ComposerRequireChecker
SecurityAdvisories
Our great sponsors
ComposerRequireChecker | SecurityAdvisories | |
---|---|---|
3 | 6 | |
841 | 2,632 | |
- | 0.8% | |
9.1 | 9.6 | |
3 days ago | 6 days ago | |
PHP | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ComposerRequireChecker
-
Templates available in Yii3.
Check dependencies - ComposerRequireChecker.
-
PHP libraries and tools
ComposerRequireChecker: A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
-
Weekly "ask anything" thread
https://github.com/maglnet/ComposerRequireChecker might help.
SecurityAdvisories
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
What are some alternatives?
local-php-security-checker - PHP security vulnerabilities checker
WordPress Packagist - WordPress Packagist — manage your plugins with Composer
Repman - Repman - PHP Repository Manager: packagist proxy and host for private packages
composer-patches - Simple patches plugin for Composer
PHP Architecture Tester - PHP Architecture Tester - Easy to use architectural testing tool for PHP :heavy_check_mark:
psalm-plugin-doctrine - Stubs to let Psalm understand Doctrine better
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
Deptrac - Keep your architecture clean.
enlightn - Your performance & security consultant, an artisan command away.
composer-diff - Compares composer.lock changes and generates Markdown report so you can use it in PR description.