{"id":18674887,"url":"https://github.com/yorcreative/laravel-scrubber","last_synced_at":"2026-02-02T21:34:23.555Z","repository":{"id":57750293,"uuid":"525535098","full_name":"YorCreative/Laravel-Scrubber","owner":"YorCreative","description":"A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.","archived":false,"fork":false,"pushed_at":"2024-04-19T01:47:04.000Z","size":157,"stargazers_count":142,"open_issues_count":4,"forks_count":13,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-29T09:08:45.421Z","etag":null,"topics":["cyber-security","cybersecurity","data-sanitization","data-scrubber","laravel","laravel-package","log","log-sanitization","log-scrubber","logscrubber","php","scrubber","security","security-scan","security-tools","sensitive-data-security"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/YorCreative.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-16T20:36:44.000Z","updated_at":"2025-03-16T08:37:03.000Z","dependencies_parsed_at":"2024-06-21T19:06:24.823Z","dependency_job_id":"37889a42-6559-4129-9ef2-b352732a2bac","html_url":"https://github.com/YorCreative/Laravel-Scrubber","commit_stats":{"total_commits":19,"total_committers":5,"mean_commits":3.8,"dds":0.5789473684210527,"last_synced_commit":"2d606336f160ac19cc1142f928eb3abbdb752a32"},"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YorCreative%2FLaravel-Scrubber","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YorCreative%2FLaravel-Scrubber/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YorCreative%2FLaravel-Scrubber/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YorCreative%2FLaravel-Scrubber/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/YorCreative","download_url":"https://codeload.github.com/YorCreative/Laravel-Scrubber/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247318744,"owners_count":20919484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber-security","cybersecurity","data-sanitization","data-scrubber","laravel","laravel-package","log","log-sanitization","log-scrubber","logscrubber","php","scrubber","security","security-scan","security-tools","sensitive-data-security"],"created_at":"2024-11-07T09:21:00.349Z","updated_at":"2026-02-02T21:34:23.549Z","avatar_url":"https://github.com/YorCreative.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cbr /\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://github.com/YorCreative\"\u003e\n    \u003cimg src=\"content/logo-2-color.png\" alt=\"Logo\" width=\"128\" height=\"128\"\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\u003ch3 align=\"center\"\u003eLaravel Scrubber\u003c/h3\u003e\n\n\u003cdiv align=\"center\"\u003e\n\u003ca href=\"https://github.com/YorCreative/Laravel-Scrubber/blob/main/LICENSE.md\"\u003e\u003cimg alt=\"GitHub license\" src=\"https://img.shields.io/github/license/YorCreative/Laravel-Scrubber\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/YorCreative/Laravel-Scrubber/stargazers\"\u003e\u003cimg alt=\"GitHub stars\" src=\"https://img.shields.io/github/stars/YorCreative/Laravel-Scrubber\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/YorCreative/Laravel-Scrubber/issues\"\u003e\u003cimg alt=\"GitHub issues\" src=\"https://img.shields.io/github/issues/YorCreative/Laravel-Scrubber\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/YorCreative/Laravel-Scrubber/network\"\u003e\u003cimg alt=\"GitHub forks\" src=\"https://img.shields.io/github/forks/YorCreative/Laravel-Scrubber\"\u003e\u003c/a\u003e\n\u003cimg alt=\"Packagist Downloads\" src=\"https://img.shields.io/packagist/dt/YorCreative/Laravel-Scrubber?color=green\"\u003e\n\u003ca href=\"https://github.com/YorCreative/Laravel-Scrubber/actions/workflows/phpunit.yml\"\u003e\u003cimg alt=\"PHPUnit\" src=\"https://github.com/YorCreative/Laravel-Scrubber/actions/workflows/phpunit.yml/badge.svg\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\nA Laravel package to scrub sensitive information that breaks operational security policies from being leaked on\naccident ~~_or not_~~ by developers.\n\n## Requirements\n\n- PHP 8.1, 8.2, 8.3, 8.4, or 8.5\n- Laravel 10.x, 11.x, or 12.x\n\n## Installation\n\ninstall the package via composer:\n\n```bash\ncomposer require yorcreative/laravel-scrubber\n```\n\nPublish the packages assets.