Solo Dev
$99 /project
For solo developers with yearly revenue < $50k.
- 131 checks
- 60 days report retention
- Support via Github issues and email
- Laravel versions 6-11 supported
Enlightn scans your Laravel app code to provide you actionable recommendations on improving its performance, security & more.
We'll perform over 100 checks against your application for common issues, and provide actionable feedback for fixing them. Here are some of the things we can take care of.
๐ Query Optimizations
How often do we come across a piece of code with a hidden performance bottleneck? We're not perfect, we're humans after all. Enlightn can scan your code and detect these bottlenecks (much like the one shown here), without ever having to execute the code!
๐ช Performance Tuning
Performance optimizations in code are easier to focus on rather than fine-tuning server configurations. Picture this: minification optimizes about 20% file size, whereas compression headers can save 80%! Enlightn doesn't only look at your code. It also suggests performance tuning configurations!
๐ญ N+1 Query Detection
Static analysis has some limitations. While it is possible to detect optimization opportunities such as aggregation calls on collections instead of the query builder, things like N+1 query detection and detecting memory leaks is either very difficult or impossible using static analysis. Fear not, Enlightn isn't just a static analysis tool. It scans your Telescope records to detect N+1 queries, duplicate queries, slow or memory intensive routes and more!
๐คท Bloat Detection
Laravel has almost everything built-in. But sometimes, it makes us lazy. Have you ever fallen into the trap of just using the Laravel skeleton code rather than cleaning it up for your specific application? Take the example shown here. We might not be using CORS or behind proxies. Enlightn detects this and tells you which middleware are unused and safe to remove.
๐ต๏ธ Vulnerability Scanning
Enlightn has an in-built dependency vulnerability scanner. It scans your package dependencies for known vulnerabilities (both on the frontend and backend) and flags any packages that may need critical security updates or fixes. For instance, Laravel recently released a security fix. Here, Enlightn detects that I need to update my Laravel Framework dependency to receive the security update and stay secure.
โข๏ธ SQL Injection
Enlightn can detect a wide variety of SQL injection vulnerabilities including raw SQL injection, native injection, column name SQL injection and validation rule SQL injection. Consider this code. Even though it looks like a normal validation, it is vulnerable to SQL injection attacks. Don't worry, your friendly neighbourhood consultant is here to help your app stay secure!
๐ Mass Assignment
Laravel's ORM Eloquent has in-built protection against mass assignment but it also has the flexibility to circumvent the protection for specific use cases. Sometimes, these features can leave security holes in your application when misused. Enlightn can of course detect these holes for you!
๐ Directory Traversal
If your application allows users to download files, you need to be very careful about directory traversal attacks. It's actually very difficult for a framework to provide protection out-of-the-box for these kinds of attacks. Don't worry, Enlightn can alert you instantly if any vulnerabilities like the one in the displayed code block exist in your application!
๐ง Code Reliability
Many edge cases don't really popup in testing and are only discovered when reported by customers. Check out the code shown here. When a customer uploads two files at once in your form, this code would error out. Enlightn detects such edge cases and reports them to you before they happen.
โ Detecting Misconfigurations
Sometimes, misconfigurations can lead to errors that go un-noticed. For instance, say your app sets a queue retry-after value that is below your queue timeout value. This can cause your jobs to be processed twice or the worker to crash, and these issues are very hard to detect. But Enlightn has some Yoda abilities!
๐ป Dead Routes & Dead Code
Maintaining code over time can cause issues such as dead routes or dead code. Dead routes are routes directed to controllers or methods that don't exist (may have been deleted). Dead code is unreachable code. All of these "ghosts" make your application difficult to read. Enlightn helps you clean up all that mess!
๐ Detection of Bad Practices
Sometimes we end up copy pasting some code from a blog or a website that of course works for our application but is a bad practice that can hurt us later on. Consider the code here. When you're using a robust framework like Laravel, you shouldn't really be using native functions to create cookies. Why? Because then your cookies won't be encrypted and your cookie security attributes won't be applied. Enlightn has superhuman powers to flag these for you!
Enlightn works locally, in your CI/CD pipeline and also enables you to work together with team mates.
Get started with our open-source Enlightn package, or upgrade to Enlightn Pro to get double the advice.
$99 /project
For solo developers with yearly revenue < $50k.
$199 /project
No limits on team members or project revenue/size.
$499 /project
No limits on team members or project revenue/size.
Yes! Currently, the only limitation is the number of checks. The Github open source version has 67 checks today, whereas the Pro version has 131 checks. We will however, continue to show our โค and support for the free version forever, and would even likely add more checks going forward!
Currently, the difference is that the OSS version has 67 checks and the Pro version has 131 checks. Check out the docs to know which additional checks are supported on the Pro version.
Pro users also have access to the Enlightn Github bot that can automatically review your pull requests and comment on any code that introduces new issues. Also, while OSS users can use the web UI for free, Pro Business & Enterprise license users can also invite team members to collaborate on their projects.
Unlike other packages, Enlightn does not have any overhead on your application. It does not record queries or log anything or even boot any services. So, it can be safely installed on both dev and production environments.
In fact, it is recommended to run Enlightn on production as well because it doesn't only scan your code but also checks things such as web server or service configurations.
Symfony Insights was built for Symfony and not Laravel projects. Enlightn was built specifically with Laravel in mind.
In terms of scope, we like to believe that Enlightn has a much broader scope than Symfony Insights because it's not just a static analysis tool but much beyond that. An example is that Symfony Insights does not contain any performance checks.
You can support us in many ways. The best way is to grab a Pro license, and get double the value Enlightn open-source provides. Besides that, you can submit PRs to Enlightn OSS by adding/improving checks, and spread the word to let us help more people. Thanks! โค
While some of our checks are powered by static analysis, Enlightn does so much more. We provide dynamic analysis out of the box, with checks that hit your routes and check your server configuration.
Absolutely! As long as you are not PR'ing functionality from the paid version, we will gladly take a look and merge your contributions!
Absolutely! If you aren't satisfied with our product, you can email us at support@laravel-enlightn.com within 14 days of your purchase to request for a refund.
Yes, Enlightn has in-built support to integrate with CI/CD pipelines. Refer the documentation to learn more. We also have Enlightn's very own Github bot to automatically review all your pull requests and comment on code that introduces new issues!
Sure, we provide bulk discounts if you purchase 5 or more licenses. Shoot us an email at sales@laravel-enlightn.com and we'll be happy to provide you with special prices!
The open-source version of Enlightn can be bundled, without issues. For Enlightn Pro, however, we do not allow any kinds of redistribution of the source. If you wish to distribute your application code, you will need to make sure you aren't shipping Enlightn Pro's source code along with it, whether publicly or privately. You may review our license agreement for more details.
Yes, you can use Enlightn open-source for commercial or open-source software! The only gotcha is that if you make modifications to the Enlightn source code, you must distribute your modifications. If you don't touch the Enlightn source code and just use it as a dependency, you can use it however you'd like. We chose LGPL over MIT so that improvements to the checks, when made by others, are available to everyone else and can be added to the package.
Enlightn Pro is covered under a commercial license instead of the LGPLv3 license. Needless to say, Enlightn Pro can also be used for OSS or commercial software with the additional benefit that you can also make modifications to the source code if you like, without having to distribute the modifications. Check out the Enlightn Pro license agreement here.