Enlightn: Boost your Laravel App's Performance & Security

Published on by

Enlightn: Boost your Laravel App's Performance & Security image

Enlightn is an amazing tool that helps you boost your Laravel application's performance and security. It has 120 automated checks that scan your application code, hit your routes, and check your server configurations to provide recommendations on improving performance, security, and code reliability.

Using Enlightn

Enlightn has two versions: open source (with 60 checks) and a Pro version (with 120 checks).

You can install the open source version through Composer. To install the Pro version, you can checkout the Enlightn documentation.

composer require enlightn/enlightn

After that, all you need to do is run the enlightn Artisan command:

php artisan enlightn

With this command, Enlightn, being the awesome consultant that it is, starts its analysis on your application.

TIP: To get the most out of Enlightn, we found it's best to run Enlightn on your production setup. Many of Enlightn's checks are environment-specific, so they may only be triggered when your app environment is in production.

Features

With 120 automated checks, Enlightn covers almost every aspect of performance, security, and code reliability that you can think of!

Performance Checks

Enlightn has 34 automated performance checks. Some of our favorite ones include:

  • Route caching
  • Detection of N+1, slow, and duplicate queries
  • Checking for compression and cache headers
  • Middleware bloat detection

Security Checks

Enlightn has 45 automated security checks. Enlightn automatically detects vulnerabilities in your application. The vulnerabilities it scans for include:

  • Insecure PHP configurations
  • SQL injection vulnerabilities
  • Injection and phishing attacks
  • Unrestricted file uploads

Code Reliability Checks

Enlightn has 41 automated reliability checks including:

  • Dead route and dead code detection
  • Detecting misconfigurations
  • Bug detection
  • Health checks

Query Optimizations

Enlightn can scan your app's code and detect possible query optimizations. Consider the code below:

namespace App\Models;
 
use Illuminate\Database\Eloquent\Model;
 
class Client extends Model
{
public function countTeamMembers()
{
return $this->teamMembers->count();
}
}

In the example above, we are first firing a query to get all the team members of a client model, and then performing a count on the resulting collection.

Enlightn can automagically detect this and alert you. The query can be optimized by performing the count at the query level like so:

public function countTeamMembers()
{
return $this->teamMembers()->count();
}

Performance Tuning

Enlightn doesn't just scan your application code. It can also detect opportunities to tune server configurations.

Some of these opportunities can make a huge impact on performance. For instance, by setting the right compression headers on your web server, you can reduce your asset file size by 80%!

In the example application above, we missed configuring compression headers and Enlightn helps flag them. Not only that, but it also points to detailed documentation where you can learn how to configure these headers on Apache, Nginx or even your CDN!

N+1 Query Detection

Enlightn also integrates with Laravel Telescope to detect N+1 queries in your code. It highlights the files and line numbers responsible for the N+1 queries to make it easy for you to identify them in your code.

Consider the blade template below:

@foreach ($posts as $post)
<x-post :data="$post" :comments="$post->comments" />
@endforeach

In our PostController, if we forget to eager load the post comments and each page has 25 posts, it would result in 26 queries instead of 1.

For static analyzers, N+1 query detection is almost impossible, especially for a loosely typed language like PHP. But Enlightn combines dynamic analysis with static analysis to make this possible.

Dependency Vulnerabilities Scanner

Enlightn has a dependency vulnerabilities scanner built-in that checks your package dependencies on both your frontend and backend and alerts you if any packages are missing security updates.

Laravel recently released a security fix and the example application below wasn't updated with the security fix. Enlightn immediately flagged this for us!

SQL Injection

Enlightn can detect a wide variety of SQL injection vulnerabilities for Laravel applications.

Consider the following code:

namespace App\Http\Controllers;
 
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
 
class ProfileController extends Controller
{
public function validateEmail(Request $request)
{
$this->validate($request, [
'email' => [
'required',
Rule::unique('users')->ignore($request->input('id')),
]
]);
}
}

This may look like normal validation but actually is vulnerable to SQL injection attacks. In fact, the Laravel documentation warns against it. Sometimes, it's not possible to always stay up-to-date with the Laravel documentation.

