DEV Community: FilaStudio

Awesome Laravel & Filament: The Ultimate Curated Resource List — And We Need Your Help!

FilaStudio — Tue, 24 Feb 2026 08:27:11 +0000

TL;DR: I've built awesome-laravel — a curated list of the best Laravel and Filament resources, packages, tools, tutorials, starter kits, and community links. It's open for contributions. If you know a gem the community should know about, submit a PR!

The Problem Every Laravel Developer Knows

The Laravel ecosystem is one of the richest in the PHP world. Thousands of packages on Packagist, hundreds of tutorials published every week, dozens of conferences and podcasts, and a global community of passionate developers. It's genuinely exciting.

But there's a flip side: discoverability is hard. When you need a solid package for role-based access control, a reliable PDF generator, or a good tutorial on multi-tenancy, you often spend more time searching than building. You rely on Twitter threads, Discord recommendations, or that one bookmarked Laracasts episode from three years ago.

There had to be a better way.

Introducing `awesome-laravel`

filastudio/awesome-laravel is a community-driven, curated list of the best Laravel packages, tools, tutorials, books, starter kits, open-source projects, conferences, podcasts, jobs, and community resources — all in one place, organized by category, with descriptive context for each entry.

This is not just a dump of links. Every entry includes a description that tells you why it matters and when you'd reach for it. The goal is to save you time and help you make informed decisions about the tools you add to your stack.

The repository currently covers 30+ categories, including:

Category	What You'll Find
🏛️ Official Resources	Laravel docs, Forge, Vapor, Nova, Cloud, Envoyer, Spark
📦 Packages & Ecosystem	Packagist, Spatie, Laravel Collective, Packalyst
🔧 Developer Tools	IDE Helper, CRUD generators, Tinker, Decomposer
🧪 Testing & Debugging	Pest, Telescope, Dusk, Ignition, Clockwork, Debug Bar
🔐 Auth & Authorization	Sanctum, Passport, Socialite, Bouncer, JWT Auth, Shield
🛠️ Utilities & Helpers	Horizon, Cashier, Livewire, Octane, Reverb, Pennant
🌟 Laravel Filament	Official docs, 30+ curated plugins, starter kits, tutorials
🚀 Deployment & DevOps	Envoyer, Forge, Vapor, CI/CD pipelines
📚 Tutorials & Blogs	Laravel Daily, Laracasts, Matt Stauffer, Spatie Blog
🏗️ Starter Kits	Breeze, Jetstream, Spark, Boilerplates, Filament kits
📂 Open Source Projects	Invoice Ninja, Monica, Pixelfed, Koel, Akaunting
🎙️ Podcasts	The Laravel Podcast, Laravel News Podcast, Laracasts Snippet
👥 Community	Discord (48k+ members), Reddit, Laravel.io, Slack

The Star of the Show: A Dedicated Filament Section

If you've been in the Laravel ecosystem for the past couple of years, you know that Filament has become the de facto standard for building admin panels and back-office interfaces. With 31,000+ GitHub stars, 683 community plugins, and 315 plugin authors, Filament is not just a package — it's an ecosystem within an ecosystem.

The awesome-laravel repository has a dedicated, comprehensive section for Filament that covers:

Official Resources — The Filament website, documentation, plugin directory, live demo, and the official Discord server with 20,000+ members.

Plugins & Packages, organized by use case:

Security & Access Control — Filament Shield, Socialite integration, user impersonation
Data Management & Export — Excel exports, Spatie Media Library integration, CSV/PDF import
UI & Navigation — Command palette (Spotlight), environment indicators, Kanban boards, calendar views
Monitoring & Logging — Backup management, health checks, activity logging, email log viewer
Form Fields & Components — TinyMCE editor, map picker, Apex Charts, signature pad, icon picker, code editor

Starter Kits — Pre-built Filament boilerplates so you can skip the setup and start building features on day one.

Tutorials & Learning Resources — From beginner YouTube playlists to advanced architecture guides, curated for every experience level.

Open Source Filament Projects — Real-world applications you can study to learn advanced patterns and best practices.

Why This Matters for the Community

Curated lists like this one play an important role in open-source ecosystems. They lower the barrier to entry for newcomers, help experienced developers discover tools they didn't know existed, and create a shared vocabulary for the community. The original sindresorhus/awesome list has spawned thousands of similar projects across every major technology stack, and for good reason: curation is a form of contribution.

Laravel's official documentation is excellent, but it can't cover every community package. Laracasts is invaluable, but it's a video platform, not a searchable index. Laravel News covers the latest releases, but older gems get buried. awesome-laravel fills the gap by providing a stable, browsable, community-maintained reference that doesn't go stale.

How to Contribute

This is where you come in. The repository is open for contributions, and the process is intentionally simple.

Found a package that should be on the list? Open a pull request. Add it to the appropriate category with a concise, descriptive sentence explaining what it does and why it's worth using.

Spotted a broken link or outdated entry? Fix it and submit a PR. Even small improvements matter.

Know a tutorial, blog post, or video that helped you level up? Add it to the learning resources section.

Have a Filament plugin you've built or discovered? The Filament section is actively growing, and we'd love to include it.

The contribution guidelines are straightforward: entries should be genuinely useful, actively maintained, and described clearly. Quality over quantity.

