local-php-security-checker
PHP security vulnerabilities checker (by fabpot)
SecurityAdvisories
:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily (by Roave)
| local-php-security-checker | SecurityAdvisories | |
|---|---|---|
| 5 | 6 | |
| 1,148 | 2,648 | |
| - | 1.1% | |
| 2.9 | 9.6 | |
| 10 days ago | 5 days ago | |
| Go | ||
| GNU Affero General Public License v3.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
local-php-security-checker
Posts with mentions or reviews of local-php-security-checker.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-03-26.
-
What are some helpful tools every Laravel CI pipeline should have?
test -d local-php-security-checker || curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v1.2.0/local-php-security-checker_1.2.0_linux_amd64 --output local-php-security-checker chmod +x local-php-security-checker ./local-php-security-checker
-
Unknown error running php bin/console security:check
The best alternative to use now is to download a local-security-checker binary (https://github.com/fabpot/local-php-security-checker/releases), saving it in the bin folder, and running that binary (via bin/local-php-security-checker).
-
PHP libraries and tools
Local PHP Security Checker: PHP security vulnerabilities checker
-
Laravel QR Code Generator Infected with Malware
It looks like they utilize this repo for advisories: https://github.com/FriendsOfPHP/security-advisories/ -- via https://symfony.com/blog/the-php-security-checker-as-a-docker-image
-
Why does validating a user require 14000 files?
https://github.com/fabpot/local-php-security-checker
I agree, composer is not perfect, but before it was worse.
SecurityAdvisories
Posts with mentions or reviews of SecurityAdvisories.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-11.
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
- With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
- Open source is not a place for politics
-
Composer conflict, how can we use it?
In order to avoid accepting third-party code with well-known security issues you can take advantage of SecurityAdvisories by Roave, a library which uses conflict as shown in this article to block unsafe packages. Give it a look!
-
PHP libraries and tools
roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
-
Laravel QR Code Generator Infected with Malware
Every composer user should use at least https://github.com/Roave/SecurityAdvisories
What are some alternatives?
When comparing local-php-security-checker and SecurityAdvisories you can also consider the following projects:
Spout - Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
enlightn - Your performance & security consultant, an artisan command away.
ComposerRequireChecker - A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
GrumPHP - A PHP code-quality tool
ruby-advisory-db - A database of vulnerable Ruby Gems
google-api-php-client-services
Deptrac - Keep your architecture clean.
google-api-php-client - A PHP client library for accessing Google APIs
Serializer - Library for (de-)serializing data of any complexity (supports JSON, and XML)
churn-php - Discover files in need of refactoring.
local-php-security-checker vs Spout
SecurityAdvisories vs enlightn
local-php-security-checker vs ComposerRequireChecker
SecurityAdvisories vs PHPStan
local-php-security-checker vs GrumPHP
SecurityAdvisories vs ruby-advisory-db
local-php-security-checker vs google-api-php-client-services
SecurityAdvisories vs Deptrac
local-php-security-checker vs google-api-php-client
SecurityAdvisories vs Serializer
local-php-security-checker vs churn-php
SecurityAdvisories vs GrumPHP