\n\n```bash\nphp artisan vendor:publish --provider=\"YorCreative\\Scrubber\\ScrubberServiceProvider\"\n```\n\n## Configuration\n\nAdjust the configuration file to suite your application, located in `/config/scrubber.php`.\n\n```php\nreturn [\n    /**\n     * Specify the string to use to redact the data\n     */\n    'redaction' =\u003e '**redacted**',\n\n    'secret_manager' =\u003e [\n        'key' =\u003e env('APP_KEY'),\n        'cipher' =\u003e 'AES-256-CBC',\n        'enabled' =\u003e false,\n        'providers' =\u003e [\n            // See \"Secret Manager Providers\" section for full configuration options\n            'gitlab' =\u003e ['enabled' =\u003e false, /* ... */],\n            'aws' =\u003e ['enabled' =\u003e false, /* ... */],\n            'vault' =\u003e ['enabled' =\u003e false, /* ... */],\n            'azure' =\u003e ['enabled' =\u003e false, /* ... */],\n            'google' =\u003e ['enabled' =\u003e false, /* ... */],\n        ],\n    ],\n\n    /**\n     * Specify the regexes to load\n     * You can use a wildcard (*) to load all regexes in all `custom_regex_namespaces` and the default core regexes.\n     * Otherwise, specify the regexes you want to load either by qualified class name or by unqualified (base) class name,\n     * which will then search the `custom_regex_namespaces` and the default core regexes for a match.\n     */\n    'regex_loader' =\u003e ['*'],\n    \n    /**\n     * Specify regex patterns to exclude from loading when using the regex loader\n     * This allows fine-grained control over which regex patterns are loaded, especially useful when using wildcard (*) in regex_loader\n     * \n     * You can exclude patterns using any of these formats:\n     * - Fully qualified class name (e.g., 'YorCreative\\Scrubber\\RegexCollection\\GoogleApi')\n     * - Base class name (e.g., 'GoogleApi', 'EmailAddress')\n     * - Pattern constant from RegexCollection (e.g., RegexCollection::$GOOGLE_API)\n     * - Custom namespace class (e.g., 'App\\Scrubber\\RegexCollection\\HerokuApiKey')\n     * \n     * Example:\n     * [\n     *     'GoogleApi',\n     *     'YorCreative\\Scrubber\\RegexCollection\\EmailAddress',\n     *     RegexCollection::$HEROKU_API_KEY,\n     *     'App\\Scrubber\\RegexCollection\\HerokuApiKey'\n     * ]\n     */\n    'exclude_regex' =\u003e [],\n\n\n    /**\n     * Specify namespaces from which regexes will be loaded when using the wildcard (*)\n     * for the regex_loader or where you use unqualified class names.\n     */\n    'custom_regex_namespaces' =\u003e [\n       'App\\\\Scrubber\\\\RegexCollection',\n    ],\n\n    /**\n     * Specify config keys for which the values will be scrubbed\n     * You should use the dot notation to specify the keys\n     * You can use wildcards (*) to match multiple keys\n     *\n     *  - 'database.connections.*.password'\n     *  - 'app.secrets.*'\n     *  - 'app.some.nested.key'\n     */\n    'config_loader' =\u003e [\n        '*token',\n        '*key',\n        '*secret',\n        '*password',\n    ],\n\n    /**\n     * Specify the channels to tap into\n     * You can use wildcards (*) to match multiple channels\n     */ \n    'tap_channels' =\u003e false,\n];\n```\n\n## Usage\n\nThe scrubber can be utilized in two ways, the first one being a Log scrubber. A tap is added to detect and sanitize any\nsensitive information from hitting a log file. The second way is to integrate into your application and utilize the\nScrubber directly. This way is particular useful if you, for example, would like to detect and sanitize any messages on\na messaging platform.