magehost / composer-security-check-plugin
Checks installed dependencies against SensioLabs security advisory database
Installs: 8 439
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 4
Open Issues: 0
Type:composer-plugin
Requires
- composer-plugin-api: ^2.0
- ext-curl: *
- ext-json: *
- symfony/yaml: ^4.1
Requires (Dev)
- composer/composer: ^2.0
- phpunit/phpunit: ^7.2
This package is auto-updated.
Last update: 2024-04-26 21:37:52 UTC
README
For global install:
composer global require magehost/composer-security-check-plugin
For project install:
composer require magehost/composer-security-check-plugin
Run these commands to see some sample behavior:
mkdir insecure-project
cd insecure-project
composer init --name="insecure/project" --description="insecure project" -l MIT -n
composer require 3f/pygmentize:1.0
composer require magehost/composer-security-check-plugin
composer audit
composer audit --format=simple
composer audit --format=json
composer validate
composer require 3f/pygmentize --update-with-all-dependencies
composer audit
By default this tool uploads your composer.lock file to the security.symfony.com webservice which uses the checks from https://github.com/FriendsOfPHP/security-advisories.
You can check offline by downloading a local version of this repo and specify its path using:
composer audit --audit-db /path/to/security-advisories
Inspired on: https://github.com/sensiolabs/security-checker
Alternative: https://github.com/Roave/SecurityAdvisories