通过以下链接搜索:
magehost / composer-security-check-plugin
检查已安装的依赖项与SensioLabs安全建议数据库进行比对
2.0.0
2020-10-26 14:28 UTC
Requires
- composer-plugin-api: ^2.0
- ext-curl: *
- ext-json: *
- symfony/yaml: ^4.1
Requires (Dev)
- composer/composer: ^2.0
- phpunit/phpunit: ^7.2
This package is auto-updated.
Last update: 2024-08-26 22:29:36 UTC
README
全局安装
composer global require magehost/composer-security-check-plugin
项目安装
composer require magehost/composer-security-check-plugin
运行以下命令以查看一些示例行为
mkdir insecure-project
cd insecure-project
composer init --name="insecure/project" --description="insecure project" -l MIT -n
composer require 3f/pygmentize:1.0
composer require magehost/composer-security-check-plugin
composer audit
composer audit --format=simple
composer audit --format=json
composer validate
composer require 3f/pygmentize --update-with-all-dependencies
composer audit
默认情况下,此工具会将您的composer.lock文件上传到security.symfony.com网络服务,该服务使用来自https://github.com/FriendsOfPHP/security-advisories的检查。
您可以通过下载此repo的本地版本,并使用以下命令指定其路径来离线检查:
composer audit --audit-db /path/to/security-advisories