Laravel Prism

Static Eloquent model auditor — catches $fillable, $casts, $hidden, and factory drift before tests fail silently.

Eloquent models accumulate drift. You add a column to a migration, forget to add it to $fillable. A new $cast is declared for a column that no longer exists. A password column sits in $fillable but not in $hidden. A factory produces string for a field that the model casts as array. None of these problems throw an error — they fail silently, corrupt data, or create security holes that only show up under specific conditions.

Prism surfaces these silent issues through static model auditing.

Features

Prism detects 5 major drift patterns:

1. Sensitive field in $fillable but not $hidden (Potential Data Leak)
2. $casts declares a column not in the DB (Dead Cast)
3. DB column exists but is absent from $fillable (Missing Fillable)
4. Factory type mismatches model $casts (Factory Mismatch)
5. $guarded = [] with no $fillable defined (Unguarded Model)

Installation

You can install the package via composer:

composer require fr3on/laravel-prism --dev

You can publish the config file with:

php artisan vendor:publish --tag="prism-config"

Usage

Simply run the auditor against your application's models:

php artisan model:audit

To integrate with your CI testing pipeline and gate deployments on model drift:

php artisan model:audit --ci

You can also specify particular models to scan:

php artisan model:audit --model=User

License

The MIT License (MIT). Please see License File for more information.