I maintain https://github.com/psalm/psalm-plugin-laravel — the only free tool that combines deep Laravel type analysis with dataflow-based vulnerability detection.

It catches SQL injection, XSS, SSRF, shell injection, file traversal, and open redirects by tracking user input from $request->input() through your entire codebase to dangerous sinks like DB::statement() — even across function boundaries. No commercial tool does this with Laravel awareness at $0/year.

What your sponsorship supports

• Expanding taint coverage — every new stub protects thousands of Laravel apps
• Keeping up with Laravel releases — Laravel 12, 13, and beyond
• Psalm 7 compatibility fixes and improvements
• Staying free forever — MIT licensed, no "Pro tier" gatekeeping