SecurityAdvisories
:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily (by Roave)
composer-unused
Show unused composer dependencies by scanning your code (by composer-unused)
Our great sponsors
SecurityAdvisories | composer-unused | |
---|---|---|
6 | 3 | |
2,644 | 1,491 | |
0.9% | 1.8% | |
9.6 | 7.7 | |
8 days ago | 6 days ago | |
PHP | ||
MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecurityAdvisories
Posts with mentions or reviews of SecurityAdvisories.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-11.
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
- Open source is not a place for politics
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
composer-unused
Posts with mentions or reviews of composer-unused.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-10-26.
-
Determine which dependencies are being used in a project?
Check https://github.com/composer-unused/composer-unused
-
Styling console applications based on Symfony, Laravel, CakePHP, and other frameworks using Termage!
I like the idea and examples and I was looking for some time to improve console output for composer-unused, to be honest.
-
PHP libraries and tools
composer-unused: Show unused composer dependencies by scanning your code
What are some alternatives?
When comparing SecurityAdvisories and composer-unused you can also consider the following projects:
local-php-security-checker - PHP security vulnerabilities checker
unused-scanner - Detect unused composer dependencies
enlightn - Your performance & security consultant, an artisan command away.
Composer - Dependency Manager for PHP
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
Composer Installers - A Multi-Framework Composer Library Installer
ruby-advisory-db - A database of vulnerable Ruby Gems
php-dependency-analysis - Library for check dependency between modules inside projects
Deptrac - Keep your architecture clean.
Climb
Serializer - Library for (de-)serializing data of any complexity (supports JSON, and XML)
Pickle - PHP Extension installer
SecurityAdvisories vs local-php-security-checker
composer-unused vs unused-scanner
SecurityAdvisories vs enlightn
composer-unused vs Composer
SecurityAdvisories vs PHPStan
composer-unused vs Composer Installers
SecurityAdvisories vs ruby-advisory-db
composer-unused vs php-dependency-analysis
SecurityAdvisories vs Deptrac
composer-unused vs Climb
SecurityAdvisories vs Serializer
composer-unused vs Pickle