Daniel Newns

about 10 hours ago

@wendell_adriel ohh man thanks yeah of course.

about 11 hours ago

Over the years of being a developer I've been fortunate enough to get to use a number of different frameworks to build applications with. I remember when I first started to use CakePHP and it baffled me that there were two separate files for the same database table you had a Table class and a Entity class for instance PostsTable and Post entity. After A while of using the framework it made sense to me. The table handles database behaviour - querying, associations, persistence. The entity handles your data - its shape, its rules, its logic as a PHP object. They're different responsibilities, even when they touch the same table. Since moving to Laravel I've thought about this separation a lot. Eloquent is brilliant - I'm not changing my view on that. But passing models through every layer of an application creates problems that compound: → Any layer can call save() by accident → No real type safety - magic __get() all the way down → Services become Eloquent-coupled and painful to unit test → Database column names leak into your domain logic At @jumptwenty4 we've used DTOs for the input side for years packages like @spatie_be Laravel Data really helped with this. A recently released package by @wendell_adriel called Laravel Expressive landed this week. It instantly reminded me of the CakePHP Entity pattern but done for Laravel One trait on your model. One Artisan command. Your services and actions receive typed PHP objects - public, typed properties, proper enums, no Eloquent magic. The bit that surprised me: what it does for testing. Once your services accept Expressive objects, unit tests mean constructing a plain PHP object. No database. No factories. No mocking Eloquent. I've written a breakdown on the Jump24 journal - code examples, Pest testing patterns and an honest look at every limitation worth knowing before you adopt: https://t.co/G3WGHg3KW6 Big thanks to Wendell Adriel once again for all the work he's put in for this new package.

677

about 11 hours ago

@wendell_adriel Honestly when I saw the package I was like that reminds me of Entities so much. Hope the article is ok, if you have any pointers let me know.

DanielNewns retweeted

UK Premier Laravel Partner crafting elegant, efficient code. Never outsourced, never offshored, always exceptional.

about 16 hours ago

We're halfway through the week already and this weeks list is filling up. We've seen some great new packages, more stories about supply chain attacks and @alexdaubois has been doing some great work tweeting some great PHP tips such as this great security tip -> https://t.co/T24JLEzvgC Don't forget if you'd like to get this list in your inbox every Friday morning head on over to https://t.co/OCaaT6LPGC to sign up, and while you're there checkout all our previous weeks top tens here https://t.co/jFEHUQLJQA

Who to follow

Jump24

@jumptwenty4

Chris Hurst

@the_chrishurst

Marketing, Technology & Personal Finance. I have even less knowledge of everything else. Building https://t.co/RR2mb1iQJc in my spare time

Uzair Ali

@Uzairali751

🚀 Passionate lead software dev exploring the art of code and crafting extraordinary solutions. Pushing boundaries, shaping the future one commit at a time

6 days ago

@PovilasKorop @phpfour I wasn't even aware you could do text posts! Another thing for me to do now thanks :)

6 days ago

@wendell_adriel Look forward to seeing you, don't forget to popover to the stand and say Hi :)

166

Laravel London @laravellondon

6 days ago

This is such a great event I've been lucky enough to go to the last 4 and I've enjoyed every single one. Great speakers, excellent chats with other @Laravel developers and of course wonderful food! So if you've not got yourself a ticket yet enter the competition to stand a chance it ends at 6pm on 5th June

6 days ago

For those of you who didn't manage to make it to our last event, the team over at @Vonage were doing a @LaravelLiveUK ticket giveaway. There is still chance to enter if you head over to https://t.co/kPPY02f4mV and fill in the form and you could be in with a chance to win!

128

123

6 days ago

Between the heatwave we're having right now in the UK and the CVE's and supply chain attacks announced this week in the PHP World it's been a tough one! A huge thanks to those working in the security space this week with the likes of @valorin @_clarkio over at @snyksec and of course the work that @enunomaduro and the @packagist have done this week. We really appreciate everything that you all do. This top ten has plenty of updates and things to look out for it even includes a horror story about a forgotten side project and what happens when it gets hacked so sit down and grab a cup of coffee and read on. Don't forget keep those Apps Safe everyone!

