Freek.dev

We're proud to release v3 of laravel-site-search, a package that crawls and indexes your entire site. Think of it as your own private Google. Point it at a URL, let it crawl every page, and get full-text search results back.

Previous versions required Meilisearch as the search engine. That works well, but it means running a separate service.

With v3, your application's own database is all you need. It supports SQLite, MySQL, PostgreSQL, and MariaDB out of the box, and it's the new default.

Let me walk you through it.

Read more

We just released v10 of laravel-backup, our package that creates backups of your Laravel app. The backup is a zip file containing all files in the directories you specify, along with a dump of your database. You can store it on any of the filesystems Laravel supports, and you can even back up to…

Read more

Our spatie/crawler. package is one of the first one I created. It allows you to crawl a website with PHP. It is used extensively in Oh Dear and our laravel-sitemap package.

Throughout the years, the API had accumulated some rough edges. With v9, we cleaned all of that up and added a bunch of features we've wanted for a long time.

Let me walk you through all of it!

Read more

When you share a link on Twitter, Facebook, or LinkedIn, the platform shows a preview image. Getting those Open Graph images right usually means either using an external service or setting up a separate rendering pipeline. We just released laravel-og-image, a package that lets you define your OG image as HTML right inside your Blade views. The package takes a screenshot of that HTML and serves it as the OG image. No external API needed, everything runs on your own server.

Let me walk you through what the package can do.

Read more

At Flare, we track errors and monitor performance for your applications. Until now, that meant opening the Flare dashboard in your browser whenever you wanted to check on things.

We just released the Flare CLI, a command-line tool that lets you manage your errors, projects, and performance monitoring data directly from the terminal. It also ships with an agent skill that lets AI coding agents like Claude Code and Cursor use Flare on your behalf. And the fun part: the entire CLI was built with almost no hand-written code, generated from our OpenAPI spec.

Let me walk you through how to install and use the CLI.

Read more

PHP 8.0 introduced attributes, and they're a great way to add structured metadata to classes, methods, properties, constants, and parameters. The concept is solid, but the reflection API you need to actually read them is surprisingly verbose. What should be a simple one-liner ends up being multiple lines of boilerplate every time. And if you want to find all usages of an attribute across an entire class, you're looking at deeply nested loops.

We just released spatie/php-attribute-reader, a package that gives you a clean, static API for all of that. Let me walk you through what it can do.

Read more

We just published a new package called Laravel OpenAPI CLI that turns any OpenAPI spec into dedicated Laravel artisan commands. Each endpoint gets its own command with typed options for path parameters, query parameters and request bodies.

Let me walk you through what the package can do.

Read more

Our laravel-responsecache package speeds up your app by caching entire responses on the server. When the same page is requested again, the cached response is served without hitting your controller at all.

We just released v8, a new major version with a powerful new feature: flexible caching. It uses a stale-while-revalidate strategy, so that every visitor gets a fast response, even when the cache is being refreshed.

Let me walk you through it.

Read more

We just released laravel-screenshot, a new package to take screenshots of web pages in Laravel apps.

It uses a driver-based architecture, so you can choose between Browsershot (which requires you to install Chromium) and Cloudflare Browser Rendering (which can be used on environments like Laravel Cloud).

Let me walk you through the package.

Read more

Laravel's built-in authorization is great when permissions are defined in code. With gates and policies, you can write logic like this:

// Defined in code, requires a deploy to change
Gate::define('edit-posts', function (User $user) {
    return $user->is_admin;
});

But in some projects roles and permissions are dynamic: created by users, managed through an admin panel, or changed at runtime without deploying code. Our Laravel Permission package can help you dynamically create roles and permissions.

We just released v7 which doesn't bring any new features, but cleans up the internal code and modernizes it. Let me walk you through what the package can do.

Read more

A while ago, we released laravel-pdf, a package to generate PDFs in Laravel apps.

Under the hood, it used Browsershot (and therefore Puppeteer/Chrome) to convert HTML to PDF. That approach works great, but it does require Node.js and a headless Chrome binary on your server.

Last week, my buddy Dries shared on X how to generate PDFs using Cloudflare services. This way doesn’t require Node or any binaries. Very neat! This unlocks PDF generation for environments where Node or Chrome cannot be installed easily, like Laravel Cloud.

To support this way of rendering a PDF, we’ve released a new major release (v2) of Laravel PDF. The package now ships with three drivers: Browsershot, Cloudflare Browser Rendering, and DOMPDF. You can also create your own driver. On top of that, we've added queued PDF generation and the ability to set PDF metadata. And to let your AI understand our package, we've added a Laravel Boost skill.

Let me walk you through all of it.

Read more

If you're using AI tools like Claude Code to help write code, you've probably noticed they don't automatically know your team's coding conventions. The AI might write perfectly valid PHP, but it won't follow your specific style guide unless you tell it to. That's the problem Laravel Boost solves. It…

Read more

I'm excited to share that we've released a new package called spatie/laravel-url-ai-transformer. This one can get the content of a webpage and transform it into something else using AI.

In this blog post, I'd like to share why I've created it and how you can use it.

Read more

A critical security vulnerability was just disclosed for Livewire v3, as Stephen Rees-Carter wrote about on Securing Laravel. The vulnerability (CVE-2025-54068) allows unauthenticated attackers to achieve remote code execution in specific scenarios. What makes this particularly concerning is that exploitation doesn't require authentication or user interaction - just a component mounted and configured in a particular way.

This vulnerability affects all Livewire v3 versions up to 3.6.3. If you're running any version in that range, attackers could potentially run arbitrary PHP code on your server. Stephan warns us the open-source nature of the fix means attackers may already be reverse-engineering the patch to identify and abuse the exploit.

Many production apps are probably running vulnerable versions right now, with their developers completely unaware. This is where automated security monitoring becomes invaluable - using Laravel Health to check for vulnerabilities, and optionally services like Oh Dear to send you notifications when issues are detected.

Read more

We just tagged stable release for two new spatie packages: spatie/ping and spatie/simple-tcp-client. In this blogpost, I'd like to share why these were developed and how you can use them.

Read more