laravel-auditing
Laravel Auditing is a PHP package that automatically tracks changes to Eloquent models in Laravel applications, recording who changed what and when. It uses a simple trait-based approach to log model modifications without requiring manual intervention.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | owen-it/laravel-auditing |
| Owner | owen-it |
| Primary language | PHP |
| License | MIT — OSI-approved |
| Stars | 3.4k |
| Forks | 408 |
| Open issues | 13 |
| Latest release | v14.0.6 (2026-06-20) |
| Last updated | 2026-06-20 |
| Source | https://github.com/owen-it/laravel-auditing |
What laravel-auditing is
A Laravel package implementing the Observer pattern to audit Eloquent model mutations by persisting audit entries (create, update, delete events) with timestamps, user context, and attribute diffs. Integrates with Laravel 11–13 (v14.x), requires PHP ≥8.2, and stores audit trails in a database table.
Get the laravel-auditing source
Clone the repository and explore it locally.
git clone https://github.com/owen-it/laravel-auditing.gitcd laravel-auditing# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Audit table schema and migration must be created; ensure adequate disk space for long-term audit growth on large applications.
- Trait is attached to individual models; requires explicit opt-in per model, so audit coverage depends on developer discipline.
- User context (IP, user_id, agent) must be configured in the middleware or event listeners; defaults may not capture all required metadata.
- Database performance impact increases with model change frequency; consider archiving or partitioning audit tables over time.
- Sensitive data (passwords, API keys) logged in plaintext unless masked via configuration; review masking rules before production use.
When to avoid it — and what to weigh
- High-volume transactional systems requiring sub-millisecond latency — Audit trail recording adds database I/O overhead; not suitable for real-time trading systems or extreme throughput scenarios without careful tuning.
- Application requires non-relational audit storage — Package assumes relational database schema for audit tables; requires significant customization for event streaming, time-series DBs, or external audit services.
- Immutable audit trails with cryptographic verification — No built-in support for audit log signing, blockchain integration, or tamper-proofing; use dedicated audit platforms if legal non-repudiation is required.
- Non-Laravel/Lumen PHP frameworks — Tightly coupled to Laravel/Lumen; will not work with Symfony, WordPress, or other ecosystems without major refactoring.
License & commercial use
MIT License. Permissive OSI-approved license allowing commercial use, modification, and distribution with no restrictions, provided original copyright and license text are included.
Commercial use is permitted under MIT. No commercial license agreement, vendor lock-in, or proprietary fees apply. Include license attribution in distributed derivatives or commercial products.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
No inherent security flaws identified from data provided. However: (1) audit tables may expose sensitive data if not masked (passwords, tokens); (2) database access controls must protect audit logs from unauthorized read/modification; (3) no encryption-at-rest or audit log signing; (4) requires review of masking configuration and database backup security.
Alternatives to consider
Spatie Activity Log
Similar Laravel package with event-based logging; more flexible for non-model entities and external integrations.
Doctrine Audit
Database-agnostic audit solution for Symfony/Doctrine; better for non-Laravel or polyglot stacks.
AWS CloudTrail / Datadog Audit
Cloud-native audit as a service with compliance certifications, encryption, and long-term retention; overkill for small projects but essential for highly regulated enterprises.
Build on laravel-auditing with DEV.co software developers
Laravel Auditing simplifies compliance and fraud detection. Review the documentation, test with your models, and start tracking changes today.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
laravel-auditing FAQ
Does Laravel Auditing log soft-deleted models?
Can I audit related models (e.g., cascade changes)?
What is the performance impact on a high-traffic application?
Is there built-in support for audit log retention policies?
Custom software development services
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If laravel-auditing is part of your open-source observability roadmap, our team can implement, customize, migrate, and maintain it.
Ready to add auditing to your Laravel application?
Laravel Auditing simplifies compliance and fraud detection. Review the documentation, test with your models, and start tracking changes today.