PHPackages                             davidepastore/composer-audit - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. davidepastore/composer-audit

AbandonedArchivedComposer-plugin[Security](/categories/security)

davidepastore/composer-audit
============================

Composer plugin to check your composer.lock

v0.1.0(11y ago)11191[6 issues](https://github.com/DavidePastore/composer-audit/issues)[1 PRs](https://github.com/DavidePastore/composer-audit/pulls)MITPHP

Since Feb 10Pushed 3y ago3 watchersCompare

[ Source](https://github.com/DavidePastore/composer-audit)[ Packagist](https://packagist.org/packages/davidepastore/composer-audit)[ RSS](/packages/davidepastore-composer-audit/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (2)Dependencies (2)Versions (3)Used By (0)

> **Warning**This project is not maintained anymore. Since [version 2.4.0-RC1](https://getcomposer.org/changelog/2.4.0-RC1), Composer officially supports the [`audit` command that checks for known security vulnerabilities](https://getcomposer.org/doc/03-cli.md#audit).

composer-audit
==============

[](#composer-audit)

[![PSR2 Conformance](https://camo.githubusercontent.com/222488864658f128fa3d063102382f14e10fd436155bca953ef12bfd3f7b0b56/68747470733a2f2f7374796c6563692e696f2f7265706f732f33303534363031322f736869656c64)](https://styleci.io/repos/30546012/)

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses [SensioLabs Security Checker](https://github.com/sensiolabs/security-checker)).

Installation
------------

[](#installation)

Using the `composer` command:

```
$ composer require davidepastore/composer-audit:0.1.*

```

Manually adding in composer.json:

```
"require": {
  "davidepastore/composer-audit": "0.1.*"
}
```

Usage
-----

[](#usage)

The checker will be executed when you launch `composer install` or `composer update`. If you have alerts in your composer.lock, `composer-audit` will print them. An example could be this:

```
ALERTS from SensioLabs security advisories.

 *** dompdf/dompdf[v0.6.0] ***

 * dompdf/dompdf/CVE-2014-2383.yaml
Arbitrary file read in dompdf
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
CVE-2014-2383

Please fix these alerts from SensioLabs security advisories.

```

If no alert is found, you'll get this:

```
All good from SensioLabs security advisories.

```

Issues
------

[](#issues)

If you have issues, just open one [here](https://github.com/DavidePastore/composer-audit/issues).

###  Health Score

24

—

LowBetter than 32% of packages

Maintenance9

Infrequent updates — may be unmaintained

Popularity14

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

4106d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/11a9e9c18e06a1827a69e0b5e7c4644e1f937f70463ff88b25b76b172be5e769?d=identicon)[DavidePastore](/maintainers/DavidePastore)

---

Top Contributors

[![DavidePastore](https://avatars.githubusercontent.com/u/1949364?v=4)](https://github.com/DavidePastore "DavidePastore (9 commits)")

---

Tags

auditcomposercomposer-pluginphpsecurityplugincomposerSecurity Checker

### Embed Badge

![Health badge](/badges/davidepastore-composer-audit/health.svg)

```
[![Health](https://phpackages.com/badges/davidepastore-composer-audit/health.svg)](https://phpackages.com/packages/davidepastore-composer-audit)
```

###  Alternatives

[ergebnis/composer-normalize

Provides a composer plugin for normalizing composer.json.

1.1k37.3M2.1k](/packages/ergebnis-composer-normalize)[dgtlss/warden

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

8745.6k](/packages/dgtlss-warden)[bringyourownideas/silverstripe-maintenance

Toolset to help with the day by day maintenance work.

32221.8k3](/packages/bringyourownideas-silverstripe-maintenance)[bringyourownideas/silverstripe-composer-security-checker

Provides information if your SilverStripe application uses dependencies with known vulnerabilities.

11103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)[sllh/composer-lint

Extends the composer validate command with extra rules

14214.6k7](/packages/sllh-composer-lint)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)