Enlightn makes it easy by flagging these errors and linking to detailed documentation on how to stay secure from each of these vulnerabilities.

Unrestricted File Uploads

Unrestricted file uploads is another vulnerability that modern web applications need to be mindful of.

In the application below, we are storing files at a path determined by untrusted user input data. This may result in a vulnerability where users may overwrite critical files such as /etc/passwd or .env on your server.

namespace App\Http\Controllers;
 
use Illuminate\Http\Request;
use Illuminate\Support\Str;
 
class DocumentController extends Controller
{
public function upload(Request $request)
{
$request->file('document')->storeAs(
'docs/'.auth()->id().'/'.$request->input('filename'),
Str::uuid()
);
}
}

It is difficult to keep track of what's dangerous and what's not, especially as both the web landscape and the Laravel framework evolve over time. Enlightn can take care of that for you.

Dead Route Detection

While maintaining applications over a large period of time, sometimes you may remove certain routes, or controller methods due to changing needs, but may forget to remove the registrations.

This makes your code accumulate "technical debt" and also more unreadable.

Enlightn can thankfully detect dead routes (routes that have missing controllers or methods) to help your code stay clean and even detect broken links in your application.

In the example application below, Enlightn detects 2 dead routes in the application.

Detecting Misconfigurations

Enlightn is also pretty efficient in detecting misconfigurations that may cause problems down the road.

For instance, if you set a generic cache prefix and share your cache servers, this can create collision problems. Even if you don't use caching directly in your application, the Laravel Framework uses it for rate limiting, unique job locks, and queueing.

Imagine throttling a user on the first application, only to learn that a user with the same ID on another application that shares cache servers is also getting throttled.

These are the kinds of misconfigurations Enlightn automatically detects.

In Closing

Enlightn looks like an awesome tool and seems to be a first of its kind for Laravel. In this post, we were only able to cover a handful of the 120 automated checks it has to offer.

You should definitely take it for a spin and try it out. You can find the open-source version (with 60 checks) on its Github repository.

You can also grab a license from the Enlightn website to get access to 60 additional checks to make your app perform better and stay secure. We'd say it's worth it!

Eric L. Barnes photo

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Filed in:
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Laravel Forge logo

Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Forge
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $7500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $2500/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
LaraJobs logo

LaraJobs

The official Laravel job board

LaraJobs
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
Supercharge Your SaaS Development with FilamentFlow: The Ultimate Laravel Filament Boilerplate logo

Supercharge Your SaaS Development with FilamentFlow: The Ultimate Laravel Filament Boilerplate

Build your SaaS application in hours. Out-of-the-box multi-tenancy and seamless Stripe integration. Supports subscriptions and one-time purchases, allowing you to focus on building and creating without repetitive setup tasks.

Supercharge Your SaaS Development with FilamentFlow: The Ultimate Laravel Filament Boilerplate
Rector logo

Rector

Your partner for seamless Laravel upgrades, cutting costs, and accelerating innovation for successful companies

Rector
MongoDB logo

MongoDB

Enhance your PHP applications with the powerful integration of MongoDB and Laravel, empowering developers to build applications with ease and efficiency. Support transactional, search, analytics and mobile use cases while using the familiar Eloquent APIs. Discover how MongoDB's flexible, modern database can transform your Laravel applications.

MongoDB

The latest

View all →
Laravel Solr image

Laravel Solr

Read article
A Guide to Pagination in Laravel image

A Guide to Pagination in Laravel

Read article
Laravel Roundup - November image

Laravel Roundup - November

Read article
Bento Laravel SDK image

Bento Laravel SDK

Read article
Laravel 11.30 Released image

Laravel 11.30 Released

Read article
Bluesky notification channel for Laravel image

Bluesky notification channel for Laravel

Read article