BackwardCompatibilityCheck
SecurityAdvisories
BackwardCompatibilityCheck | SecurityAdvisories | |
---|---|---|
3 | 6 | |
559 | 2,648 | |
0.4% | 0.5% | |
8.3 | 9.6 | |
8 days ago | 6 days ago | |
PHP | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
BackwardCompatibilityCheck
-
Some thoughts on the Interface Default Methods RFC
It's also not a big risk because if it does fail it will fail every time you just load the class that implements the interface so probably your while site will error. If you do cursory testing of the new version before you deploy it you can find the problem quickly before it becomes a problem. You can also do static analysis checks on your code to make sure its compatible with the libraries you use including when you upgrade them. And library maintainers can run Roave/BackwardCompatibilityCheck/ to make sure they don't accidentally introduce a new interface method without declaring a new major version.
-
PHP libraries and tools
roave/backward-compatibility-check: Tool to compare two revisions of a class API to check for BC breaks
-
PHP 8.1 is getting Enums, and here is an article about Enums in depth
btw when I talk about breaking BC I don't really mean not compatible with something stored in the DB using a previous version of the code. I mean not compatible with other PHP code written to work with a previous version of the code. It's the sort of issue https://github.com/Roave/BackwardCompatibilityCheck exists to detect, and for which semver says you have to increase the major version number on a library.
SecurityAdvisories
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
- Open source is not a place for politics
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
What are some alternatives?
Spout - Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
local-php-security-checker - PHP security vulnerabilities checker
psalm-plugin-phpunit - A PHPUnit plugin for Psalm
enlightn - Your performance & security consultant, an artisan command away.
psalm-plugin-doctrine - Stubs to let Psalm understand Doctrine better
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
ruby-advisory-db - A database of vulnerable Ruby Gems
no-leaks - :potable_water: PHPUnit Plugin for detecting Memory Leaks in code and tests
Deptrac - Keep your architecture clean.
openapi-psr7-validator - It validates PSR-7 messages (HTTP request/response) against OpenAPI specifications
Serializer - Library for (de-)serializing data of any complexity (supports JSON, and XML)