ows / composer-dependencies-security-checker
Security checker for your composer dependencies
Installs: 3 691
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 11
Forks: 0
Open Issues: 0
Requires
- ext-json: *
- composer/semver: ^1.5 || ^3.0
Requires (Dev)
- phpstan/phpstan: ^0.12.5
- phpunit/phpunit: ^8.5
This package is auto-updated.
Last update: 2024-03-29 03:59:29 UTC
README
This library checks a composer.lock file to find existing security advisories published in a composer.json having the conflict property filled like https://github.com/Roave/SecurityAdvisories does.
This one is the default used if none passed in constructor.
Installation
This project can be installed with Composer:
$ composer require ows/composer-dependencies-security-checker
Usage
$checker = new Ows\ComposerDependenciesSecurityChecker\SecurityChecker(); $data = $checker->checkComposer(file_get_contents('composer.lock')); if ($data['status'] == 'vulnerable') { foreach ($data['vulnerabilities'] as $package => $infos) { echo "{$package} ({$infos['version']}):\n"; foreach ($infos['links'] as $link) { echo "{$link['title']}: {$link['link']}\n"; } } }
Sources
This library extracts data from https://github.com/Roave/SecurityAdvisories and indirectly from https://github.com/FriendsOfPHP/security-advisories.