6 days ago

🔒 ARTISAN WEEKLY EDITION 86: SECURITY FIRST What a week for the Laravel community. Record May temperatures weren't the only thing heating up - the PHP ecosystem faced a barrage of CVE's and supply chain attacks that should have every developer paying attention. This week's collection is heavily weighted towards security, and for good reason. Let's dive into the stories, tools, and insights that matter most right now. 🥇 LARAVEL LANG SUPPLY CHAIN ADVISORY @snyksec has published a critical security advisory detailing a supply chain vulnerability discovered in the Laravel Lang package ecosystem. This is essential reading for anyone using language packages in their Laravel applications, as it explains the attack vector and provides clear guidance on protecting your applications from similar threats. By @_clarkio https://t.co/IyZjf4nw1w 🥈 50,000 SPAM EMAILS AND A 3 AM PANIC Daniel Petrica shares a genuinely gripping cautionary tale about what happens when you forget about a side project. An outdated Livewire vulnerability led to 50,000 spam emails being sent from his server, triggering a panicked overnight investigation. What makes this story particularly valuable is how Docker containerisation limited the damage, and the practical lessons about security and dependency management that emerged from the chaos. By @daniel_petrica https://t.co/AwscSyzGSZ 🥉 INTRODUCING MOAT: A SECURITY REVIEW FOR YOUR GITHUB ACCOUNT Laravel has released Moat, a powerful new package that audits GitHub security settings across users, organisations, and repositories. With a single command, you can review your security posture and receive actionable suggestions to improve protections like two-factor authentication, branch protection rules, and workflow permissions - timing couldn't be better given this week's security focus. By @enunomaduro https://t.co/cz3jsigfAW 4️⃣ SECURITY TIP: SECURE YOUR REPOSITORIES WITH LARAVEL MOAT Stephen Rees-Carter provides a practical guide to securing your Laravel repositories using the newly released Laravel Moat. This tutorial walks through reviewing your GitHub security posture and implementing the actionable recommendations for hardening repositories against supply chain attacks - essential reading alongside Nuno's announcement. By @valorin https://t.co/CmOvbb79qs 5️⃣ MAKING PEST PARALLEL AND TIME-BASED SHARDING WORK IN BITBUCKET PIPELINES Zacharias Creutznacher delivers a practical guide to implementing Pest 4.6's time-based sharding feature specifically for Bitbucket Pipelines. He covers the setup process, common pitfalls unique to Bitbucket's environment, and workarounds that helped reduce CI test suite runtime from 24 minutes using parallel execution - invaluable if you're battling slow test suites. By @Sairahcaz2k https://t.co/HSDrN6Okdv 6️⃣ AN UPDATE ON COMPOSER & PACKAGIST SUPPLY CHAIN SECURITY Packagist has outlined their comprehensive supply chain security roadmap following recent attacks. The post details integrated malware detection with Aikido, immutable stable versions launching this week, and plans for mandatory MFA and SLSA build provenance. This is the infrastructure-level response the PHP community needs right now. By @igorbenko and Nils Adermann https://t.co/1uW6OjYDAj 7️⃣ SETTING UP SATIS ON LARAVEL FORGE Duncan McClean provides a practical guide to setting up Satis - a static site generator for private Composer packages - on Laravel Forge. This covers site creation, deployment configuration, and authentication handling, offering a cost-effective alternative to Private Packagist's monthly fees whilst maintaining control over your private packages. By @_duncanmcclean https://t.co/kHi2NyLg6D 8️⃣ LARAVEL PAPER: A FLAT-FILE ELOQUENT DRIVER Eric Barnes showcases Laravel Paper, a fascinating flat-file Eloquent driver that works without a database. This video explores how you can use familiar Eloquent syntax whilst storing data in flat files - perfect for small applications, static sites, or scenarios where a full database feels like overkill. By @ericlbarnes https://t.co/jkstcwFHyN 9️⃣ THE FINAL BOSS: GENERICS IN PHP Brent Roose examines the latest Generics RFC that's been submitted to PHP. He walks through what the RFC proposes and whether we'll actually see generics coming to PHP in the near future. If you've been following the generics conversation for years, this video is essential viewing for understanding where we stand today. By @brendt_gd https://t.co/DJvjib4PKZ 🔟 INTRODUCING CTOR: PREFER CONSTRUCTOR OVER ALWAYS-CALLED SETTERS Tomas Votruba introduces CTOR, a PHPStan extension that detects setter methods always called after object instantiation and suggests moving them into the constructor instead. This tool helps prevent half-valid objects by enforcing proper dependency injection through constructors rather than relying on mandatory setter chains - a small but powerful addition to your static analysis toolkit. By @VotrubaT https://t.co/nCrBguEsuf STAY VIGILANT This week's collection tells a clear story: supply chain security isn't just a concern for large enterprises anymore. From forgotten side projects to package ecosystem vulnerabilities, the threats are real and present. The good news? The Laravel and PHP communities are responding with tools, transparency, and actionable guidance. Run Moat on your repositories, update your dependencies, enable MFA everywhere, and keep those side projects maintained. Stay safe out there. And don't forget to checkout the rest of this weeks links head over to https://t.co/Wtn1N0XSrR and while you're there sign up to our newsletter :)

