davidepastore / composer-audit
Composer plugin to check your composer.lock
Installs: 19
Dependents: 0
Suggesters: 0
Security: 0
Stars: 9
Watchers: 4
Forks: 1
Open Issues: 7
Type:composer-plugin
Requires
- composer-plugin-api: 1.0.0
- sensiolabs/security-checker: 2.*
This package is auto-updated.
Last update: 2023-03-06 13:28:46 UTC
README
Warning This project is not maintained anymore. Since version 2.4.0-RC1, Composer officially supports the
audit
command that checks for known security vulnerabilities.
composer-audit
A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker).
Installation
Using the composer
command:
$ composer require davidepastore/composer-audit:0.1.*
Manually adding in composer.json:
"require": { "davidepastore/composer-audit": "0.1.*" }
Usage
The checker will be executed when you launch composer install
or composer update
.
If you have alerts in your composer.lock, composer-audit
will print them. An example could be this:
ALERTS from SensioLabs security advisories.
*** dompdf/dompdf[v0.6.0] ***
* dompdf/dompdf/CVE-2014-2383.yaml
Arbitrary file read in dompdf
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
CVE-2014-2383
Please fix these alerts from SensioLabs security advisories.
If no alert is found, you'll get this:
All good from SensioLabs security advisories.
Issues
If you have issues, just open one here.