SecurityAdvisories
Infection
Our great sponsors
SecurityAdvisories | Infection | |
---|---|---|
6 | 10 | |
2,644 | 1,981 | |
0.9% | 0.9% | |
9.6 | 8.5 | |
8 days ago | 15 days ago | |
PHP | ||
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecurityAdvisories
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
- Open source is not a place for politics
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
Infection
-
Who tests the tests? Mutation testing with Infection in PHP
Obviously, we can not generate mutants manually. For that purpose, there are mutation testing utilities. For PHP, we have Infection.
-
PHP libraries and tools
Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
-
I created a package to encourage developers in my team to write tests. What do you think? Any feedback? Thanks!
If you want to enforce testing automatically probably the best option is to rely on mutation testing, using Infection. That doesn't just check that the tests cover the code, it checks that if the code was different to what it is then the tests would (usually) fail.
-
Collecting line, branch, and path coverage with PHPUnit
IMO code coverage is a very flawed metric on its own. A high percentage doesn't guarantee that the tests actually test the right things, and it would be much more efficient if mutation testing was used (e.g. Infection). It still uses the generated code coverage reports, but only as a base for its own metrics.
-
Am I writing the right kinds of (unit) tests? See below for an example. Thanks!
For your last edit - you can also add infection which will infect your code with other values, like if you expect a positive number, it will try and inject a negative number - and see what happens - does your code break everything or something. Also it will try to inject false where you might expect a true and many many other things, and yes you will get some weird results from infection, but its a good thing to look at, and atleast check the logs and see why the infection failed at a test.
- I'm looking for "complex" or "advanced" topics that don't get enough coverage
-
Codewars Kata. It uses 100 random tests for a boolean.
The only one that I've used is infection for PHP.
-
Verify your true code coverage by removing lines of PHP code, see if it affects PHPUnit results
That's practically a light form of mutant testing. Have you checked Infection?
What are some alternatives?
local-php-security-checker - PHP security vulnerabilities checker
Pest - Pest is an elegant PHP testing Framework with a focus on simplicity, meticulously designed to bring back the joy of testing in PHP.
enlightn - Your performance & security consultant, an artisan command away.
rector-laravel - Rector upgrades rules for Laravel
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
php-mysql-engine - A MySQL engine written in pure PHP
ruby-advisory-db - A database of vulnerable Ruby Gems
ParaTest - :computer: Parallel testing for PHPUnit
Deptrac - Keep your architecture clean.
psalm-plugin-phpunit - A PHPUnit plugin for Psalm
Serializer - Library for (de-)serializing data of any complexity (supports JSON, and XML)
churn-php - Discover files in need of refactoring.