159

6 days ago

@iamdavidhill Is all the work done now?? From this picture alone the quality looks ace!

218

6 days ago

@ericlbarnes @bradenkeith Join the club!!! Today with the help of one of the jump24 team I now have an after effects intro to my videos. :)

6 days ago

My free @thdxr T-Shirt drop arrived yesterday big thanks @sentry I wonder if @iamdavidhill had anything to do with this?

102

8 days ago

There has been so much happening over the last week to ten days its been a bit of a mad one. It's really important now more than ever that we keep our applications secure!

8 days ago

This weeks list is coming along nicely, It is very security focused heavy with everything thats happened this week I guess thats to no ones surprise at all. Have you written anything interesting this week let us know -> https://t.co/ZB0p9bjfxU and don't forget to sign up to our newsletter -> https://t.co/OCaaT6LhR4 for a email every friday with our top ten picks of the week.

176

132

9 days ago

What a week it's already started out to be! Just catching up with all the CVE's and the huge Laravel Lang supply chain Advisory there is a great breakdown of it over on the @snyksec blog - https://t.co/HAmUVIiYBw. It's apt then that in my inbox today is a email from @valorin with his latest security tip - https://t.co/6YqAAsh4r1 and then the release of Laravel Moat by @enunomaduro - https://t.co/uGIxA8gEHi It's more important now than ever to be vigilant and to keep on top of your applications packages making sure you're keeping them up to date and not running any outdated software at all. If you do need someone to take a look at your applications to make sure that everything is ok then why not drop @jumptwenty4 a line and let's see how we can work together to help you get your applications back up to date.

13 days ago

Another packed week in the @laravelphp and @php_net world, articles, packages and CVEs :( there was plenty to keep me busy putting this together. This weeks first place by @HelgeSverre was a real interesting one, I've often wondered what it what it would look like if you didn't keep your applications up to date particularly if they were vulnerable so seeing the honeypot package and the results was eye opening. If there was anything you enjoyed do say a quick thank you to the authors I'm sure they'd appreciate it and don't forget if you want to get this weekly into your inbox head over to https://t.co/Co6eRlmZVu and sign up.

