PHPackages element119/module-sansec-composer-integrity-checker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. element119/module-sansec-composer-integrity-checker ActiveMagento2-module[Security](/categories/security) element119/module-sansec-composer-integrity-checker =================================================== A Magento 2 module wrapper for the Sansec Composer Integrity plugin. 1.2.0(3y ago)3018.3k↓35.7%2[3 issues](https://github.com/element119/module-sansec-composer-integrity-checker/issues)proprietaryPHP Since Apr 24Pushed 3y ago1 watchersCompare [ Source](https://github.com/element119/module-sansec-composer-integrity-checker)[ Packagist](https://packagist.org/packages/element119/module-sansec-composer-integrity-checker)[ RSS](/packages/element119-module-sansec-composer-integrity-checker/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (7)Dependencies (2)Versions (8)Used By (0) element119 | Sansec Composer Integrity Checker ============================================== [](#element119--sansec-composer-integrity-checker) 📝 Features ---------- [](#-features) ✔️ Identify potentially unwanted changes made to your project dependencies using the [Sansec Composer integrity plugin](https://github.com/sansecio/composer-integrity-plugin) ✔️ Scan files automatically via cron or as a manual admin action ✔️ Email and admin notifications for packages that do not meet your desired integrity rating ✔️ Configure a safe list to reduce the noise generated by the scanner ✔️ Supports Magento Open Source and Adobe Commerce ✔️ Theme agnostic ✔️ Dedicated module configuration section secured with custom admin user controls ✔️ Seamless integration with Magento ✔️ Built with developers and extensibility in mind to make customisations as easy as possible ✔️ Installable via Composer 🔌 Installation -------------- [](#-installation) Run the following command to *install* this module: ``` composer require element119/module-sansec-composer-integrity-checker php bin/magento setup:upgrade ``` ### Post-Installation Steps [](#post-installation-steps) It is also recommended that you enable the scans and lock the related config value: ``` php bin/magento config:set --lock-config system/sansec_composer_integrity_checker/scan_enable 1 ``` ⏫ Updating ---------- [](#-updating) Run the following command to *update* this module: ``` composer update element119/module-sansec-composer-integrity-checker php bin/magento setup:upgrade ``` ❌ Uninstallation ---------------- [](#-uninstallation) Run the following command to *uninstall* this module: ``` composer remove element119/module-sansec-composer-integrity-checker php bin/magento setup:upgrade ``` 📚 User Guide ------------ [](#-user-guide) Configuration for this module can be found in the Magento admin under `Stores -> Settings -> Configuration -> Advanced -> System -> Sansec Composer Integrity Checker` ### Scan Results Grid [](#scan-results-grid) The results of the most recent scan can be seen in the admin by navigating to `Reports -> Sansec Composer Integrity Checker -> Integrity Status`. ### Enable/Disable Scanning [](#enabledisable-scanning) The Sansec Composer integrity scan can be disabled by setting this option to `No`. This is set to `Yes` by default. ### Match Percentage Threshold for Notification [](#match-percentage-threshold-for-notification) The value specified here determines the minimum match percentage required for the integrity checks to be considered sucessful. Admins will be notified of any packages that fail to meet this number via a warning and email notifications will be sent if enabled. ### Only Show Failures in Admin Grid [](#only-show-failures-in-admin-grid) Determines whether to only show packages that have failed to meet the match threshold in the admin grid. This feature is disabled by default but can be enabled by setting this option to `Yes`. ### Report Integrity Failures by Email [](#report-integrity-failures-by-email) Allow emails to be sent when the Sansec Composer integrity checker finds discrepancies with your dependency files. This feature is disabled by default but can be enabled by setting this option to `Yes`. Once enabled you will be able to configure a threshold for dependency matching as well as a list of email address to notify when a failure occurs. ### Report Errors To [](#report-errors-to) This option is only considered when integrity failure emails are enabled. These dynamic rows allow you to configure a series of email addresses that should be notified when packages fail to meet the configured threshold. ### Enable Package Ignore List [](#enable-package-ignore-list) Allows specified packages to be removed from various reporting channels. This feature is disabled by default but can be enabled by setting this