SecurityAdvisories
composer-normalize
Our great sponsors
SecurityAdvisories | composer-normalize | |
---|---|---|
6 | 6 | |
2,644 | 1,006 | |
0.9% | 1.6% | |
9.6 | 9.4 | |
8 days ago | 3 days ago | |
PHP | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecurityAdvisories
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
- Open source is not a place for politics
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
composer-normalize
-
Elevate Your PHP Development Game with Composer Tips
Composer-Normalize: Your Organization Sidekick! Let's talk about keeping things neat and tidy! Enter Composer-Normalize. This nifty tool ensures your composer.json file stays impeccably organized and sorted. No more chaotic dependency lists - it's all about that clean, structured vibe! ππ More info here: https://github.com/ergebnis/composer-normalize
-
The "pds/composer-script-names" standard is now stable
I guess composer normalize is doing those checks since it is validating the composer.json against it's official schema. More at https://github.com/ergebnis/composer-normalize
-
Users of VS Code, what Composer-related features would you like to see?
Use composer-normalize as a formatter
-
PHP libraries and tools
composer-normalize: Provides a composer plugin for normalizing composer.json.
-
Create or Update PR Action
The README itself shows that itβs being used to keep track of Chinese Starbucks stores, download JSON schema updates periodically and even by the Node project itself to keep the license file up to date.
What are some alternatives?
local-php-security-checker - PHP security vulnerabilities checker
Composer Merge Plugin - Merge one or more additional composer.json files at Composer runtime
enlightn - Your performance & security consultant, an artisan command away.
NameSpacer - PHP Class converter to namepaces.
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
Satis - Simple static Composer repository generator - For a full private Composer repo use Private Packagist
ruby-advisory-db - A database of vulnerable Ruby Gems
Patch Installer - Patch other composer packages on install or update
Deptrac - Keep your architecture clean.
Prestissimo - composer parallel install plugin
Serializer - Library for (de-)serializing data of any complexity (supports JSON, and XML)
psalm-plugin-phpunit - A PHPUnit plugin for Psalm