Module for Composer allowing the transfer of package dependencies to ECS for further legal and vulnerability analysis. See https://ecs.eacg.de for a detailed service description.

1.0.1 2017-06-16 13:21 UTC

This package is not auto-updated.

Last update: 2022-11-26 17:18:19 UTC


Latest Stable Version License

Composer module to transfer dependency information to TrustSource server (Open Source Compliance Solution). Find more information about TrustSource at https://www.trustsource.io


  • PHP >= 5.4
  • composer/composer >= 1.4
  • curl/curl >= 1.6
  • league/climate >= 3.2


Run: composer require eacg-gmbh/ecs-composer

Add post-autoload-dump script to the composer.json file to transfer dependency information right after composer install, composer update or composer dumpautoload:

"scripts": {
    "post-autoload-dump": [

To store your credentials for automated transfer you may create .ecsrc.json in your project directory or in your home directory to set credentials globally (not recommended!)

.ecsrc.json example:

  "userName": "UserName",
  "apiKey": "apiKey",
  "url": "url",
  "project": "Project Description"


You also may initiate transfer to TrustSource server manually by executing following command via terminal:

./vendor/bin/ecs-composer -u userName -k apiKey -p Project 
./vendor/bin/ecs-composer -c config.json
Usage: ./bin/ecs-composer [-k apiKey, --apiKey apiKey] [-c config, --config config] [--help]
       [-p project, --project project] [--url url] [-u userName, --userName userName] [-v, --version]

Optional Arguments:
	-u userName, --userName userName
	-k apiKey, --apiKey apiKey
	-p project, --project project
		project name
	--url url
	-c config, --config config
		config path
		Prints a usage statement
	-v, --version
		Prints a version