SecurityAdvisories
:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily (by Roave)
ComposerRequireChecker
A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies (by maglnet)
Our great sponsors
| SecurityAdvisories | ComposerRequireChecker | |
|---|---|---|
| 6 | 3 | |
| 2,644 | 848 | |
| 0.9% | - | |
| 9.6 | 9.1 | |
| 8 days ago | 6 days ago | |
| PHP | ||
| MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecurityAdvisories
Posts with mentions or reviews of SecurityAdvisories.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-11.
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
- Open source is not a place for politics
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
ComposerRequireChecker
Posts with mentions or reviews of ComposerRequireChecker.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-11.
-
Templates available in Yii3.
Check dependencies - ComposerRequireChecker.
-
PHP libraries and tools
ComposerRequireChecker: A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
-
Weekly "ask anything" thread
https://github.com/maglnet/ComposerRequireChecker might help.
What are some alternatives?
When comparing SecurityAdvisories and ComposerRequireChecker you can also consider the following projects:
local-php-security-checker - PHP security vulnerabilities checker
WordPress Packagist - WordPress Packagist — manage your plugins with Composer
enlightn - Your performance & security consultant, an artisan command away.
Repman - Repman - PHP Repository Manager: packagist proxy and host for private packages
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
ruby-advisory-db - A database of vulnerable Ruby Gems
composer-patches - Simple patches plugin for Composer
Deptrac - Keep your architecture clean.
PHP Architecture Tester - PHP Architecture Tester - Easy to use architectural testing tool for PHP :heavy_check_mark:
Serializer - Library for (de-)serializing data of any complexity (supports JSON, and XML)
SecurityAdvisories vs local-php-security-checker
ComposerRequireChecker vs WordPress Packagist
SecurityAdvisories vs enlightn
ComposerRequireChecker vs Repman
SecurityAdvisories vs PHPStan
ComposerRequireChecker vs local-php-security-checker
SecurityAdvisories vs ruby-advisory-db
ComposerRequireChecker vs composer-patches
SecurityAdvisories vs Deptrac
ComposerRequireChecker vs PHP Architecture Tester
SecurityAdvisories vs Serializer
ComposerRequireChecker vs PHPStan