limenet/laravel-baseline
Composer 安装命令:
composer require limenet/laravel-baseline
包简介
A highly opinionated Laravel baseline.
README 文档
README
Checks your Laravel installation against a highly opinionated baseline.
Installation
You can install the package via composer:
composer require limenet/laravel-baseline
You can publish the config file with:
php artisan vendor:publish --tag="laravel-baseline-config"
Usage
Add to your composer.json to run checks (and auto-fix) after every composer update:
"post-update-cmd": [ "@php artisan limenet:laravel-baseline:check --fix" ],
Running checks
# Check only — report issues without making changes php artisan limenet:laravel-baseline:check # Auto-fix — apply all safe automatic fixes, then report remaining issues php artisan limenet:laravel-baseline:check --fix
Checks marked 🔧 below support --fix. When --fix is used:
- Fully fixable checks: all conditions are applied automatically.
- Partially fixable checks (requires package installed first): configuration/script entries are fixed once the package is installed via
composer require. - Non-fixable checks: report the issue with an actionable message.
AI guidelines & skills
The package also ships Laravel Boost resources under
resources/boost/: an always-on guideline (the dev loop — ci-lint, tests, DDEV-first
conventions) and on-demand skills (e.g. creating-a-release). When a project that has
laravel/boost installed runs php artisan boost:install or php artisan boost:update --discover,
Boost discovers and publishes these to the consuming project's coding agents automatically.
Checks
This package validates your Laravel installation against the following checks:
Testing & Quality Tools
usesPest()- Validates Pest testing framework is configured (not PHPUnit directly)- 🔧
usesRector()- Validates Rector automated code modernization is installed (partial: fixes ci-lint script if packages installed) usesLarastan()- Validates Larastan static analysis tool is configuredusesPhpstanExtensions()- Validates PHPStan extensions are installedphpstanLevelAtLeastEight()- Validates PHPStan is configured to at least level 8- 🔧
usesPhpInsights()- Validates PHP Insights is configured: ci-lint scripts anddisable-security-check => trueinconfig/insights.php(partial: fixes ci-lint scripts if package installed) - 🔧
checkPhpunit()- Validates PHPUnit configuration with coverage reports (adds missing XML nodes and APP_KEY) - 🔧
hasRectorConfigWithComposerBased()- Validates RectorwithComposerBased(phpunit, symfony, laravel)is configured (appends call to rector.php) - 🔧
hasRectorConfigWithConfiguredRules()- Validates RectorwithConfiguredRule()calls are present forRouteActionCallableRectorandWhereToWhereLikeRector(appends calls to rector.php) - 🔧
hasRectorConfigWithPreparedSets()- Validates RectorwithPreparedSets(deadCode, codeQuality, codingStyle, typeDeclarations, privatization, instanceOf, earlyReturn)is configured (appends call to rector.php) - 🔧
hasRectorConfigWithImportNames()- Validates RectorwithImportNames(importShortClasses: false)is configured (appends call to rector.php) - 🔧
hasRectorConfigWithPhpSets()- Validates RectorwithPhpSets()is called (appends call to rector.php) - 🔧
hasRectorConfigWithAttributesSets()- Validates RectorwithAttributesSets()is called (appends call to rector.php) - 🔧
hasRectorConfigWithSetProviders()- Validates RectorwithSetProviders(LaravelSetProvider)is configured (appends call to rector.php) - 🔧
hasRectorConfigWithRules()- Validates RectorwithRules([AddGenericReturnTypeToRelationsRector, MinutesToSecondsInCacheRector, UseForwardsCallsTraitRector])is configured (appends call to rector.php) - 🔧
hasRectorConfigWithSets()- Validates RectorwithSets([LaravelBaselineSetList::REMOVE_DEFAULT_DOCBLOCKS, LaravelSetList::LARAVEL_*])is configured with all required sets (appends call to rector.php) - 🔧
hasRectorConfigWithPaths()- Validates RectorwithPaths([app, database, routes, tests])is configured (appends call to rector.php) - 🔧
hasRectorConfigWithSkip()- Validates RectorwithSkip()contains required skipped rules (always: 6 Laravel rules; Laravel 13+: TablePropertyToTableAttributeRector; when server.php exists: ServerVariableToRequestFacadeRector) (appends call to rector.php)
IDE & Developer Tools
- 🔧
hasEditorconfig()- Validates.editorconfigexists with required settings (root = true,charset,end_of_line,indent_style,insert_final_newline,trim_trailing_whitespace) (creates.editorconfigwith canonical content if missing or incomplete) - 🔧
hasClaudeSettingsWithLaravelSkills()- Validates Claude Code settings include the Laravel agent skills plugin and marketplace (creates/merges.claude/settings.json) - 🔧
doesNotHaveLaravelSimplifierInClaudeSettings()- Fails if the deprecatedlaravel-simplifier@laravelplugin is still enabled in.claude/settings.json(removes the entry) - 🔧