\n\n### Logging Detection \u0026 Sanitization\n\n```php\nLog::info('some message', [\n    'context' =\u003e 'accidental',\n    'leak_of' =\u003e [\n        'jwt' =\u003e '\u003cinsert jwt token here\u003e'\n    ]\n])\n\n// testing.INFO: some message {\"context\":\"accidental\",\"leak_of\":{\"jwt\": '**redacted**'}} \n\nLog::info('\u003cinsert jwt token here\u003e')\n\n// testing.INFO: **redacted**  \n```\n\n### Direct Usage for Detection \u0026 Sanitization\n\n```php\nScrubber::processMessage([\n    'context' =\u003e 'accidental',\n    'leak_of' =\u003e [\n        'jwt' =\u003e '\u003cinsert jwt token here\u003e'\n    ]\n]);\n// [\n//     \"context\" =\u003e \"accidental\"\n//     \"leak_of\" =\u003e [\n//         \"jwt\" =\u003e \"**redacted**\"\n//     ]\n// ];\n\nScrubber::processMessage('\u003cinsert jwt token here\u003e');\n// **redacted**\n```\n\n### Detection Statistics API\n\nTrack what patterns are matching and how often:\n\n```php\n// Get scrubbing statistics for the current request\n$stats = Scrubber::getStats();\n// ['total_scrubs' =\u003e 5, 'patterns_matched' =\u003e ['JsonWebToken' =\u003e 2, 'EmailAddress' =\u003e 3]]\n\n// Test a string without modifying stats - useful for debugging\n$result = Scrubber::test('Contact: john@example.com, SSN: 123-45-6789');\n// [\n//     'matched' =\u003e true,\n//     'patterns' =\u003e ['EmailAddress' =\u003e 1, 'SocialSecurityNumber' =\u003e 1],\n//     'scrubbed' =\u003e 'Contact: **redacted**, SSN: ***-**-****'\n// ]\n\n// Reset statistics between requests\nScrubber::resetStats();\n```\n\n## Log Channel Opt-in\n\nThis package provides you the ability to define through the configuration file what channels you want to scrub\nspecifically. By default, this package ships with a wildcard value and opts in to scrub all the log channels in your\napplication.\n\n### Defining Log Channel Opt-in\n\nTo opt in to one or more channels, list the channel(s) name into the `tap_channels` array in the config.\n\n```php\n'tap_channels' =\u003e [\n    'single',\n    'papertrail'\n]\n```\n\nTo disable tap logging functionality and use the package independently and not tap your Laravel application logging, modify the config file by setting the tap_channels field as follows:\n```php\n'tap_channels' =\u003e false\n```\n\n## Regex Class Opt-in\n\nYou have the ability through the configuration file to define what regex classes you want loaded into the application\nwhen it is bootstrapped. By default, this package ships with a wildcard value.\n\n### Regex Collection \u0026 Defining Opt-in\n\nTo opt in, utilize the static properties on\nthe [RegexCollection](https://github.com/YorCreative/Laravel-Scrubber/blob/main/src/Repositories/RegexCollection.php)\nclass.\n\n```php\n 'regex_loader' =\u003e [\n        RegexCollection::$GOOGLE_API,\n        RegexCollection::$AUTHORIZATION_BEARER,\n        RegexCollection::$CREDIT_CARD_AMERICAN_EXPRESS,\n        RegexCollection::$CREDIT_CARD_DISCOVER,\n        RegexCollection::$CREDIT_CARD_VISA,\n        RegexCollection::$JSON_WEB_TOKEN\n    ],\n```\n\n\u003e **Note**: The package includes 31 built-in patterns. See all available patterns in [RegexCollection.php](https://github.com/YorCreative/Laravel-Scrubber/blob/main/src/Repositories/RegexCollection.php).\n\n### PII Detection with Partial Masking\n\nThe following patterns use contextual replacement values for improved readability instead of the generic `**redacted**`:\n\n| Pattern | Detects | Masked Output |\n|---------|---------|---------------|\n| `RegexCollection::$SOCIAL_SECURITY_NUMBER` | US Social Security Numbers | `***-**-****` |\n| `RegexCollection::$PHONE_NUMBER` | Phone numbers (US/International) | `(***) ***-****` |\n| `RegexCollection::$IP_ADDRESS_V4` | IPv4 addresses | `***.***.***.***` |\n| `RegexCollection::$IP_ADDRESS_V6` | IPv6 addresses | `****:****:****:...` |\n| `RegexCollection::$IBAN` | International Bank Account Numbers | `********************` |\n\n```php\nScrubber::processMessage('SSN: 123-45-6789, Phone: (555) 123-4567');\n// \"SSN: ***-**-****, Phone: (***) ***-****\"\n\nScrubber::processMessage('Server IP: 192.168.1.1');\n// \"Server IP: ***.***.***.***\"\n```\n\n### Opting Into Custom Extended Classes\n\n\u003e To create custom scrubbers, see the [Extending the Scrubber](#extending-the-scrubber) section.\n\nThe `regex_loader` array takes strings, not objects. To opt in to specific custom extended regex classes, define the\nclass name as a string.\n\nFor example if I have a custom extended class as such:\n\n```php\n\u003c?php\n\nnamespace App\\Scrubber\\RegexCollection;\n\nuse YorCreative\\Scrubber\\Interfaces\\RegexCollectionInterface;\n\nclass TestRegex implements RegexCollectionInterface\n{\n    public function getPattern(): string\n    {\n        /**\n         * @note return a regex pattern to detect a specific piece of sensitive data.