13 days ago

🎨 Artisan Weekly 85 This week's collection brings together some fascinating explorations of Laravel security, performance optimisation, and architectural patterns—plus exciting developments in the PHP ecosystem itself. 🥇 What My Livewire Honeypot Caught in Its First 60 Hours Ever wondered what exploit attempts are actually being thrown at your Laravel applications in the wild? @HelgeSverre created Livewire Honeypot, a package that masquerades as a vulnerable Laravel/Livewire application to capture real-world exploit attempts. His write-up of the first 60 hours is absolutely fascinating, giving us all a sobering look at what's constantly probing our applications. https://t.co/XXhqEoLNNZ 🥈 A Redis-first alternative to spatie/laravel-permission, benchmarked @scabarcas17 has built something impressive here: a Redis-based permissions package that achieves 10x performance improvements over the beloved spatie/laravel-permission. By storing user-role-permission mappings in Redis SETs instead of hitting the database, the performance gains are substantial and the technical deep-dive includes comprehensive benchmarks to prove it. https://t.co/oT1LzHmXbV 🥉 You can have your composer.lock and not make others eat it too! Building a Laravel package and worried about bloating your users' installations with tests and development files they don't need? Kevin Ullyott demonstrates exactly how to use the .gitattributes file to keep your package lean when others pull it in. It's one of those simple techniques that makes a real difference to the developer experience. https://t.co/5XKrERhihz 4️⃣ Open/Closed Principle in Practice: The Strategy + Resolver Pattern in Laravel We've all been there: you finish a refactor feeling brilliant, then return a week later and realise adding one more option would require changing everything. @drumzminister explores the open/closed principle from SOLID through the lens of Laravel's Strategy and Resolver patterns, showing how to build code that's genuinely extensible without modification. https://t.co/ArcCNhEijE 5️⃣ Are multiline short closures coming to PHP? Could this finally be the RFC that brings multiline short closures to PHP? @brendt_gd walks through the latest proposal in this video, breaking down what it would mean for our code and whether it stands a chance of landing. The PHP community has wanted this for ages—fingers crossed. https://t.co/z5gu33mwz4 6️⃣ Service Layer vs Action Pattern vs Jobs in Laravel Controllers have a habit of growing into unwieldy monsters when we're not paying attention. @radenadri compares three architectural approaches to keeping your Laravel code organised: Service Layers, the Action Pattern, and Laravel Jobs. It's a practical guide to structuring applications that remain maintainable as they grow. https://t.co/oo4eZbP9Hw 7️⃣ Laravel Upsert 1M Rows into MySQL from CSV: 5 Ways with Benchmarks Importing massive CSV files into MySQL? @PovilasKorop benchmarks five different approaches to upserting 1 million rows in Laravel, showing the dramatic performance differences between naive and optimised implementations. If you've ever dealt with large data imports, this comparison is gold. https://t.co/yKOw0bwzXD 8️⃣ Implement SAML SSO Authentication in Laravel Filament with Socialite Julien Boyer demonstrates how to implement SAML-based single sign-on authentication in Laravel Filament using Socialite. It's a solid walkthrough for anyone needing to integrate enterprise SSO into their Filament admin panels. https://t.co/VlLVxF4GxU 9️⃣ Build a Streaming AI Chat with Livewire and SSE - Ship AI with Laravel EP7 In this episode, @harrisrafto builds a real-time chat UI that streams AI responses word-by-word using Livewire and Server-Sent Events. Instead of making users wait for the complete response, they see the AI "thinking" as it generates text—a much better user experience for AI-powered features. https://t.co/lZMBYWYpiX 🔟 The Ecosystem Security Team at The PHP Foundation The PHP Foundation has received a grant to invest in security, which is brilliant news for the entire ecosystem. @brendt_gd sits down with Volker Dusch to discuss his new role focusing on PHP security for the next six months and what it means for the language we all rely on. https://t.co/fA3d5m6udO

768

304

13 days ago

So after a good 24 hours with solo I am one happy customer. excellent work on it @aarondfrancis really looking forward to the future of the product. Time to see if the rest of the @jumptwenty4 would like to give it a go :)

15 days ago

.@PovilasKorop puts so much effort into his content creation and he covers a lot of interesting topics such as this one! If you're not already following him and of course @DailyLaravel I suggest you do as he's a great resource for the @laravelphp community.

15 days ago

Todays post of the day is a nice breakdown of 5 different approaches of upserting 1M rows from a CSV into a production DB. @PovilasKorop benchmarks each one. If you've had to work with large CSVs and have been struggling to get the speed of the imports down there might be some great little insights here on a different approach you could use next time. https://t.co/yKOw0bwzXD Are there any other approaches that you can think of?

15 days ago

It turns out that I've had my OBS setup wrong all this time and I've not been recording at the best resolution I can 😢 Time to change that up, I've spent sometime this morning making sure that the resolution is right, I've also been playing around with recording different formats such as vertical for the Insta! I feel a bit dumb now having all that kit that could do it but not actually utilising it 😐 It has got me thinking though - what are other developers and content creators recording at? Is 4k worth doing or should I have just stuck with what I had? I have no doubt the fans on my machine will start up anytime soon! Let's just see what this weeks recording looks like for @artisan_weekly and if it makes any difference at all.

200

16 days ago

Today I am giving Solo (https://t.co/stkOtudaW3) by @aarondfrancis a go. Some of the @jumptwenty4 are already using it and are big fans so I thought it was about time I gave it a real go. He did a great video on it yesterday https://t.co/KY0ZJPrvb8. Anyone else given it a go or using any other tool like it?