deniesEnvReadsInClaudeSettings()- Validates.claude/settings.jsonpermissions.denyblocks reading.envplus every environment that ships an encrypted file (each.env.{env}.encryptedin the project root requires denying.env.{env});.env.examplestays readable (merges the deny entries) - 🔧
allowsToolingInClaudeSettings()- Validates.claude/settings.jsonpermissions.allowincludes the DDEV dev-loop commands (ddev composer run ci-lint,ddev composer test, and safe artisan commands:test,make:*,route:list,about,config:show,ide-helper,optimize:clear,cache:clear,config:clear,route:clear,view:clear) so the dev loop runs without prompts (merges the allow entries) - 🔧
runsCiLintHookInClaudeSettings()- Validates.claude/settings.jsonhas aStophook runningddev composer run ci-lint(appends the hook) - 🔧
usesIdeHelpers()- Validates Laravel IDE Helper is configured:post-update-cmdrunside-helper:generate,ide-helper:models, andide-helper:meta, and.gitignoreignores the generated_ide_helper.php,_ide_helper_models.php, and.phpstorm.meta.phpfiles (partial: adds post-update scripts and gitignore entries if package installed) usesLaravelAdminer()- Warns if Laravel Adminer database UI is missing (optional), validates TFA confirmation and configuration when installed- 🔧
usesLaravelBoost()- Validates Laravel Boost AI development tool (partial: fixes boost.json and post-update script if package installed) - 🔧
laravelBoostMcpUsesDdev()- Validates.mcp.jsonconfigures thelaravel-boostMCP server to useddev artisan boost:mcp(creates/fixes.mcp.json; warns iflaravel/boostnot installed) runsBoostUpdate()(periodic, every 30 days) - Warns if Laravel Boost is not installed; when installed, fails until a developer confirms runningphp artisan boost:update --discovervialimenet:laravel-baseline:periodicfollowsModernLaravelIdioms()(periodic, every 30 days) - On Laravel ≥12.45, fails until a developer confirms (vialimenet:laravel-baseline:periodic) that cache/session calls use typed getters (Cache::string()etc.) and pass BackedEnum cases directly as keys, by running theauditing-laravel-idiomsskill- 🔧
usesLimenetPintConfig()- Validates custom Laravel Pint formatting standards (partial: adds post-update script if package installed)
Laravel Features & Monitoring
- 🔧
usesLaravelHorizon()- Validates Laravel Horizon Redis queue manager (partial: adds ci-deploy-post script if package installed) usesLaravelPennant()- Warns if Laravel Pennant feature flags are missing (optional)- 🔧
usesLaravelPulse()- Validates Laravel Pulse application monitoring (partial: adds PULSE_ENABLED=false to phpunit.xml if package installed) - 🔧
usesLaravelTelescope()- Validates Laravel Telescope request debugging (partial: adds post-update script and TELESCOPE_ENABLED=false to phpunit.xml if package installed) usesSpatieHealthSetup()- Validates Spatie Health packages, schedules, s3_health disk, and result store configuration- 🔧
usesSpatieHealthHasCoreChecks()- Validates core health checks (CacheCheck, CpuLoadCheck, DatabaseCheck, DatabaseConnectionCountCheck, DebugModeCheck, EnvironmentCheck, HorizonCheck, QueueCheck, RedisCheck, ScheduleCheck, UsedDiskSpaceCheck) are registered (adds missing checks to Health::checks() in AppServiceProvider) - 🔧
usesSpatieHealthHasLaravelVersionCheck()- Validates LaravelVersionCheck is registered in Health::checks() (adds to AppServiceProvider) - 🔧
usesSpatieHealthHasPhpVersionCheck()- Validates PhpVersionCheck is registered in Health::checks() (adds to AppServiceProvider) - 🔧
usesSpatieHealthHasReleaseAgeCheck()- Validates ReleaseAgeCheck is registered in Health::checks() (adds to AppServiceProvider) usesSpatieHealthCacheCheckCacheStore()- Validates CacheCheck uses the dedicated 'health-checks' cache store via->driver('health-checks')in AppServiceProvider and config/cache.phpusesSpatieHealthQueueCheckCacheStore()- Validates QueueCheck: DispatchQueueCheckJobsCommand is scheduled everyMinute(), uses the dedicated 'health-checks' file cache store in AppServiceProvider and config/cache.phpusesSpatieHealthQueueCheckHorizonQueues()- Validates QueueCheck registers all queues from config/horizon.php via onQueue() (requires laravel/horizon)usesSpatieHealthScheduleCheckCacheStore()- Validates ScheduleCheck uses the dedicated 'health-checks' cache store in both AppServiceProvider and config/cache.php- 🔧
usesSpatieHealthScheduleCheckHeartbeat()- Validates ScheduleCheck is configured withheartbeatMaxAgeInMinutes(2)to prevent false positives (appends the call to ScheduleCheck in AppServiceProvider) usesSpatieBackup()- Validates Spatie Backup database backups with comprehensive config validation
Infrastructure & Dependencies
usesPredis()- Validates Predis Redis client is installedisLaravelVersionMaintained()- Validates Laravel 11+ is used- 🔧
doesNotUseSail()- Validates Sail is NOT used (partial: deletes docker-compose.yml; runcomposer remove laravel/sailmanually) doesNotUseSpatiePasskeysWithFortify()- Fails if bothspatie/laravel-passkeysandlaravel/fortifyare installed, as they overlap in authentication responsibilitydoesNotUseHorizonWatcher()- Validates Spatie Horizon Watcher is NOT installed- 🔧
