$ composer require roave/security-advisories:dev-master
$ # following commands will fail:
$ composer require symfony/symfony:2.5.2
$ composer require zendframework/zendframework:2.3.1
This package ensures that your PHP application doesn’t have installed dependencies with known security vulnerabilities.
This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add
"roave/security-advisories": "dev-master"
to yourcomposer.json
"require"
section and you will not be able to harm yourself with software with known security vulnerabilities.
Differs from Sensiolabs’ Security Advisories Checker as Roave Security Advisories prevents you from installing known vulnerable packages. This is done in a rather simple – yet ingenious – way: the packages with known vulnerabilities are blacklisted using Composer’s conflict
property.
(via)