laravel

All my posts about laravel.

php spatie package testing best practices

Prompt-Injection Guardrails in Laravel: Defend the Tools, Not the Prompt

Jun 11th 2026 – mujahidabbas.dev - submitted by Muhammad Mujahid Abbas

You can't out-prompt an attacker — to the model, your system instructions and a malicious support ticket are the same text. So stop defending the prompt and lock down the boundaries you actually control: tools scoped to the authenticated user server-side, middleware that screens and logs, output handled as untrusted input, a human in front of anything irreversible, and a fake-free test that fails CI the moment someone drops the auth scope.

Logging is here!

Jun 9th 2026 – flareapp.io

Flare now supports log collection for Laravel and PHP apps, with real-time filtering and search in the same polished interface. A nice overview of what logging adds and how to get started with the new SDK release.

Evals in Laravel: How to Prove Your AI Output Is Actually Good

Jun 8th 2026 – mujahidabbas.dev - submitted by Muhammad Mujahid Abbas

Your Agent::fake() tests prove your Laravel AI feature runs — not that its output is any good. This evals a real ticket classifier with the AI SDK: a golden dataset for the fields you can check, an LLM-as-judge for the free text you can't, and a regression gate that catches a bad prompt before your customers do.

Validating distinct data in requests

May 31st 2026 – dyrynda.com.au

Michael Dyrynda shows how Laravel's distinct validation rule can protect nested request payloads from duplicate reference values before they corrupt relationship mapping. He also highlights the strict and ignore_case options for cases where loose comparison is not enough.

The stack behind There There

May 30th 2026 – there-there.app

An inside look at the stack powering There There: Laravel, Inertia, React, TypeScript, Horizon, Reverb, and a bunch of Spatie packages and services. A nice overview of the pragmatic tooling choices behind the product.

Utilizing Claude Skills in client projects

May 18th 2026 – spatie.be

In this post, Dries shows how they use Claude Skills to automate repetitive work in client projects, like generating Saloon requests, DTOs, and Livewire pages. It is a practical look at where these workflows save a lot of time, and where careful review still matters.

Integration testing our Laravel package with a real server and queue

May 16th 2026 – flareapp.io

The Flare team explains how they built end-to-end integration tests for their Laravel package using a real Testbench workbench app, HTTP server, and queue worker. The post also shows how they swapped the sender to write payloads to disk, then built helpers to assert traces, errors, and async job behavior.

Our hackathon project: Live at Spatie

May 13th 2026 – spatie.be

At our latest hackathon, we built Live at Spatie, a Laravel and React wrapper around Owntone that lets the whole team queue music, see what's playing, and control the office speakers. The nicest touch is the Slack bot: thanks to an MCP server powered by laravel/mcp and OpenClaw, you can ask it to queue music right from Slack.

Using the ADR (Action/Domain/Responder) Pattern in Laravel

May 12th 2026 – wendelladriel.com - submitted by Wendell Adriel

Learn what the ADR (Action/Domain/Responder) pattern is and how to apply it in Laravel with a simple, practical example.

Read more [wendelladriel.com]

Flaky Test Retries in Pest v4.5.0

May 10th 2026 – laravel-news.com

Pest v4.5.0 adds first-class support for flaky tests with retries and a dedicated CLI filter. The release also brings a useful casing assertion for catching namespace and file path mismatches, plus a coverage option that hides uncovered files.

Idempotency: What, Why and How

May 7th 2026 – wendelladriel.com - submitted by Wendell Adriel

A deep dive into idempotency, from the theory behind safe retries to a practical Laravel implementation using the Laravel Idempotency package.

Read more [wendelladriel.com]

Reusing your Laravel MCP tools in the Laravel AI SDK

May 6th 2026 – www.exolnet.com - submitted by Alexandre D'Eschambeault

Learn how to reuse your Laravel MCP tools in the Laravel AI SDK using a simple proxy approach, helping you avoid code duplication and making it easier to build AI agents integrated into your Laravel applications.

Event sourcing with a little help from AI

May 5th 2026 – albertoarena.it - submitted by Alberto Arena

A Claude Code skill that helps you design and generate event-sourced domain code for Laravel using spatie/laravel-event-sourcing

Splitting Laravel Boost guidelines across multiple files

May 4th 2026 – laracraft.tech - submitted by Zacharias Creutznacher

Laravel Boost only reads a single core.blade.php per package, so extra sibling files get silently dropped. Here is the minimal pattern for splitting your guidelines into organized partials using a Blade view namespace.

Searching multiple columns with one URL parameter in laravel-query-builder original

May 4th 2026 by Freek Van der Herten – 4 minute read

We just released v7.3.0 of laravel-query-builder, which adds a new way to group multiple filters under a single URL parameter. Before getting into the new feature, let me show you how the basics work, so the new bit makes sense in context.

RBAC in Laravel: A Practical Deep Dive

May 1st 2026 – wendelladriel.com - submitted by Wendell Adriel

A deep dive into Role-Based Access Control, from the theory behind roles and permissions to a practical, team-aware Laravel implementation without external packages.

Read more [wendelladriel.com]

Laravel Route Binding Behind the Curtains

Apr 30th 2026 – wendelladriel.com - submitted by Wendell Adriel

A deep dive into how Laravel transforms raw route segments into models, scoped children, enums, and custom bound values before your controller runs.

Read more [wendelladriel.com]

Announcing laravel-sluggable v4 with self-healing URLs original

Apr 29th 2026 by Freek Van der Herten – 5 minute read

The spatie/laravel-sluggable package has been around for close to a decade. A slug is the readable part of a URL that identifies a record, like announcing-laravel-sluggable-v4-with-self-healing-urls in this post's URL. The package generates one for any Eloquent model when you save it, derived from a title or another text field, and most of the time you don't have to think about it.

We just released v4, which adds a few things worth talking about. Let me walk you through them.

How to monitor your Laravel app for critical vulnerabilities using Oh Dear

Apr 29th 2026 – ohdear.app

This practical guide shows how to use spatie/laravel-health together with Oh Dear to detect vulnerable Composer dependencies in production and get alerted quickly. It also shows how adding composer audit in CI gives you an extra early warning layer.

Generate Apple and Google Wallet passes from Laravel original

Apr 23rd 2026 by Freek Van der Herten – 7 minute read

A mobile pass is that thing in your iPhone's Wallet app. A boarding pass, a concert ticket, a coffee loyalty card, a gym membership. Apple calls them passes. Google calls them objects. Both Wallet apps let you generate them, hand them out, and push live updates to the copy that's already on someone's device.

We just released Laravel Mobile Pass, a package that lets you generate those Apple and Google passes from a Laravel app and send updates to already issues passes.

Together with the package, we also published a demo site where you can create Apple Wallet passes and push an update so you can see it all working on your own iOS device.

Dan Johnson and I have been working on it for a while. Let me walk you through what it can do.

385 articles and 912 curated links about laravel.