PHPackages                             aaronsaray/composer-mac-security-demonstration - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. aaronsaray/composer-mac-security-demonstration

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

aaronsaray/composer-mac-security-demonstration
==============================================

This demonstrates one example of what composer can do if you use it locally using your mac. Always review your source code before installing!

1.0.1(7y ago)014MIT

Since Jan 19Pushed 7y ago1 watchersCompare

[ Source](https://github.com/aaronsaray/composer-mac-security-demonstration)[ Packagist](https://packagist.org/packages/aaronsaray/composer-mac-security-demonstration)[ RSS](/packages/aaronsaray-composer-mac-security-demonstration/feed)WikiDiscussions master Synced 2mo ago

READMEChangelogDependenciesVersions (3)Used By (0)

Composer Mac Security Demonstration
===================================

[](#composer-mac-security-demonstration)

This example "library" demonstrates one of the abilities we implicitly grant [Composer](https://getcomposer.org/)when we run an install locally. For demonstration purposes, I've made this a local demo for a Mac. It will execute the `say` command to demonstrate it can execute things you didn't necessarily authorize.

There is a companion piece with this located at [aaronsaray.com/blog](https://www.aaronsaray.com/2019/composer-security-concerns-create-project).

###  Health Score

26

—

LowBetter than 43% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity6

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

2666d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/5a9ad2a426eb84bbb6d5fd7f8a9000797796581c2aeda0d27b39391e55c0e7a3?d=identicon)[aaronsaray](/maintainers/aaronsaray)

---

Top Contributors

[![aaronsaray](https://avatars.githubusercontent.com/u/956888?v=4)](https://github.com/aaronsaray "aaronsaray (2 commits)")

### Embed Badge

![Health badge](/badges/aaronsaray-composer-mac-security-demonstration/health.svg)

```
[![Health](https://phpackages.com/badges/aaronsaray-composer-mac-security-demonstration/health.svg)](https://phpackages.com/packages/aaronsaray-composer-mac-security-demonstration)
```

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)