In this section you can read posts I've written myself.
We just released laravel-screenshot, a new package to take screenshots of web pages in Laravel apps.
It uses a driver-based architecture, so you can choose between Browsershot (which requires you to install Chromium) and Cloudflare Browser Rendering (which can be used on environments like Laravel Cloud).
Let me walk you through the package.
Laravel's built-in authorization is great when permissions are defined in code. With gates and policies, you can write logic like this:
// Defined in code, requires a deploy to change
Gate::define('edit-posts', function (User $user) {
return $user->is_admin;
});
But in some projects roles and permissions are dynamic: created by users, managed through an admin panel, or changed at runtime without deploying code. Our Laravel Permission package can help you dynamically create roles and permissions.
We just released v7 which doesn't bring any new features, but cleans up the internal code and modernizes it. Let me walk you through what the package can do.
I write about Laravel, PHP, AI and building better software.
Every two weeks, I share practical tips, tutorials, and behind-the-scenes insights from maintaining 300+ open source packages. Join thousands of developers who read along.
No spam. Unsubscribe anytime. You can also follow me on X.
A while ago, we released laravel-pdf, a package to generate PDFs in Laravel apps.
Under the hood, it used Browsershot (and therefore Puppeteer/Chrome) to convert HTML to PDF. That approach works great, but it does require Node.js and a headless Chrome binary on your server.
Last week, my buddy Dries shared on X how to generate PDFs using Cloudflare services. This way doesn’t require Node or any binaries. Very neat! This unlocks PDF generation for environments where Node or Chrome cannot be installed easily, like Laravel Cloud.
To support this way of rendering a PDF, we’ve released a new major release (v2) of Laravel PDF. The package now ships with three drivers: Browsershot, Cloudflare Browser Rendering, and DOMPDF. You can also create your own driver. On top of that, we've added queued PDF generation and the ability to set PDF metadata. And to let your AI understand our package, we've added a Laravel Boost skill.
Let me walk you through all of it.
Original – – myray.app
Ray 3.0 is here! Completely rebuilt for better performance (60% less memory), a fresh new look, message archiving, and MCP support so AI agents can interact with Ray directly.
Read more [myray.app]
At Laracon India, I launched a major update of Ray. For that talk, I needed a little demo project to showcase Ray. I built a simple website about a then-fictional mobile app to play a Scrabble-like word game called WordStockt.
But then I got curious: how far could I push AI-assisted development? Could I actually just create the whole game? After about 10 days, WordStockt is a fully functional word game that's 98% vibe-coded. It's available for iOS and Android. In this post, I'd like to tell you more about it.
If you're using AI tools like Claude Code to help write code, you've probably noticed they don't automatically know your team's coding conventions. The AI might write perfectly valid PHP, but it won't follow your specific style guide unless you tell it to. That's the problem Laravel Boost solves. It…
For years, my git history contains "wip" commit messages. I don't really often use git history myself, but my colleagues do. And when they're trying to understand a change I made six months ago, "wip" tells them absolutely nothing. Might as well not have commit messages at all.
I knew I should write better commit messages, but the friction was real. Stopping to think about how to summarize my changes felt like it broke my flow. So I kept typing "wip".
Now, I have a bash function in my dotfiles that uses Claude to generate commit messages for me.
I'm excited to share that we've released a new package called spatie/laravel-url-ai-transformer. This one can get the content of a webpage and transform it into something else using AI.
In this blog post, I'd like to share why I've created it and how you can use it.
Every once in a while, someone opens a PR on one of our open source packages adding a down function to the migration. I usually close those PRs fast with a thank you and a message “We don’t use down migrations in our projects”.
While down migrations might seem like a safety net, they're often a false comfort that potentially creates more problems than they solve.
Instead of explaining this in every PR separately, let me share why we don't write down migrations and what we do instead.
A critical security vulnerability was just disclosed for Livewire v3, as Stephen Rees-Carter wrote about on Securing Laravel. The vulnerability (CVE-2025-54068) allows unauthenticated attackers to achieve remote code execution in specific scenarios. What makes this particularly concerning is that exploitation doesn't require authentication or user interaction - just a component mounted and configured in a particular way.
This vulnerability affects all Livewire v3 versions up to 3.6.3. If you're running any version in that range, attackers could potentially run arbitrary PHP code on your server. Stephan warns us the open-source nature of the fix means attackers may already be reverse-engineering the patch to identify and abuse the exploit.
Many production apps are probably running vulnerable versions right now, with their developers completely unaware. This is where automated security monitoring becomes invaluable - using Laravel Health to check for vulnerabilities, and optionally services like Oh Dear to send you notifications when issues are detected.
We just tagged stable release for two new spatie packages: spatie/ping and spatie/simple-tcp-client. In this blogpost, I'd like to share why these were developed and how you can use them.
Original – – ohdear.app
In this post, I'll share how I'm using PHPStan's type aliases feature to make validation rule typehints more readable and maintainable in our Laravel application.
Read more [ohdear.app]
Original – – spatie.be
Our new package gives you everything you need to build a secure one-time password auth flow.
Read more [spatie.be]
Original – – spatie.be
I’m proud to announce that we’ve released a new package called spatie/laravel-passkeys that makes adding passkeys to a Laravel app as easy as it can be.
Read more [spatie.be]
A couple of years ago, Laravel introduced a great feature which allows to run PHPUnit / Pest tests in parallel. This results in a big boost in performance.
By default, it determines the concurrency level by taking a look at the number of CPU cores your machine has. So, if you're using a modern Mac that has 10 CPU cores, it will run 10 tests at the same time, greatly cutting down on the time your testsuite needs to run completely.
A default runner on GitHub doesn't have that many cores, so you can't leverage parallel testing as good as in your typical local environments.
In this blog post, I'd like to show you a way of running your tests on GitHub, by splitting them up in small chunks that can run concurrently.
We use this technique at Oh Dear to cut down the running time of our vast testsuite from 16 minutes to only just 4. In this blog post all examples will come from the Oh Dear code base.
Here's the recording of the talk I did at this years Laracon India. In this talk, I show how we use our laravel-multitenancy package to make Mailcoach tenant aware. Enjoy!
We’ve released a new package called spatie/pest-plugin-route-testing. This package can test all common routes in your Laravel app by writing a single test.
In this blog post, I’d like to tell you all about it.
We’ve published a new package called livewire-filepond, which contains a component to easily upload files.
Under the hood, Filepond, a powerful JavaScript library to upload files, is used.
When Laravel switched to a simpler exception page, the ability to display solutions for an exception was lost.
Our latest package, called spatie/laravel-error-solutions brings back that powerful feature. When installed, it will display solutions for most common exceptions.
Here’s how that looks it:
And yes, some solutions, like the one in the screenshot above, can be executed on the exception page too.
In this blog post, I’d like to tell you all about it!
Here's the recording of the keynote at this year's PHPUKConference.