Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Marco Pivetta:
roave/security-advisories: Composer against Security Vulnerabilities
Dec 30, 2014 @ 12:12:40

As Marco Pivetta has mentioned in his latest post to his site, Roave has released a tool for use with Composer that helps prevent vulnerable versions of software from even being installed (based on the data from the security-advisories data from FriendsOfPHP).

Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project.

The tool makes use of a "conflict" metapackage, mentioned in the Composer spec, and fails when the software and version is listed in the FriendsOfPHP information. This integration with Composer means that there's no need to run a separate tool for the checks to be made. It's integrated into the workflow and will dynamically fail without the need for you to update anything.

tagged: roave securityadvisories prevent vulnerable software composer install

Link: http://ocramius.github.io/blog/roave-security-advisories-protect-against-composer-packages-with-security-issues/