Automatically reject packages with known security vulnerabilities

Dec 29th 2014

This package ensures that your application doesn't have installed dependencies with known security vulnerabilities.
...

The checks are only executed when adding a new dependency via composer require or when running composer update: deploying an application with a valid composer.lock and via composer install won't trigger any security versions checking.

https://github.com/Roave/SecurityAdvisories

Awesome idea! It works by leveraging the "conflict"-property in the composer.json-file of the package.

← An overview of the command bus

Performance profiling with the Chrome Dev Tools →

Share Post LinkedIn | Follow @freekmurze

Join 9,500+ smart developers

Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.

No spam. Unsubscribe anytime. You can also follow me on X.

Found something interesting to share? Submit a link to the community section.

I'm a Laravel developer at Spatie and Oh Dear. I maintain 300+ open source packages for the Laravel community.

Follow on X

Oh Dear monitors your entire website, so you don't have to. Uptime, SSL certificates, broken links, scheduled tasks, DNS, and more — all in one place.

Get instant notifications when something breaks, paired with a developer friendly API and thorough documentation.

Create a public status page in under a minute. Start your free trial.