# How to contribute in 3 steps:
# 1. Fork the repository
# 2. Add your resource to the appropriate section with a description
# 3. Open a pull request — that's it!

A Living Document

awesome-laravel is not a static snapshot. It's designed to grow with the ecosystem. As new packages emerge, as Filament v4 matures and its plugin ecosystem expands, as new tutorials and conferences are announced — the list should reflect that. That's only possible with community involvement.

If you find the repository useful, star it to help others discover it. If you know something that should be on the list, contribute. If you want to share it with your team or your local Laravel meetup group, please do.

The Laravel community is one of the most welcoming and collaborative in the software world. Let's build something that reflects that spirit.

Repository: github.com/filastudio/awesome-laravel

PRs welcome. Stars appreciated. Happy building! 🚀

Automate Your Laravel Security Audits with Vigil

FilaStudio — Mon, 23 Feb 2026 08:30:51 +0000

Keeping a Laravel application secure is a continuous process. From forgetting to turn off debug mode in production to accidentally committing API keys, common misconfigurations can leave your application vulnerable. While manual checks are helpful, they are often time-consuming and prone to human error. This is where automation becomes a developer's best friend.

Introducing Laravel Vigil, an open-source security audit tool designed specifically for Laravel. It scans your application's filesystem, PHP configuration, HTTP headers, and Composer dependencies to identify common vulnerabilities and misconfigurations, helping you proactively secure your projects.

In this article, we'll explore how Laravel Vigil can streamline your security workflow, from local development to CI/CD pipelines.

Why Another Security Scanner?

The Laravel ecosystem has several great security tools. However, Vigil was born from the practical need to automate a recurring checklist of issues frequently encountered across multiple projects. The development philosophy focused on three key areas:

Low Noise: Checks are carefully tuned to avoid false positives. For instance, the hardcoded secret scanner is smart enough to recognize and ignore env() helper calls, reducing unnecessary alerts.
Actionable Feedback: When a check fails, Vigil provides a clear, detailed report including the exact file and line number, along with a concrete recommendation for fixing the issue.
Performance: The tool is designed to be fast and efficient, with features like file size limits during scanning to prevent it from getting bogged down in large codebases.

Core Features at a Glance

Vigil comes packed with 15 built-in checks, a security scoring system, and an optional, elegant Filament v5 dashboard.

Here’s a breakdown of its main capabilities:

Category	Description
Filesystem Scanning	Scans for malicious JavaScript, dangerous file uploads in storage, incorrect file permissions, and sensitive files (`.env`, `.git`) exposed in the public directory.
Configuration Audits	Audits `php.ini` settings, `.env` configurations (like `APP_DEBUG` and `APP_KEY`), session security, and Cross-Origin Resource Sharing (CORS) policies.
HTTP Header Validation	Verifies that essential security headers like HSTS, CSP, and X-Frame-Options are correctly implemented.
Dependency Checking	Integrates with `composer audit` to flag any known vulnerable packages in your project.
Advanced Scanning	Includes detection for hardcoded secrets, file integrity monitoring against a baseline, and checks for debug routes or tools like Telescope left enabled in production.

Getting Started in Minutes

You can add Vigil to your project using Composer.

composer require filastudio/laravel-vigil

The package’s service provider is registered automatically. To customize the default settings, you can publish the configuration file:

php artisan vendor:publish --tag=vigil-config

If you wish to store scan history in your database, publish the migrations and run them:

php artisan vendor:publish --tag=vigil-migrations
php artisan migrate

Now, you're ready to run your first audit directly from the command line:

php artisan vigil:audit

This command executes all enabled checks and presents the results in a clean, readable table format. For more detailed output, including file paths and fix suggestions, just add the --detailed flag.

php artisan vigil:audit --detailed

Seamless CI/CD Integration

Vigil is designed to be a part of your automated workflow. You can use the --fail-on flag to set a severity threshold (critical, high, medium). If any check fails at or above the specified level, the command will exit with a non-zero status code, failing your CI/CD pipeline.

Here is an example for GitHub Actions:

- name: Security Audit
  run: php artisan vigil:audit --fail-on=critical,high

This simple addition to your workflow ensures that security regressions are caught before they ever reach production.

The Filament Dashboard

For those who use the excellent Filament admin panel builder, Vigil offers an optional plugin that provides a beautiful dashboard to view and run security audits.

To install it, simply register the plugin in your AdminPanelProvider:

use FilaStudio\Vigil\Filament\VigilPlugin;

public function panel(Panel $panel): Panel
{
    return $panel
        ->plugins([
            VigilPlugin::make(),
        ]);
}

The dashboard provides:

A security score widget (0-100).
A counter for critical issues.
A history of recent scans.
A button to trigger new scans directly from the browser.

This makes security monitoring accessible not just to developers, but to the entire team.

Extensible by Design

While Vigil ships with a comprehensive set of checks, every application has unique security requirements. You can easily create your own custom checks by implementing the SecurityCheck interface and registering it within a service provider. This allows you to tailor the audit process to your specific needs, such as ensuring all database connections use SSL in production.

Conclusion

Laravel Vigil offers a powerful, flexible, and developer-friendly way to automate security auditing in your Laravel projects. By integrating it into your daily workflow, you can catch common vulnerabilities early, enforce security best practices, and deploy your applications with greater confidence. Give it a try on your next project!

Check out the project on GitHub to learn more.