Best of LaravelMarch 2026

  1. 1
    Article
    Avatar of lnLaravel News·6w

    Ward: A Security Scanner for Laravel

    Ward is a Go-based command-line security scanner built specifically for Laravel projects. It parses Laravel's structure (routes, models, controllers, Blade templates, config files, env vars, dependencies) and runs four targeted scan engines: env-scanner, config-scanner, dependency-scanner (using live OSV.dev data), and a rules-scanner with 42 built-in rules covering secrets, injection, XSS, weak crypto, and more. It features a terminal UI, multiple output formats (JSON, SARIF, HTML, Markdown), CI/CD integration with exit-code gating, baseline management to track acknowledged findings, custom rule support, and scan history diffing.

  2. 2
    Article
    Avatar of laravelLaravel·6w

    Laravel February Product Updates

    Laravel's February 2026 updates span the entire ecosystem. The Framework 12.x gained AI SDK provider default model configuration via config/ai.php, a new Svelte starter kit with Inertia, and VS Code test runner integration. Laravel Cloud launched a fully programmable API for managing deployments, databases, and scaling (useful for CI/CD and AI agents), a new CLI, and issued a MySQL 8.0 end-of-life notice urging upgrades to 8.4 LTS before April 2026. Laravel Forge added npm private package support with automatic .npmrc management, MySQL 9.x support for new servers, and an OpenClaw server type. Laravel Nightwatch introduced an MCP server for querying observability data from your editor, Linear integration for issue tracking, sort-by-occurrences for exceptions, and per-user filtering across requests, jobs, and logs.

  3. 3
    Article
    Avatar of lnLaravel News·4w

    Circuit Breaker for Laravel

    The circuit-breaker package for Laravel implements the circuit breaker pattern to prevent cascading failures when downstream services are unavailable. It supports three circuit states (closed, open, half-open), named circuits for per-service isolation, lifecycle callbacks (onOpen, onSuccess, onFailure), and Guzzle middleware integration via an X-Circuit-Key header. Service calls are wrapped with a run() method, and the circuit automatically decides whether to allow, block, or test each call based on current state.

  4. 4
    Article
    Avatar of lnLaravel News·6w

    The Inertia v3 Beta is Here

    Inertia v3 beta introduces major new features and breaking changes. Key additions include a built-in XHR HTTP client (making Axios optional), a new useHttp hook for standalone HTTP requests, optimistic update support across router/useForm/useHttp with automatic rollback, instant visits for immediate navigation feel, URL fragment preservation across redirects, SSR support in Vite dev mode, and a progress bar rewritten with the Popover API. Breaking changes include dropping support for React below v19, Svelte 4, Node.js below v24, and CommonJS builds. Several APIs have been renamed or removed. The release is not recommended for production use yet.

  5. 5
    Article
    Avatar of lnLaravel News·4w

    Browse and Execute Artisan Commands from an Interactive TUI

    Artisan Browse is a Laravel package by Josh Embling that provides an interactive terminal UI (TUI) for discovering, searching, and executing Artisan commands without leaving the terminal. Key features include searchable command lists with descriptions, namespace filtering, step-by-step argument and option prompts, a command preview before execution, configurable blacklists and scroll behavior, and an auto-execute option. It is intended for local development use only.

  6. 6
    Article
    Avatar of lnLaravel News·6w

    Filament v5.3.0 Released with Deferred Tab Badges and Column Manager Improvements

    Filament v5.3.0 introduces ten new features for the Laravel admin panel framework. Key additions include deferred tab badge loading to avoid expensive database queries on page load, column manager support for modal and slideover display modes, RichEditor plugin enhancements allowing custom file attachment providers and toolbar button control, and sort loading indicators on table columns. Other improvements include rate limiting by user ID and email, UnitEnum support for navigation groups, a new Callout controls slot, additional Tailwind CSS color options, and expanded resource configuration. Two bug fixes address sidebar state restoration and a missing chart widget translation.

  7. 7
    Article
    Avatar of laravelLaravel·5w

    Inertia.js v3 Is Now in Beta

    Inertia.js v3 is now in beta with several major changes. Axios has been removed in favor of a built-in XHR client, reducing bundle size. A new @inertiajs/vite plugin eliminates boilerplate by automatically handling page resolution, lazy-loading, and SSR setup. SSR now works during development without a separate Node.js process. New features include optimistic updates via a chainable optimistic() method, instant page visits, a useHttp hook for standalone HTTP requests, and a useLayoutProps hook for passing data between layouts and pages. Exception handling is improved with handleExceptionsUsing(). Breaking changes include requirements for PHP 8.2+, Laravel 11+, React 19+, and Svelte 5+, plus ESM-only package distribution.