\n         */\n        return '(?\u003c=basic) [a-zA-Z0-9=:\\\\+\\/-]{5,100}';\n    }\n\n    public function getTestableString(): string\n    {\n        /**\n         * @note return a string that can be used to verify the regex pattern provided.\n         */\n        return 'basic f9Iu+YwMiJEsQu/vBHlbUNZRkN/ihdB1sNTU';\n    }\n    \n    public function getReplacementValue(): string\n    {\n        \n        /**\n         * @note return a string that replaces the regex pattern provided.\n         */\n        return config('scrubber.redaction');\n    }\n\n    public function isSecret(): bool\n    {\n        return false;\n    }\n}\n```\n\nThe `regex_loader` array should be defined as such:\n\n```php\n 'regex_loader' =\u003e [\n        RegexCollection::$GOOGLE_API,\n        RegexCollection::$AUTHORIZATION_BEARER,\n        RegexCollection::$CREDIT_CARD_AMERICAN_EXPRESS,\n        RegexCollection::$CREDIT_CARD_DISCOVER,\n        RegexCollection::$CREDIT_CARD_VISA,\n        RegexCollection::$JSON_WEB_TOKEN,\n        'TestRegex'\n    ],\n```\n### RegexCollection \u0026 Defining Opt-out\n\nWhen using wildcard loading (`'regex_loader' =\u003e ['*']`), you can exclude specific regex patterns using the `exclude_regex` configuration. This allows you to load all patterns except those explicitly excluded.\n\n```php\n'exclude_regex' =\u003e [\n    // Exclude by base class name\n    'GoogleApi',\n    \n    // Exclude by fully qualified class name\n    'YorCreative\\Scrubber\\RegexCollection\\EmailAddress',\n    \n    // Exclude using RegexCollection constant\n    RegexCollection::$HEROKU_API_KEY,\n    \n    // Exclude from custom namespace\n    'App\\Scrubber\\RegexCollection\\HerokuApiKey'\n],\n```\n\nThe exclude_regex configuration supports multiple formats for excluding patterns:\n- Base class names (e.g., 'GoogleApi')\n- Fully qualified class names\n- RegexCollection constants\n- Custom namespace classes\n\nThis is particularly useful when you want to use most patterns but need to exclude a few specific ones from your scrubbing process.\n\n\n## About the Scrubber\n\nThis package provides the ability to pull in secrets from external sources. Providing the ability to detect information\nleakage, and sanitize secrets without needing an exact regex pattern to detect it.\n\n### Encryption\n\nFor enhanced application security, all secrets pulled, from any provider, are encrypted and only decrypted to run the\ndetection. You can see this in\naction [here](https://github.com/YorCreative/Laravel-Scrubber/blob/main/src/Services/ScrubberService.php#L45).\n\n### Secret Manager Providers\n\nLaravel Scrubber supports pulling secrets from multiple external secret management services. This allows you to detect and sanitize secrets without needing exact regex patterns - if a value matches a secret from your vault, it gets scrubbed.\n\nTo enable secret managers, set `secret_manager.enabled` to `true` in your config and enable one or more providers.\n\n#### GitLab CI/CD Variables\n\nPull secrets from GitLab project variables.\n\n```php\n'gitlab' =\u003e [\n    'enabled' =\u003e true,\n    'project_id' =\u003e env('GITLAB_PROJECT_ID'),\n    'token' =\u003e env('GITLAB_TOKEN'),\n    'host' =\u003e 'https://gitlab.com', // Or your self-hosted GitLab URL\n    'keys' =\u003e ['*'], // Or specific variable names: ['DB_PASSWORD', 'API_KEY']\n],\n```\n\nSee GitLab's documentation on [adding project variables](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project).\n\n#### AWS Secrets Manager\n\nPull secrets from AWS Secrets Manager. Requires the AWS SDK.\n\n```bash\ncomposer require aws/aws-sdk-php\n```\n\n```php\n'aws' =\u003e [\n    'enabled' =\u003e true,\n    'region' =\u003e env('AWS_DEFAULT_REGION', 'us-east-1'),\n    'version' =\u003e 'latest',\n    'credentials' =\u003e [\n        'key' =\u003e env('AWS_ACCESS_KEY_ID'),\n        'secret' =\u003e env('AWS_SECRET_ACCESS_KEY'),\n    ],\n    'keys' =\u003e ['*'], // Or specific secret names/ARNs\n],\n```\n\nThe AWS SDK automatically uses the default credential chain (environment variables, IAM roles, ECS task roles, etc.) when credentials are not explicitly provided.