option to `Yes`. ### Ignored Packages [](#ignored-packages) This option is only considered when the package ignore list is enabled. These dynamic rows allow you to configure a set of packages that should be ignored for various reporting channels. The values expected here are the Composer package names in the format `vendor/package-name`. ### Remove Ignored Packages from Admin Grid [](#remove-ignored-packages-from-admin-grid) This option is only considered when the package ignore list is enabled. This feature is disabled by default but can be enabled by setting this option to `Yes`. When enabled, ignored packages will be removed from the admin grid. ### Remove Ignored Packages from Admin Notifications [](#remove-ignored-packages-from-admin-notifications) This option is only considered when the package ignore list is enabled. This feature is disabled by default but can be enabled by setting this option to `Yes`. When enabled, ignored packages will not be considered when determining whether to display the admin notification and the number of packages it reports as having failed to meet the threshold. ### Remove Ignored Packages from Email Notifications [](#remove-ignored-packages-from-email-notifications) This option is only considered when email notifications are enabled **and** when the package ignore list is enabled. This feature is disabled by default but can be enabled by setting this option to `Yes`. When enabled, ignored packages will be removed from email notifications. 📸 Screenshots & GIFs ------------------------ [](#-screenshots--gifs) ### Admin Configuration [](#admin-configuration) [![admin-config](https://private-user-images.githubusercontent.com/40261741/239103719-d6ee992f-a513-473f-b607-7497723b2d99.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzQ3NjM1ODEsIm5iZiI6MTc3NDc2MzI4MSwicGF0aCI6Ii80MDI2MTc0MS8yMzkxMDM3MTktZDZlZTk5MmYtYTUxMy00NzNmLWI2MDctNzQ5NzcyM2IyZDk5LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzI5VDA1NDgwMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTRiMjNiMmFkMDYzZWU4Njc2MDIyMmY0MjM5N2QyZTljYjIwN2Y0NWY2ZTFlYjk2NjZjMjM0MmRkNjQwZTc1NWMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.XbhQTYkr94-qSN_eQ6w_-v7mhknfWm3z9snrZWvvKgk)](https://private-user-images.githubusercontent.com/40261741/239103719-d6ee992f-a513-473f-b607-7497723b2d99.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzQ3NjM1ODEsIm5iZiI6MTc3NDc2MzI4MSwicGF0aCI6Ii80MDI2MTc0MS8yMzkxMDM3MTktZDZlZTk5MmYtYTUxMy00NzNmLWI2MDctNzQ5NzcyM2IyZDk5LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzI5VDA1NDgwMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTRiMjNiMmFkMDYzZWU4Njc2MDIyMmY0MjM5N2QyZTljYjIwN2Y0NWY2ZTFlYjk2NjZjMjM0MmRkNjQwZTc1NWMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.XbhQTYkr94-qSN_eQ6w_-v7mhknfWm3z9snrZWvvKgk) ### Admin Grid [](#admin-grid) [![admin-grid](https://user-images.githubusercontent.com/40261741/234440974-3ff17d18-faa0-407b-9b25-0e7e76e7d8aa.png)](https://user-images.githubusercontent.com/40261741/234440974-3ff17d18-faa0-407b-9b25-0e7e76e7d8aa.png) ### Admin Notification [](#admin-notification) [![admin-notification](https://user-images.githubusercontent.com/40261741/234434736-0e187e19-f474-47cd-804b-7f4d150ba31b.png)](https://user-images.githubusercontent.com/40261741/234434736-0e187e19-f474-47cd-804b-7f4d150ba31b.png) ### Example Email Notification [](#example-email-notification) [![email-example](https://user-images.githubusercontent.com/40261741/234102797-8937df5a-7312-4750-a9ca-09c2ad7379bd.png)](https://user-images.githubusercontent.com/40261741/234102797-8937df5a-7312-4750-a9ca-09c2ad7379bd.png) ### Health Score 32 — LowBetter than 72% of packages Maintenance18 Infrequent updates — may be unmaintained Popularity36 Limited adoption so far Community11 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 95.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~4 days Total 7 Last Release 1097d ago Major Versions 0.3.0 → 1.0.02023-04-28 ### Community Maintainers ![](https://www.gravatar.com/avatar/9eb2b9f555deb74b70b6fa37fe4e505579581ee49c6ca3420dcd769602cf8107?d=identicon)[pykettk](/maintainers/pykettk) --- Top Contributors [![pykettk](https://avatars.githubusercontent.com/u/40261741?v=4)](https://github.com/pykettk "pykettk (43 commits)")[![fredden](https://avatars.githubusercontent.com/u/334786?v=4)](https://github.com/fredden "fredden (2 commits)") --- Tags composermagento2security ### Embed Badge ![Health badge](/badges/element119-module-sansec-composer-integrity-checker/health.svg) ``` [![Health](https://phpackages.com/badges/element119-module-sansec-composer-integrity-checker/health.svg)](https://phpackages.com/packages/element119-module-sansec-composer-integrity-checker) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)