0

SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, regularly updated

Github 資源庫
主要指標

Github星跟蹤圖

Roave Security Advisories

Build Status
Downloads

This package ensures that your application doesn't have installed dependencies with known security vulnerabilities.

Installation

composer require --dev roave/security-advisories:dev-master

Usage

This package does not provide any API or usable classes: its only purpose is to prevent installation of software
with known and documented security issues.
Simply add "roave/security-advisories": "dev-master" to your composer.json "require-dev" section and you will
not be able to harm yourself with software with known security vulnerabilities.

For example, try following:

composer require --dev roave/security-advisories:dev-master
# following commands will fail:
composer require symfony/symfony:2.5.2
composer require zendframework/zendframework:2.3.1

The checks are only executed when adding a new dependency via composer require or when running composer update:
deploying an application with a valid composer.lock and via composer install won't trigger any security versions
checking.

You can manually trigger a version check by using the --dry-run switch on an update while not doing anything. Running composer update --dry-run roave/security-advisories is an effective way to manually trigger a security version check.

roave/security-advisories for enterprise

Available as part of the Tidelift Subscription.

The maintainers of roave/security-advisories and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more..

You can also contact us at team@roave.com for looking into security issues in your own project.

Stability

This package can only be required in its dev-master version: there will never be stable/tagged versions because of
the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a
specific tagged version of the package would not make any sense.

This package is therefore only suited for installation in the root of your deployable project.

Sources

This package extracts information about existing security issues in various composer projects from
the FriendsOfPHP/security-advisories repository.

主要指標

概覽
名稱與所有者Roave/SecurityAdvisories
主編程語言
編程語言 (語言數: 0)
平台
許可證MIT License
所有者活动
創建於2014-11-05 14:34:26
推送於2025-06-02 17:06:16
最后一次提交2025-06-02 17:06:15
發布數0
用户参与
星數2.8k
關注者數73
派生數109
提交數1.9k
已啟用問題?
問題數91
打開的問題數0
拉請求數29
打開的拉請求數1
關閉的拉請求數20
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?