\n\n#### HashiCorp Vault\n\nPull secrets from HashiCorp Vault using REST API. No additional dependencies required.\n\n```php\n'vault' =\u003e [\n    'enabled' =\u003e true,\n    'host' =\u003e env('VAULT_ADDR', 'http://127.0.0.1:8200'),\n    'token' =\u003e env('VAULT_TOKEN'),\n    'namespace' =\u003e env('VAULT_NAMESPACE'), // Enterprise feature (optional)\n    'engine' =\u003e env('VAULT_ENGINE', 'secret'), // KV engine mount path\n    'path' =\u003e env('VAULT_PATH', ''), // Base path within the engine\n    'version' =\u003e env('VAULT_KV_VERSION', 2), // KV engine version (1 or 2)\n    'keys' =\u003e ['*'], // Or specific secret paths\n],\n```\n\n#### Azure Key Vault\n\nPull secrets from Azure Key Vault using REST API. No additional dependencies required.\n\n```php\n'azure' =\u003e [\n    'enabled' =\u003e true,\n    'vault_url' =\u003e env('AZURE_VAULT_URL'), // https://my-vault.vault.azure.net\n    // Authentication options (in order of precedence):\n    // Option 1: Direct access token\n    'access_token' =\u003e env('AZURE_VAULT_ACCESS_TOKEN'),\n    // Option 2: Client credentials (service principal)\n    'tenant_id' =\u003e env('AZURE_TENANT_ID'),\n    'client_id' =\u003e env('AZURE_CLIENT_ID'),\n    'client_secret' =\u003e env('AZURE_CLIENT_SECRET'),\n    'keys' =\u003e ['*'], // Or specific secret names\n],\n```\n\n**Authentication methods** (in order of precedence):\n1. **Direct access token** - For testing or short-lived tokens\n2. **Managed Identity** - Auto-detected when running in Azure (App Service, Functions, VMs)\n3. **Client credentials** - Service principal with tenant_id, client_id, client_secret\n\n#### Google Cloud Secret Manager\n\nPull secrets from Google Cloud Secret Manager using REST API. No additional dependencies required.\n\n```php\n'google' =\u003e [\n    'enabled' =\u003e true,\n    'project_id' =\u003e env('GOOGLE_CLOUD_PROJECT'),\n    'access_token' =\u003e env('GOOGLE_SECRET_MANAGER_TOKEN'), // Optional\n    'keys' =\u003e ['*'], // Or specific secret names\n],\n```\n\n**Authentication methods** (in order of precedence):\n1. **Direct access token** - For testing or when running outside GCP\n2. **Application Default Credentials** - Auto-detected when running in GCP (Compute Engine, Cloud Run, GKE, Cloud Functions)\n\nWhen running on GCP, leave `access_token` empty to use ADC automatically.\n\n#### JSON Secret Values\n\nAll providers support JSON-formatted secret values. Nested values are automatically flattened:\n\n```json\n// Secret named \"database-config\" with value:\n{\n  \"host\": \"db.example.com\",\n  \"credentials\": {\n    \"username\": \"admin\",\n    \"password\": \"secret123\"\n  }\n}\n```\n\nThis creates three scrubber patterns:\n- `database-config.host` → `db.example.com`\n- `database-config.credentials.username` → `admin`\n- `database-config.credentials.password` → `secret123`\n\n## Extending the Scrubber\n\nCreating new Scrubber Detection Classes\n\n```bash\nphp artisan make:regex-class {name} \n```\n\nThis command will create a stubbed out class in `App\\Scrubber\\RegexCollection`. The Scrubber package will autoload\neverything from the `App\\Scrubber\\RegexCollection` folder with the wildcard value on the `regex_loader` array in the\nscrubber config file. You will need to provide a `Regex Pattern` and a `Testable String` for the class and you may also provide a `Replacement Value` if you want to replace the detected value with something other than the default value in the config file.\n\n## Testing\n\n```bash\ncomposer test\n```\n\n## Credits\n\n- [Yorda](https://github.com/yordadev)\n- [Magentron](https://github.com/Magentron)\n- [Whizboy-Arnold](https://github.com/Whizboy-Arnold)\n- [majchrosoft](https://github.com/majchrosoft)\n- [Lucaxue](https://github.com/lucaxue)\n- [AlexGodbehere](https://github.com/AlexGodbehere)\n- [JorgeAnzola](https://github.com/JorgeAnzola)\n- [Haddowg](https://github.com/haddowg)\n- [LorenzoSapora](https://github.com/LorenzoSapora)\n- [All Contributors](../../contributors)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyorcreative%2Flaravel-scrubber","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyorcreative%2Flaravel-scrubber","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyorcreative%2Flaravel-scrubber/lists"}