magehost/composer-security-check-plugin

Checks installed dependencies against SensioLabs security advisory database

Maintainers

Details

github.com/magehost/composer-security-check-plugin

Source

Issues

Installs: 8 440

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 4

Open Issues: 0

Type:composer-plugin

2.0.0 2020-10-26 14:28 UTC

Requires

Requires (Dev)

MIT 3db69a7e7365c578266be21fb85be14399daef7d

  • Steve Buzonas <steve.woop@fancyguy.com>
  • Jeroen Vermeulen <jeroen.woop@magehost.pro>

This package is auto-updated.

Last update: 2024-10-26 22:52:27 UTC

README

For global install:

composer global require magehost/composer-security-check-plugin

For project install:

composer require magehost/composer-security-check-plugin

Run these commands to see some sample behavior:

mkdir insecure-project
cd insecure-project
composer init --name="insecure/project" --description="insecure project" -l MIT -n
composer require 3f/pygmentize:1.0
composer require magehost/composer-security-check-plugin
composer audit
composer audit --format=simple
composer audit --format=json
composer validate
composer require 3f/pygmentize --update-with-all-dependencies
composer audit

By default this tool uploads your composer.lock file to the security.symfony.com webservice which uses the checks from https://github.com/FriendsOfPHP/security-advisories.

You can check offline by downloading a local version of this repo and specify its path using:

composer audit --audit-db /path/to/security-advisories

Inspired on: https://github.com/sensiolabs/security-checker

Alternative: https://github.com/Roave/SecurityAdvisories