Strengthen your PHP Composer dependencies

Posted: 2016-12-21 22:38:22 by Alasdair Keyes

Direct Link | RSS feed


For those of you that use Composer to install and manage dependencies in your PHP App, you may be interested in https://github.com/Roave/SecurityAdvisories.

When updating your dependencies, it will alert if the versions you are using contain known vulnerabilities. It's quite simple in it's operation, the composer.json file populates the conflict key with a list of package versions that are known to be insecure so composer will fail to update.

The list isn't exhaustive, but it contains a number of large packages such as Doctrine, Drupal, Zend, Symfony


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-619e08f203


Validate HTML 5