承接 darvis/livewire-injection-stopper 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

darvis/livewire-injection-stopper

Composer 安装命令:

composer require darvis/livewire-injection-stopper

包简介

Laravel middleware package to block spam robots and injection attempts, with Livewire security audit tools

README 文档

README

Protect your Laravel + Livewire application from spam bots and security vulnerabilities.

Latest Version License

What does this package do?

This package protects your Laravel application in three ways:

1. 🛡️ Blocks Spam Bots

Automatically blocks automated spam bots (like Python scripts, curl, wget) from accessing your website. No more spam form submissions!

2. 🔍 Finds Security Holes in Livewire

Scans your Livewire components and tells you which properties attackers could manipulate. For example, if you have public $isAdmin = false, an attacker could change it to true in their browser!

3. 🔇 Silences Sentry Errors from Bot Attacks

When bots manipulate Livewire payloads, they can trigger CannotUpdateLockedPropertyException or Livewire property-assignment TypeError exceptions. This package silently handles those bot-driven exceptions and prevents them from being reported to Sentry or other error tracking services, keeping your error logs clean.

Installation

composer require darvis/livewire-injection-stopper

That's it! The spam bot blocking is now active.

Check Your Security

Run this command to scan your Livewire components:

php artisan livewire-injection-stopper:audit

It will show you which properties need protection.

Example: Fixing a Security Issue

Before (Vulnerable):

class CheckoutComponent extends Component
{
    public $price = 100.00;  // ⚠️ Attacker can change this to $0.01!
}

After (Secure):

use Livewire\Attributes\Locked;

class CheckoutComponent extends Component
{
    #[Locked]  // ✅ Now protected!
    public $price = 100.00;
}

What Gets Blocked?

By default, these bots are blocked:

  • Python scripts (python-requests)
  • Command-line tools (curl, wget)
  • Web scrapers (scrapy)
  • Generic bots and crawlers

Real browsers and users are never blocked.

Configuration (Optional)

Want to customize? Publish the config file:

php artisan vendor:publish --tag=livewire-injection-stopper-config

Now you can:

  • Add or remove blocked bots
  • Block specific IP addresses
  • Whitelist certain routes (like webhooks)
  • Enable/disable Sentry error silencing

Sentry Error Silencing

By default, this package silences bot-driven Livewire update exceptions, including:

  • CannotUpdateLockedPropertyException
  • Livewire property assignment TypeError exceptions (for example: Cannot assign array to property ...)

This keeps your Sentry error logs clean.

How it works:

  • Middleware blocks suspicious Livewire update payloads before component assignment when possible
  • If Livewire still throws a protected-property or array-assignment exception, this package catches it and returns a 403 response
  • The exception is logged locally (if logging is enabled) but NOT sent to Sentry

Important: Custom Exception Handlers

If your app overrides report() in app/Exceptions/Handler.php and directly calls Sentry (captureException), make sure you skip reporting when SilentExceptionHandler::shouldSilence($exception) returns true. Otherwise, your custom handler can bypass package silencing.

To disable this feature:

// config/livewire-injection-stopper.php
'silence_locked_property_exceptions' => false,

Documentation

For detailed documentation, see the /docs folder:

Quick Links

Requirements

  • PHP 8.1+
  • Laravel 11.0 or 12.0
  • Livewire 3.0

License

MIT License - feel free to use in any project!

Credits

Created by Arvid de Jong

Need help? Check the documentation or email info@arvid.nl

darvis/livewire-injection-stopper 适用场景与选型建议

darvis/livewire-injection-stopper 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.99k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2026 年 01 月 03 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「middleware」 「laravel」 「spam-protection」 「livewire」 「security-audit」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 darvis/livewire-injection-stopper 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 darvis/livewire-injection-stopper 我们能提供哪些服务?
定制开发 / 二次开发

基于 darvis/livewire-injection-stopper 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.99k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 22
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-01-03