Your perf/sec consultant, an artisan command away
Enlightn scans your code to provide you with actionable recommendations on improving its performance, security & more.
Boost your app's performance and security
We'll perform over 100 checks against your application for common issues, and provide actionable feedback for fixing them. Here are some of the things we can take care of.
๐ Query Optimizations
How often do we come across a piece of code with a hidden performance bottleneck? We're not perfect, we're humans after all. Enlightn can scan your code and detect these bottlenecks (much like the one shown here), without ever having to execute the code!
๐ช Performance Tuning
Performance optimizations in code are easier to focus on rather than fine-tuning server configurations. Picture this: minification optimizes about 20% file size, whereas compression headers can save 80%! Enlightn doesn't only look at your code. It also suggests performance tuning configurations!
๐ญ N+1 Query Detection
Static analysis has some limitations. While it is possible to detect optimization opportunities such as aggregation calls on collections instead of the query builder, things like N+1 query detection and detecting memory leaks is either very difficult or impossible using static analysis. Fear not, Enlightn isn't just a static analysis tool. It scans your Telescope records to detect N+1 queries, duplicate queries, slow or memory intensive routes and more!
๐คท Bloat Detection
Laravel has almost everything built-in. But sometimes, it makes us lazy. Have you ever fallen into the trap of just using the Laravel skeleton code rather than cleaning it up for your specific application? Take the example shown here. We might not be using CORS or behind proxies. Enlightn detects this and tells you which middleware are unused and safe to remove.
๐ต๏ธ Vulnerability Scanning
Enlightn has an in-built dependency vulnerability scanner. It scans your package dependencies for known vulnerabilities (both on the frontend and backend) and flags any packages that may need critical security updates or fixes. For instance, Laravel recently released a security fix. Here, Enlightn detects that I need to update my Laravel Framework dependency to receive the security update and stay secure.
โข๏ธ SQL Injection
Enlightn can detect a wide variety of SQL injection vulnerabilities including raw SQL injection, native injection, column name SQL injection and validation rule SQL injection. Consider this code. Even though it looks like a normal validation, it is vulnerable to SQL injection attacks. Don't worry, your friendly neighbourhood consultant is here to help your app stay secure!
๐ Mass Assignment
Laravel's ORM Eloquent has in-built protection against mass assignment but it also has the flexibility to circumvent the protection for specific use cases. Sometimes, these features can leave security holes in your application when misused. Enlightn can of course detect these holes for you!
๐ Directory Traversal
If your application allows users to download files, you need to be very careful about directory traversal attacks. It's actually very difficult for a framework to provide protection out-of-the-box for these kinds of attacks. Don't worry, Enlightn can alert you instantly if any vulnerabilities like the one in the displayed code block exist in your application!
๐ง Code Reliability
Many edge cases don't really popup in testing and are only discovered when reported by customers. Check out the code shown here. When a customer uploads two files at once in your form, this code would error out. Enlightn detects such edge cases and reports them to you before they happen.
โ Detecting Misconfigurations
Sometimes, misconfigurations can lead to errors that go un-noticed. For instance, say your app sets a queue retry-after value that is below your queue timeout value. This can cause your jobs to be processed twice or the worker to crash, and these issues are very hard to detect. But Enlightn has some Yoda abilities!
๐ป Dead Routes & Dead Code
Maintaining code over time can cause issues such as dead routes or dead code. Dead routes are routes directed to controllers or methods that don't exist (may have been deleted). Dead code is unreachable code. All of these "ghosts" make your application difficult to read. Enlightn helps you clean up all that mess!
๐ Detection of Bad Practices
Sometimes we end up copy pasting some code from a blog or a website that of course works for our application but is a bad practice that can hurt us later on. Consider the code here. When you're using a robust framework like Laravel, you shouldn't really be using native functions to create cookies. Why? Because then your cookies won't be encrypted and your cookie security attributes won't be applied. Enlightn has superhuman powers to flag these for you!
Use Enlightn for free, or upgrade for extra checks
Get started with our open-source Enlightn package, or upgrade to Enlightn Pro to get double the advice.
Frequently asked questions
-
Will the free version remain free forever?
Yes! Currently, the only limitation is the number of checks. The Github open source version has 61 checks today, whereas the Pro version has 122 checks. We will however, continue to show our โค and support for the free version forever, and would even likely add more checks going forward!
-
What's the difference between Enlightn open-source and Pro?
Currently, the difference is that the OSS version has 61 checks and the Pro version has 122 checks. Check out the docs to know which additional checks are supported on the Pro version. In future releases, we may introduce a web UI for the Pro version as well.
-
Is Enlightn meant for dev environments only?
Unlike other packages, Enlightn does not have any overhead on your application. It does not record queries or log anything or even boot any services. So, it can be safely installed on both dev and production environments.
In fact, it is recommended to run Enlightn on production as well because it doesn't only scan your code but also checks things such as web server or service configurations.
-
How does Enlightn compare to Symfony Insights?
Symfony Insights was built for Symfony and not Laravel projects. Enlightn was built specifically with Laravel in mind.
In terms of scope, we like to believe that Enlightn has a much broader scope than Symfony Insights because it's not just a static analysis tool but much beyond that. An example is that Symfony Insights does not contain any performance checks.
-
How can I support Enlightn?
You can support us in many ways. The best way is to grab a Pro license, and get double the value Enlightn open-source provides. Besides that, you can submit PRs to Enlightn OSS by adding/improving checks, and spread the word to let us help more people. Thanks! โค
-
How is Enlightn different from a static analysis tool?
While some of our checks are powered by static analysis, Enlightn does so much more. We provide dynamic analysis out of the box, with checks that hit your routes and check your server configuration.
-
Are you open to PRs for the open-source version of Enlightn?
Absolutely! As long as you are not PR'ing functionality from the paid version, we will gladly take a look and merge your contributions!
-
Can I get a refund?
Absolutely! If you aren't satisfied with our product, you can email us at support@laravel-enlightn.com within 14 days of your purchase to request for a refund.
-
Can I integrate Enlightn with my CI/CD platform?
Yes, Enlightn has in-built support to integrate with CI/CD pipelines. Refer the documentation to learn more.
-
Can I get a bulk discount on purchasing multiple Enlightn Pro licenses?
Sure, shoot us an email at sales@laravel-enlightn.com and we'll discuss your pricing.
-
Can I ship a copy of Enlightn in my own product?
The open-source version of Enlightn can be bundled, without issues. For Enlightn Pro, however, we do not allow any kinds of redistribution of the source. If you wish to distribute your application code, you will need to make sure you aren't shipping Enlightn Pro's source code along with it, whether publicly or privately. You may review our license agreement for more details.
-
What is the LGPLv3 license? Can I use the open-source version of Enlightn for commercial software?
Yes, you can use Enlightn open-source for commercial or open-source software! The only gotcha is that if you make modifications to the Enlightn source code, you must distribute your modifications. If you don't touch the Enlightn source code and just use it as a dependency, you can use it however you'd like. We chose LGPL over MIT so that improvements to the checks, when made by others, are available to everyone else and can be added to the package.
Enlightn Pro is covered under a commercial license instead of the LGPLv3 license. Needless to say, Enlightn Pro can also be used for OSS or commercial software with the additional benefit that you can also make modifications to the source code if you like, without having to distribute the modifications. Check out the Enlightn Pro license agreement here.