom handler can bypass package silencing.
To disable this feature:
// config/livewire-injection-stopper.php 'silence_locked_property_exceptions' => false,
Documentation
For detailed documentation, see the /docs folder:
- Installation Guide - Detailed setup instructions
- Security Audit - How to use the audit command
- Middleware Configuration - Customize bot blocking
- Livewire Security - Understanding the threats
- Testing - Running tests
Quick Links
Requirements
- PHP 8.1+
- Laravel 11.0 or 12.0
- Livewire 3.0
License
MIT License - feel free to use in any project!
Credits
Created by Arvid de Jong
Need help? Check the documentation or email info@arvid.nl
darvis/livewire-injection-stopper 适用场景与选型建议
darvis/livewire-injection-stopper 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.99k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2026 年 01 月 03 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「middleware」 「laravel」 「spam-protection」 「livewire」 「security-audit」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 darvis/livewire-injection-stopper 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 darvis/livewire-injection-stopper 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 darvis/livewire-injection-stopper 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Shoot aims to make providing data to your templates more manageable
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Slim Framework 3 CSRF protection middleware utilities
Cloudflare Middleware For Guzzle
Contao CMS integrity check for some files
统计信息
- 总下载量: 1.99k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 22
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-01-03