  8. 8
    Article
    Avatar of lnLaravel News·3w

    Liminal: A Browser-Based IDE for Laravel Powered by WebAssembly

    Liminal is a browser-based IDE that runs PHP 8.4 via WebAssembly, enabling full Laravel development without any local installation or server setup. It includes a code editor with syntax highlighting (CodeMirror 6), a preview pane with Tailwind CSS v4, an Artisan terminal, and an OpenAI-powered AI agent. Notable features include shareable URLs that encode file state, GitHub import, zip export, and local folder sync via the File System Access API. Limitations include no external network access from PHP, SQLite-only database support, a fixed vendor directory, and slower-than-native performance. The project is built with Vue 3, TypeScript, Vite, and Tailwind CSS v4.

  9. 9
    Article
    Avatar of laraveldevLaravel Dev·6w

    Introducing Lettr — Email API for Artisans

    Lettr is a new Laravel-first email API and transactional email service built by the team behind Topol.io and DMARCeye.com. It offers a native Laravel package installable via Composer, a drag-and-drop template editor, Blade template support, a delivery and open-rate dashboard, deliverability alerts, dedicated IPs with automatic warmup, and one-click DKIM/SPF setup. Launching in public beta with a free Hobby tier of 3,000 emails/month and no credit card required.

  10. 10
    Article
    Avatar of collectionsCollections·4w

    Laravel 13: PHP 8.3 required, native Attributes, AI SDK, and vector search

    Laravel 13 is released with PHP 8.3 as the minimum requirement. The headline feature is 36 new native PHP attributes covering Eloquent models, queue jobs, Artisan commands, and routing — usable as an opt-in alternative to traditional class properties. The first-party AI SDK (text generation, tool-calling, embeddings, vector store) is now officially stable, as is native JSON:API resource support. New additions include semantic/vector search via pgvector for PostgreSQL, centralized queue routing with Queue::route(), and Cache::touch() for TTL extension. The Laravel Boost installer also gains an AI-assisted upgrade command as an alternative to Laravel Shift. Laravel 11 loses security fix support with this release.

  11. 11
    Article
    Avatar of laravelLaravel·4w

    Managed Databases Are Now Available in Laravel Forge

    Laravel Forge now offers fully managed PostgreSQL clusters provisioned directly from the Forge dashboard. Features include automated daily backups, point-in-time recovery (7-day window), high availability with 99.95% uptime SLA, read replicas, real-time monitoring, and configurable maintenance windows. Clusters are billed hourly with costs based on compute size, storage, and whether high availability is enabled. Managed databases integrate with existing Forge servers via private networking or optional public access, eliminating the need for separate database provider accounts.

  12. 12
    Article
    Avatar of socketdevSocket·6w

    Malicious Packagist Packages Disguised as Laravel Utilities ...

    Socket's Threat Research Team discovered a remote access trojan (RAT) distributed through three Packagist packages by threat actor nhattuanbl, disguised as Laravel utilities. The packages nhattuanbl/lara-helper and nhattuanbl/simple-queue contain an identical obfuscated PHP RAT payload in helper.php, while nhattuanbl/lara-swagger acts as a clean-looking vector that silently pulls in lara-helper as a Composer dependency. Once loaded, the RAT connects to a C2 server, supports shell execution, file read/write, screenshots, and system reconnaissance, and runs persistently in the background. The payload uses goto spaghetti, hex/octal string encoding, and randomized identifiers to evade static analysis. Affected hosts should be treated as fully compromised, with all secrets rotated and the payload removed. Key takeaways: transitive dependencies deserve the same scrutiny as direct installs, and dev-master constraints are high-risk in production.

  13. 13
    Article
    Avatar of lnLaravel News·3w

    New Expressive Model Attributes in Laravel 13.2.0

    Laravel 13.2.0 introduces several developer experience improvements. New symmetrical PHP attributes for Eloquent models (e.g., #[DateFormat], #[WithoutTimestamps]) replace multi-parameter attributes with single-purpose ones. Queue attributes #[Queue] and #[Connection] now accept backed enums directly without calling ->value. The withoutOverlapping() method gains a releaseOnSignal parameter to release overlap locks on process termination signals. UniqueConstraintViolationException now exposes column and index details per database driver. Other improvements include variadic #[Backoff] attribute support, magic factory methods accepting multiple arrays, schedule:list timezone fixes, and various bug fixes across queues, models, collections, HTTP streaming, and testing.

See all Laravel archives