Download the PHP package bernardosecades/packagist-security-checker without Composer

On this page you can find all versions of the php package bernardosecades/packagist-security-checker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of bernardosecades/packagist-security-checker

Informations about the package packagist-security-checker

Packagist Security Checker

Build Status Scrutinizer Code Quality Code Coverage License SensioLabsInsight

About

Tool to check possible bugs in your dependencies (public and private dependencies). It is based on semver to detect bugs in your dependencies.

Example:

In your composer.lock you have this package:

Where version follow format: MAJOR.MINOR.PATCH, read more in semver, so if exist in packagist that package with the same MAJOR, MINOR and next patch version mean you have a possible bug in your dependencies and you should update them.

Why?

Composer

With composer you can know if your dependencies need to be updated, example:

This command will show packages you can update and latest versions, but some times is not necessary update them if you do not need new funcionalities of those packages, but if your dependency there are bug fixes you should update them at least to last PATCH version, and you can get this info from Packagist Security Checker.

SensioLabs - Security Checker

This is a great tool created by SensioLabs. It checks if your application uses dependencies with known security vulnerabilities. It uses the SensioLabs Security Check Web service and the Security Advisories Database.

Usually bugs of most popular libraries are reported to Security Advisories Database, but libraries not really popular but they are used by others projects are not reported or maybe their database are not updated. As well this service works only for public repositories.

Packagist Security Checker

Packagist Security Checker use API from packagist and uses semantic versioning to detect possible bugs. It works with popular and no popular libraries if they are enabled in packagist.

This tool can be used as well in your instance of packagist in your company, so in this case can detect possible bugs in private repositories as well.

Limitations

Usage

See all report

See only bugs

Get report in json format

Execute tool with your own instance of packagist:

Integration

You can easily integrate the checker into your project:

Add command in your Symfony Console Application

Using the PackagistSecurityCheckerCommand class into your Symfony Console application

Use class directly in your own code

Or using the PackagistSecurityChecker class directly in your own code

Installation

.phar file

You can also use already last built .phar.

You can copy the .phar file as a global script

Compile

You can also compile your own version of the package. (Remember you will need set phar.readonly = Off in your php.ini).

You can copy the .phar file as a global script

Screenshots

./bin/packagist-security-checker sc tests/fixtures/composer.lock

./bin/packagist-security-checker sc tests/fixtures/composer.lock --only-bugs

./bin/packagist-security-checker sc tests/fixtures/composer.lock --only-bugs --format=json

All versions of packagist-security-checker with dependencies

PHP Build Version
Package Version
Requires php Version ^5.5|^7.0
symfony/console Version ^2.2|^3.0
symfony/process Version ^2.2|^3.0
symfony/finder Version ^2.2|^3.0
doctrine/inflector Version ^1.1
guzzlehttp/guzzle Version ^6.2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package bernardosecades/packagist-security-checker contains the following files

Loading the files please wait ....