Enlightn: Boost your Laravel App's Performance & Security

Published on by

Enlightn: Boost your Laravel App's Performance & Security image

Enlightn is an amazing tool that helps you boost your Laravel application's performance and security. It has 120 automated checks that scan your application code, hit your routes, and check your server configurations to provide recommendations on improving performance, security, and code reliability.

Using Enlightn

Enlightn has two versions: open source (with 60 checks) and a Pro version (with 120 checks).

You can install the open source version through Composer. To install the Pro version, you can checkout the Enlightn documentation.

composer require enlightn/enlightn

After that, all you need to do is run the enlightn Artisan command:

php artisan enlightn

With this command, Enlightn, being the awesome consultant that it is, starts its analysis on your application.

TIP: To get the most out of Enlightn, we found it's best to run Enlightn on your production setup. Many of Enlightn's checks are environment-specific, so they may only be triggered when your app environment is in production.


With 120 automated checks, Enlightn covers almost every aspect of performance, security, and code reliability that you can think of!

Performance Checks

Enlightn has 34 automated performance checks. Some of our favorite ones include:

  • Route caching
  • Detection of N+1, slow, and duplicate queries
  • Checking for compression and cache headers
  • Middleware bloat detection

Security Checks

Enlightn has 45 automated security checks. Enlightn automatically detects vulnerabilities in your application. The vulnerabilities it scans for include:

  • Insecure PHP configurations
  • SQL injection vulnerabilities
  • Injection and phishing attacks
  • Unrestricted file uploads

Code Reliability Checks

Enlightn has 41 automated reliability checks including:

  • Dead route and dead code detection
  • Detecting misconfigurations
  • Bug detection
  • Health checks

Query Optimizations

Enlightn can scan your app's code and detect possible query optimizations. Consider the code below:

namespace App\Models;
use Illuminate\Database\Eloquent\Model;
class Client extends Model
public function countTeamMembers()
return $this->teamMembers->count();

In the example above, we are first firing a query to get all the team members of a client model, and then performing a count on the resulting collection.

Enlightn can automagically detect this and alert you. The query can be optimized by performing the count at the query level like so:

public function countTeamMembers()
return $this->teamMembers()->count();

Performance Tuning

Enlightn doesn't just scan your application code. It can also detect opportunities to tune server configurations.

Some of these opportunities can make a huge impact on performance. For instance, by setting the right compression headers on your web server, you can reduce your asset file size by 80%!

In the example application above, we missed configuring compression headers and Enlightn helps flag them. Not only that, but it also points to detailed documentation where you can learn how to configure these headers on Apache, Nginx or even your CDN!

N+1 Query Detection

Enlightn also integrates with Laravel Telescope to detect N+1 queries in your code. It highlights the files and line numbers responsible for the N+1 queries to make it easy for you to identify them in your code.

Consider the blade template below:

@foreach ($posts as $post)
<x-post :data="$post" :comments="$post->comments" />

In our PostController, if we forget to eager load the post comments and each page has 25 posts, it would result in 26 queries instead of 1.

For static analyzers, N+1 query detection is almost impossible, especially for a loosely typed language like PHP. But Enlightn combines dynamic analysis with static analysis to make this possible.

Dependency Vulnerabilities Scanner

Enlightn has a dependency vulnerabilities scanner built-in that checks your package dependencies on both your frontend and backend and alerts you if any packages are missing security updates.

Laravel recently released a security fix and the example application below wasn't updated with the security fix. Enlightn immediately flagged this for us!

SQL Injection

Enlightn can detect a wide variety of SQL injection vulnerabilities for Laravel applications.

Consider the following code:

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
class ProfileController extends Controller
public function validateEmail(Request $request)
$this->validate($request, [
'email' => [

This may look like normal validation but actually is vulnerable to SQL injection attacks. In fact, the Laravel documentation warns against it. Sometimes, it's not possible to always stay up-to-date with the Laravel documentation.

