Download the PHP package roave/security-advisories without Composer
On this page you can find all versions of the php package roave/security-advisories. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Short Description Prevents installation of composer packages with known security vulnerabilities: no API, simply require it
All versions of security-advisories with dependencies
Informations about the package security-advisories
Roave Security Advisories
This package ensures that your application doesn't have installed dependencies with known security vulnerabilities.
This package does not provide any API or usable classes: its only purpose is to prevent installation of software
with known and documented security issues.
"roave/security-advisories": "dev-latest" to your
"require-dev" section and you will
not be able to harm yourself with software with known security vulnerabilities.
For example, try following:
The checks are only executed when adding a new dependency via
composer require or when running
deploying an application with a valid
composer.lock and via
composer install won't trigger any security versions
You can manually trigger a version check by using the
--dry-runswitch on an update while not doing anything. Running
composer update --dry-run roave/security-advisoriesis an effective way to manually trigger a security version check.
roave/security-advisories for enterprise
Available as part of the Tidelift Subscription.
The maintainers of roave/security-advisories and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
You can also contact us at [email protected] for looking into security issues in your own project.
This package can only be required in its
dev-latest version: there will never be stable/tagged versions because of
the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a
specific tagged version of the package would not make any sense.
This package is therefore only suited for installation in the root of your deployable project.
This package extracts information about existing security issues in various composer projects from the FriendsOfPHP/security-advisories repository.