PHP Roave Security Advisories

$ composer require roave/security-advisories:dev-master
$ # following commands will fail:
$ composer require symfony/symfony:2.5.2
$ composer require zendframework/zendframework:2.3.1

This package ensures that your PHP application doesn’t have installed dependencies with known security vulnerabilities.

This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add "roave/security-advisories": "dev-master" to your composer.json "require" section and you will not be able to harm yourself with software with known security vulnerabilities.

Differs from Sensiolabs’ Security Advisories Checker as Roave Security Advisories prevents you from installing known vulnerable packages. This is done in a rather simple – yet ingenious – way: the packages with known vulnerabilities are blacklisted using Composer’s conflict property.

Roave Security Advisories →


Published by Bramus!

Bramus is a frontend web developer from Belgium, working as a Chrome Developer Relations Engineer at Google. From the moment he discovered view-source at the age of 14 (way back in 1997), he fell in love with the web and has been tinkering with it ever since (more …)

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.