joshdonnell/radar 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

joshdonnell/radar

Composer 安装命令:

composer require joshdonnell/radar

包简介

A lightweight dependency health dashboard for Laravel applications

README 文档

README

Laravel Radar

Laravel Compatibility Tests Formats License

Introduction

Laravel Radar is a lightweight dependency health dashboard and notifier for Laravel applications.

Radar scans Composer and NPM dependencies, stores a snapshot, and highlights:

  • vulnerable packages
  • outdated direct dependencies
  • abandoned Composer packages
  • practical, conservative next steps

Radar is intentionally read-only. It reports dependency health and suggests commands, but it does not update dependencies, edit lock files, commit changes, or deploy code for you.

Laravel Radar dashboard screenshot

Requirements

  • PHP 8.3+
  • Laravel 12 or 13
  • Composer
  • Node/NPM available when scanning JavaScript dependencies

Installation

Install Radar with Composer:

composer require joshdonnell/radar

Publish Radar's config file, migration, and dashboard assets:

php artisan radar:install

Run the migration:

php artisan migrate

Usage

Run a dependency scan:

php artisan radar:scan

Open the dashboard at:

/radar

The dashboard path can be changed with:

RADAR_PATH=internal/radar

Radar's dashboard is enabled outside production by default and disabled in production by default. Production applications can still run scans and send notifications. Only enable the dashboard in production when it is protected by trusted authentication and authorization.

RADAR_DASHBOARD_ENABLED=true

Commands

Radar currently ships these Artisan commands:

php artisan radar:scan
php artisan radar:notify
php artisan radar:clear

radar:scan

Scans application dependencies and stores a Radar snapshot.

php artisan radar:scan

Scan a different project path:

php artisan radar:scan --path=/path/to/app

Use CI mode in a pipeline after installing dependencies:

php artisan radar:scan --ci --severity=high

The --ci flag makes radar:scan return a failing status when vulnerabilities meet the configured severity threshold. Your CI provider does not need special handling. It only needs to run the command and respect the exit code.

Set --severity to low, medium, high, or critical. Radar returns 1 when a vulnerability is at or above that threshold, 0 when none are, and 2 when the CI options or scan path are invalid.

radar:notify

Sends deduplicated vulnerability notifications for the latest stored scan.

php artisan radar:notify

Run a fresh scan before notifying:

php artisan radar:notify --scan

Notifications are only sent when vulnerabilities exist and at least one notification route is configured.

radar:clear

Clears stored Radar scan history.

php artisan radar:clear

Skip the confirmation prompt:

php artisan radar:clear --force

Dashboard

The dashboard shows the latest stored scan, including:

  • health score
  • latest scan time
  • Composer and NPM package inventory
  • vulnerability findings
  • outdated direct dependency findings
  • abandoned Composer package findings
  • suggested safe commands or review steps where Radar can infer them

Notifications

Radar uses Laravel Notifications. Your application still owns the normal mail and Slack transport configuration; Radar only stores the on-demand notification routes it should target.

Configure mail recipients:

RADAR_NOTIFICATION_MAIL_TO=security@example.com,dev@example.com

Configure Slack:

RADAR_NOTIFICATION_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...

Send notifications manually:

php artisan radar:notify

Or scan first, then notify:

php artisan radar:notify --scan

Repeated notifications for the same vulnerability finding set are deduplicated for the configured TTL:

RADAR_NOTIFICATION_DEDUPE_TTL=86400

Scheduling

Radar preconfigures a nightly scheduled radar:notify --scan run at 02:00, so each notification run starts with a fresh scan.

Your application still needs Laravel's scheduler running in production, usually via a cron entry that runs php artisan schedule:run every minute.

Customize or disable Radar's built-in schedule:

RADAR_NOTIFICATION_SCHEDULE_ENABLED=true
RADAR_NOTIFICATION_SCHEDULE_TIME=02:00
RADAR_NOTIFICATION_SCHEDULE_TIMEZONE=Europe/London

Authorization

Radar checks the configured gate outside local environments before serving the dashboard.

Define the gate in your application, for example:

use Illuminate\Support\Facades\Gate;

Gate::define('viewRadar', fn ($user = null): bool => $user?->is_admin === true);

If you publish the config, you can change the gate name by editing the authorization.gate value in config/radar.php.

Configuration

Publish the configuration file with:

php artisan vendor:publish --tag="radar-config"

Useful environment variables:

RADAR_ENABLED=true
RADAR_PATH=radar
RADAR_DASHBOARD_ENABLED=false
RADAR_DB_CONNECTION=sqlite
RADAR_PRUNE_DAYS=30
RADAR_COMMAND_TIMEOUT=60
RADAR_NOTIFICATION_MAIL_TO=security@example.com
RADAR_NOTIFICATION_SLACK_WEBHOOK_URL=
RADAR_NOTIFICATION_DEDUPE_TTL=86400
RADAR_NOTIFICATION_SCHEDULE_ENABLED=true
RADAR_NOTIFICATION_SCHEDULE_TIME=02:00
RADAR_NOTIFICATION_SCHEDULE_TIMEZONE=

See the configuration documentation for the full config reference.

Dependency sources

Radar reads dependency information from package manager files and installed package metadata.

Composer support includes:

  • package inventory from composer.lock
  • fallback inventory from vendor/composer/installed.json
  • vulnerability findings from composer audit --format=json
  • outdated direct dependencies from Composer's outdated output
  • abandoned package metadata from Composer package data

NPM support includes:

  • package inventory from package-lock.json
  • fallback direct package inventory from node_modules/*/package.json
  • vulnerability findings from npm audit --json
  • outdated direct dependencies from NPM's outdated output

Supported Node runners

Radar detects the JavaScript package manager from the project lock file and uses that runner when suggesting safe NPM update commands.

Lock file Runner Example recommendation
package-lock.json npm npm update vite
npm-shrinkwrap.json npm npm update vite
yarn.lock Yarn yarn up vite
pnpm-lock.yaml pnpm pnpm update vite
bun.lock Bun bun update vite
bun.lockb Bun bun update vite

If no known lock file exists, Radar falls back to npm.

Testing

Run the PHP checks:

composer test

Run frontend checks while working on dashboard assets:

npm run test:lint
npm run test:types
npm run build

License

Laravel Radar is open-sourced software licensed under the MIT license.

joshdonnell/radar 适用场景与选型建议

joshdonnell/radar 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2 次下载、GitHub Stars 达 9, 最近一次更新时间为 2026 年 05 月 06 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「laravel」 「dependencies」 「radar」 「cve」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 joshdonnell/radar 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 joshdonnell/radar 我们能提供哪些服务?
定制开发 / 二次开发

基于 joshdonnell/radar 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 9
  • 点击次数: 46
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 9
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-05-06