Strengthen your PHP Composer dependencies

Posted: 2016-12-21 22:38:22 by Alasdair Keyes

Direct Link | RSS feed


For those of you that use Composer to install and manage dependencies in your PHP App, you may be interested in https://github.com/Roave/SecurityAdvisories.

When updating your dependencies, it will alert if the versions you are using contain known vulnerabilities. It's quite simple in it's operation, the composer.json file populates the conflict key with a list of package versions that are known to be insecure so composer will fail to update.

The list isn't exhaustive, but it contains a number of large packages such as Doctrine, Drupal, Zend, Symfony


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

© Alasdair Keyes

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-fa5e8fd8f4


Validate HTML 5