doesNotUseGreaterThanOrEqualConstraints()- Validates no>=version constraints in composer.json (use^or~instead) (replaces>=X.Ywith^X.Yin composer.json)
CI/CD & Deployment
hasCiJobs()- Validates GitLab CI pipeline jobs are properly configured- 🔧
hasTrivyConfig()- Validates Trivy security scanning CI job,trivy.yaml(scanners, skip-files, skip-dirs, ignorefile, cache.dir, telemetry/VEX/dependency-tree flags), presence of.trivyignore.yaml, and.trivycache/in.gitignore(creates/merges trivy.yaml, creates an empty .trivyignore.yaml, appends to .gitignore, and adds CI job) callsSentryHook()- Warns if Sentry error tracking is missing (optional)phpVersionMatchesCi()- Validates PHP version consistency with CI configurationisCiLintComplete()- Validates complete linting pipelinedoesNotUseIgnition()- Validates Ignition debugger is NOT installed
Local Development
phpVersionMatchesDdev()- Validates PHP version consistency with DDEV- 🔧
ddevHasPcovPackage()- Validates DDEV coverage configuration (adds pcov to webimage_extra_packages and creates .ddev/php/90-custom.ini) ddevHasRedisAddon()- Validates DDEV Redis addon is installed and at minimum version 2.2.0- 🔧
ddevMutagenIgnoresNodeModules()- Validates DDEV Mutagen sync configuration (creates mutagen.yml and fixes .gitignore) updatesDdevAddons()- Fails if any installed DDEV add-on (.ddev/addon-metadata/*/manifest.yaml) has aninstall_dateolder than 3 months; comment shows theddev add-on get <repository>command to refresh each stale add-on
Build & Release
- 🔧
bumpsComposer()- Validates automatic composer dependency bumping (addscomposer bumpto post-update-cmd) - 🔧
usesReleaseIt()- Validates automated release management (partial: creates/fixes .release-it.json and adds release npm script if packages installed) hasNpmScripts()- Validates required npm build scripts
Security & Configuration
- 🔧
modelShouldBeStrict()- ValidatesModel::shouldBeStrict()is called in AppServiceProvider withtrue, no argument, or a dynamic expression (notfalse) (addsModel::shouldBeStrict(! app()->isProduction())to boot()) - 🔧
formRequestFailOnUnknownFields()- ValidatesFormRequest::failOnUnknownFields()is called in AppServiceProvider (Laravel ≥13.6 only; warns on older versions) (addsFormRequest::failOnUnknownFields(! app()->isProduction())to boot()) hasDailyLogging()- Validates logging usesdailychannel (directly or viastack)hasEncryptedEnvFile()- Validates encrypted environment file existsusesReadableEncryptedEnvFile()- Validates the encrypted env file uses the readable line-per-variable format produced byddev artisan env:encrypt --readable(variable names stay visible in diffs), not the opaque blob format. Passes when no encrypted file exists (existence ishasEncryptedEnvFile's concern).doesNotPinOldMailTemplate()- Fails if a published mail view that pins the old template (resources/views/vendor/mail/html/themes/default.cssorhtml/header.blade.php) exists, preventing adoption of Laravel's modernized mail template.- 🔧
callsBaseline()- Validates self-validation runs after updates (adds/upgrades post-update-cmd entry to include--fix) doesNotCallPeriodicBaselineOnUpdate()- Fails ifphp artisan limenet:laravel-baseline:periodicis in thepost-update-cmdscripts (it shouldn't be — periodic checks fail CI automatically when expired)- 🔧
doesNotHaveGuidelinesScript()- Fails if the removedphp artisan limenet:laravel-baseline:guidelinescommand is still inpost-update-cmd(removed in v2.1.0) (removes the entry from composer.json) - 🔧
isInstalledAsRegularDependency()- Validateslimenet/laravel-baselineis inrequire(notrequire-dev) (moves from require-dev to require in composer.json) - 🔧
usesLaravelLang()- Validateslaravel-lang/langdev dependency is installed withlang:updateand pint in post-update scripts (partial: adds post-update scripts if package in require-dev)
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.
limenet/laravel-baseline 适用场景与选型建议
limenet/laravel-baseline 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.08k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2025 年 08 月 22 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「laravel」 「Linus Metzler」 「laravel-baseline」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 limenet/laravel-baseline 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 limenet/laravel-baseline 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 limenet/laravel-baseline 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Implementation of Canada Post API
Alfabank REST API integration
Momo php library is small php package that helps developers to integrate the momo api their project (s).
Take extraordinary programmatic control of Magento's XML configs using event observers.
Zero footprint Module testing for Magento Modules
统计信息
- 总下载量: 1.08k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 20
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-08-22