Security - v2.0.2

ArtisanPack UI Security Documentation

The core Laravel security toolkit in the ArtisanPack UI ecosystem. Focused on input sanitization, output escaping, KSES filtering, security headers, XSS protection, basic rate limiting, and Content Security Policy.

Security 2.0 — core-only. Authentication, 2FA, RBAC, file uploads, analytics, and compliance have moved to dedicated sibling packages. See UPGRADE.md for migrating from 1.x.

What's in this package

  • SanitizationsanitizeEmail, sanitizeUrl, sanitizeText, sanitizeInt, sanitizeArray, …
  • EscapingescHtml, escAttr, escUrl, escJs, escCss (Laminas Escaper-backed)
  • KSES filteringkses() WordPress-style allowed-tag filtering
  • Validation rulesNoHtml, SecureUrl
  • Middlewarecsp, security.headers, xss.protection, api.security, api.rate_limit
  • Content Security Policy — nonce generator, policy builder, presets (Strict / Relaxed / Livewire), violation reporting endpoint, optional CSP dashboard Livewire component, Artisan commands (csp:test, csp:stats, csp:prune, csp:generate)
  • Security audit + testing toolkit — OWASP / configuration scanners, penetration testing helpers, performance benchmarks, report generators (JSON, HTML, JUnit, SARIF, Markdown), CI/CD integration, Artisan commands (security:audit, security:scan, security:baseline, security:benchmark, security:check-config, security:test-headers, security:scan-deps)

What's NOT in this package (sibling packages)

Capability Package
Authentication, 2FA, password complexity, account lockout, advanced sessions artisanpack-ui/security-auth
WebAuthn / FIDO2, SSO (SAML/OIDC), social auth, biometrics, device fingerprinting artisanpack-ui/security-advanced-auth
Roles, permissions, Gate integration, Blade directives, Artisan commands artisanpack-ui/rbac
Secure uploads, malware scanning, signed-URL serving artisanpack-ui/secure-uploads
Security event logging, anomaly detection, SIEM export, dashboards artisanpack-ui/security-analytics
GDPR / CCPA / LGPD compliance artisanpack-ui/compliance (future)

Documentation map

  • Getting Started — install + first sanitize / escape call
  • Installation — requirements, configuration, environment variables, migration management
  • Usage — sanitization, escaping, KSES, validation rules, middleware, CSP, headers, rate limiting, session security, API security, Artisan commands
  • API Reference — public API surface
  • Advanced — security testing toolkit, checklist, guidelines, AI assistant guidelines, video tutorials, implementation guide, migration guides
  • FAQ
  • Troubleshooting
  • Upgrading from 1.x
  • Changelog