Download the PHP package signify-nz/composer-security-checker without Composer
On this page you can find all versions of the php package signify-nz/composer-security-checker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download signify-nz/composer-security-checker
More information about signify-nz/composer-security-checker
Files in signify-nz/composer-security-checker
Package composer-security-checker
Short Description A security checker for your composer.lock
License BSD-3-Clause
Informations about the package composer-security-checker
Composer Security Checker
Inspired by sensiolabs/security-checker and fabpot/local-php-security-checker.
The Composer Security Checker provides an API for checking if your PHP application has dependencies with known security vulnerabilities. It uses the PHP Security Advisories Database - the same database used by fabpot/local-php-security-checker and the Symfony CLI.
It can be useful, for example, for applications that have a dashboard where you can display a clear warning if vulnerabilities are detected.
Install
Install via composer:
Usage
Simply instantiate a SecurityChecker
object and pass the absolute path to your composer.lock
file in a call to check
and it will return an array of vulnerabilities that apply to the dependencies of that lock file.
If you want to omit dev dependencies from the check, just pass false
as the second argument.
If you have already parsed the composer.lock
file into an associative array, you can pass that to the call to check
instead:
Configuration Options
There are some configuration options you can pass into the constructor to determine how the checker behaves.
The options you can set are listed in this table. | Option name | Purpose | Value type | Default |
---|---|---|---|---|
advisories-dir | A writable directory to store the PHP Security Advisories Database | string | A temporary directory (uses sys_get_temp_dir) | |
advisories-stale-after | Time in seconds that the stored advisories database is valid - it will be fetched again after this time expires. | int | 86400 (24 hours) |
|
guzzle-options | Options to pass to the Guzzle client when fetching the advisories database. See the guzzle docs for options. | array | [] |
All versions of composer-security-checker with dependencies
ext-json Version *
ext-zip Version >= 1.1.0
guzzlehttp/guzzle Version ^6 || ^7
symfony/yaml Version ^3.2 || ^4 || ^5
composer/semver Version ^1 || ^2 || ^3