will laravels packages also work on Lumen?

I would backup everything first and perhaps give it a try. If it doesn't work just restore your backup. But there is also html purifier: http://htmlpurifier.org/

there is also a postman that hacker can use to post something to an endpoint and then htmlpurifier is of no use :)

You could just strip tags:

    public static function fixValue($rvalue) {
        $rvalue = empty($rvalue) && !is_numeric($rvalue) ? NULL : trim(strip_tags($rvalue));
        return $rvalue;
    }

But is there a bug in htmlpurifier, can you explain?

sorry name of that package confused me, I thought it would execute on the client and not on server, actually link I post first is wrapper for the htmlpurifier! :)

Scrolled through the service provider of the Purifier package you mentioned and it seems like it's wired up for Lumen as well :P

https://github.com/mewebstudio/Purifier/blob/master/src/PurifierServiceProvider.php#L32

if ($this->app instanceof LaravelApplication && $this->app->runningInConsole()) {
    $this->publishes([$source => config_path('purifier.php')]);
} elseif ($this->app instanceof LumenApplication) {
    $this->app->configure('purifier');
}