darvis/livewire-honeypot

Lightweight honeypot + time‑trap protection for Livewire 3 (Laravel 11).
Blocks simple bots without CAPTCHAs, privacy‑friendly and unobtrusive.

Features

• 🪤 Honeypot bait field (present|size:0)
• ⏱️ Time‑trap (minimum fill time, default 5 seconds)
• 🧩 Works as Trait for Livewire and as Service for controllers/APIs
• 🧱 Blade component <x-honeypot /> for easy inclusion
• 🌍 Multilingual (English & Dutch included)
• ⚙️ Fully configurable via config file
• 🔌 Zero dependencies beyond Livewire 3 / Laravel 11

Installation

composer require darvis/livewire-honeypot

(For local development, you can add a path repository in your app's composer.json.)

Usage — Livewire (Trait)

1. In your Livewire component:

use Darvis\LivewireHoneypot\Traits\HasHoneypot;

class ContactForm extends Component
{
    use HasHoneypot;

    public string $name = '';
    public string $email = '';
    public string $message = '';

    public function submit(): void
    {
        $this->validate([
            'name' => 'required|string|min:2',
            'email' => 'required|email',
            'message' => 'required|string|min:10',
        ]);

        $this->validateHoneypot();

        // process form ...

        $this->reset(['name','email','message']);
        $this->resetHoneypot();
    }
}

2. In your Blade (or Flux) view, add the component (place anywhere inside the form):

<x-honeypot />

Usage — Controller / API (Service)

use Darvis\LivewireHoneypot\Services\HoneypotService;

public function store(Request $request, HoneypotService $honeypot)
{
    $honeypot->validate($request->only('hp_website', 'hp_started_at', 'hp_token'));
    // process form ...
}

To generate fields server‑side (non‑Livewire forms):

$hp = app(Darvis\LivewireHoneypot\Services\HoneypotService::class)->generate();
// pass $hp to your view to prefill hidden inputs

Configuration

Publish the config file to customize settings:

php artisan vendor:publish --tag=livewire-honeypot-config

Available options in config/livewire-honeypot.php:

• minimum_fill_seconds - Minimum time (in seconds) before form submission (default: 5)
• field_name - Name of the honeypot field (default: hp_website)
• token_min_length - Minimum token length for validation (default: 10)
• token_length - Length of generated token (default: 24)

All settings can also be configured via environment variables:

HONEYPOT_MINIMUM_FILL_SECONDS=5
HONEYPOT_FIELD_NAME=hp_website
HONEYPOT_TOKEN_MIN_LENGTH=10
HONEYPOT_TOKEN_LENGTH=24

Translations

The package includes English and Dutch translations. Publish them to customize error messages:

php artisan vendor:publish --tag=livewire-honeypot-translations

Available translation keys in resources/lang/vendor/livewire-honeypot/{locale}/validation.php:

• spam_detected - Error when honeypot field is filled
• submitted_too_quickly - Error when form is submitted too fast
• honeypot_label - Label text for the honeypot field

Publishing views (optional)

Customize the honeypot component:

php artisan vendor:publish --tag=livewire-honeypot-views

Throttling (recommended)

Add request rate‑limiting on your form route:

Route::get('/contact', \App\Livewire\ContactForm::class)->middleware('throttle:10,1');

License

MIT © Arvid de Jong (info@arvid.nl)