PHP Roave Security Advisories

$ composer require roave/security-advisories:dev-master
$ # following commands will fail:
$ composer require symfony/symfony:2.5.2
$ composer require zendframework/zendframework:2.3.1

This package ensures that your PHP application doesn’t have installed dependencies with known security vulnerabilities.

This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add "roave/security-advisories": "dev-master" to your composer.json "require" section and you will not be able to harm yourself with software with known security vulnerabilities.

Differs from Sensiolabs’ Security Advisories Checker as Roave Security Advisories prevents you from installing known vulnerable packages. This is done in a rather simple – yet ingenious – way: the packages with known vulnerabilities are blacklisted using Composer’s conflict property.

Roave Security Advisories →

(via)

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.