davidepastore/composer-audit

This package is abandoned and no longer maintained. No replacement package was suggested.

Composer plugin to check your composer.lock

Installs: 19

Dependents: 0

Suggesters: 0

Security: 0

Stars: 9

Watchers: 4

Forks: 1

Open Issues: 7

Type:composer-plugin

v0.1.0 2015-02-10 09:02 UTC

This package is auto-updated.

Last update: 2023-03-06 13:28:46 UTC


README

Warning This project is not maintained anymore. Since version 2.4.0-RC1, Composer officially supports the audit command that checks for known security vulnerabilities.

composer-audit

PSR2 Conformance

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker).

Installation

Using the composer command:

$ composer require davidepastore/composer-audit:0.1.*

Manually adding in composer.json:

"require": {
  "davidepastore/composer-audit": "0.1.*"
}

Usage

The checker will be executed when you launch composer install or composer update. If you have alerts in your composer.lock, composer-audit will print them. An example could be this:

ALERTS from SensioLabs security advisories.

 *** dompdf/dompdf[v0.6.0] ***

 * dompdf/dompdf/CVE-2014-2383.yaml
Arbitrary file read in dompdf
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
CVE-2014-2383


Please fix these alerts from SensioLabs security advisories.

If no alert is found, you'll get this:

All good from SensioLabs security advisories.

Issues

If you have issues, just open one here.