Enlightn makes it easy by flagging these errors and linking to detailed documentation on how to stay secure from each of these vulnerabilities.

Unrestricted File Uploads

Unrestricted file uploads is another vulnerability that modern web applications need to be mindful of.

In the application below, we are storing files at a path determined by untrusted user input data. This may result in a vulnerability where users may overwrite critical files such as /etc/passwd or .env on your server.

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
class DocumentController extends Controller
public function upload(Request $request)

It is difficult to keep track of what's dangerous and what's not, especially as both the web landscape and the Laravel framework evolve over time. Enlightn can take care of that for you.

Dead Route Detection

While maintaining applications over a large period of time, sometimes you may remove certain routes, or controller methods due to changing needs, but may forget to remove the registrations.

This makes your code accumulate "technical debt" and also more unreadable.

Enlightn can thankfully detect dead routes (routes that have missing controllers or methods) to help your code stay clean and even detect broken links in your application.

In the example application below, Enlightn detects 2 dead routes in the application.

Detecting Misconfigurations

Enlightn is also pretty efficient in detecting misconfigurations that may cause problems down the road.

For instance, if you set a generic cache prefix and share your cache servers, this can create collision problems. Even if you don't use caching directly in your application, the Laravel Framework uses it for rate limiting, unique job locks, and queueing.

Imagine throttling a user on the first application, only to learn that a user with the same ID on another application that shares cache servers is also getting throttled.

These are the kinds of misconfigurations Enlightn automatically detects.

In Closing

Enlightn looks like an awesome tool and seems to be a first of its kind for Laravel. In this post, we were only able to cover a handful of the 120 automated checks it has to offer.

You should definitely take it for a spin and try it out. You can find the open-source version (with 60 checks) on its Github repository.

You can also grab a license from the Enlightn website to get access to 60 additional checks to make your app perform better and stay secure. We'd say it's worth it!

Eric L. Barnes photo

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Filed in:

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Larafast: Laravel SaaS Starter Kit

Larafast is a Laravel SaaS Starter Kit with ready-to-go features for Payments, Auth, Admin, Blog, SEO, and beautiful themes.

Visit Larafast: Laravel SaaS Starter Kit
Laravel Forge logo

Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Forge
Tinkerwell logo


The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $7500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Kirschbaum logo


Providing innovation and stability to ensure your web application succeeds.

Shift logo


Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Bacancy logo


Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $2500/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Lucky Media logo

Lucky Media

Bespoke software solutions built for your business. We ♥ Laravel

Lucky Media
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
LaraJobs logo


The official Laravel job board

Larafast: Laravel SaaS Starter Kit logo

Larafast: Laravel SaaS Starter Kit

Larafast is a Laravel SaaS Starter Kit with ready-to-go features for Payments, Auth, Admin, Blog, SEO, and beautiful themes. Available with Vue and Livewire stacks.

Larafast: Laravel SaaS Starter Kit
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
Rector logo


Your partner for seamless Laravel upgrades, cutting costs, and accelerating innovation for successful companies


The latest

View all →
Configuring Laravel With Additional Environment Files image

Configuring Laravel With Additional Environment Files

Read article
Real Time Command Line Monitoring With Laravel Top image

Real Time Command Line Monitoring With Laravel Top

Read article
A New Validation Rule and the Ability to Manually Fail a Command in Laravel 11.8 image

A New Validation Rule and the Ability to Manually Fail a Command in Laravel 11.8

Read article
New Proposed Array Find Functions in PHP 8.4 image

New Proposed Array Find Functions in PHP 8.4

Read article
Laracon AU 2024 tickets are now on sale image

Laracon AU 2024 tickets are now on sale

Read article
Dash UI is a Laravel Blade Component Library Inspired by Shopify Polaris image

Dash UI is a Laravel Blade Component Library Inspired by Shopify Polaris

Read article