Download the PHP package signify-nz/composer-security-checker without Composer
On this page you can find all versions of the php package signify-nz/composer-security-checker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download signify-nz/composer-security-checker
More information about signify-nz/composer-security-checker
Files in signify-nz/composer-security-checker
Package composer-security-checker
Short Description A security checker for your composer.lock
License BSD-3-Clause
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package composer-security-checker
Composer Security Checker
Inspired by sensiolabs/security-checker and fabpot/local-php-security-checker.
The Composer Security Checker provides an API for checking if your PHP application has dependencies with known security vulnerabilities. It uses the PHP Security Advisories Database - the same database used by fabpot/local-php-security-checker and the Symfony CLI.
It can be useful, for example, for applications that have a dashboard where you can display a clear warning if vulnerabilities are detected.
Install
Install via composer:
Usage
Simply instantiate a SecurityChecker object and pass the absolute path to your composer.lock file in a call to check and it will return an array of vulnerabilities that apply to the dependencies of that lock file.
If you want to omit dev dependencies from the check, just pass false as the second argument.
If you have already parsed the composer.lock file into an associative array, you can pass that to the call to check instead:
Configuration Options
There are some configuration options you can pass into the constructor to determine how the checker behaves.
| The options you can set are listed in this table. | Option name | Purpose | Value type | Default |
|---|---|---|---|---|
| advisories-dir | A writable directory to store the PHP Security Advisories Database | string | A temporary directory (uses sys_get_temp_dir) | |
| advisories-stale-after | Time in seconds that the stored advisories database is valid - it will be fetched again after this time expires. | int | 86400 (24 hours) |
|
| guzzle-options | Options to pass to the Guzzle client when fetching the advisories database. See the guzzle docs for options. | array | [] |
All versions of composer-security-checker with dependencies
ext-json Version *
ext-zip Version >= 1.1.0
guzzlehttp/guzzle Version ^6 || ^7
symfony/yaml Version ^3.2 || ^4 || ^5
composer/semver Version ^1 || ^2 || ^3