Composer 2.4 features scanning the installed and new packages for known security vulnerabilities. When a new package is installed, or an existing package is updated, Composer looks up the package version numbers on known security vulnerability announcements, and reports if there are any known vulnerabilities in the list of packages.

Read more [php.watch]