PHPackages enlightn/security-checker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. enlightn/security-checker ActiveLibrary[Security](/categories/security) enlightn/security-checker ========================= A PHP dependency vulnerabilities scanner based on the Security Advisories Database. v2.0.0(2y ago)33732.2M↓10.2%27[4 issues](https://github.com/enlightn/security-checker/issues)[3 PRs](https://github.com/enlightn/security-checker/pulls)20MITPHPPHP >=8.2 Since Jan 18Pushed 2y ago8 watchersCompare [ Source](https://github.com/enlightn/security-checker)[ Packagist](https://packagist.org/packages/enlightn/security-checker)[ RSS](/packages/enlightn-security-checker/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (7)Versions (18)Used By (20) Enlightn Security Checker ========================= [](#enlightn-security-checker) [![tests](https://github.com/enlightn/security-checker/workflows/tests/badge.svg?branch=main)](https://github.com/enlightn/security-checker/workflows/tests/badge.svg?branch=main)[![MIT Licensed](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Latest Stable Version](https://camo.githubusercontent.com/dcb3221202b174d31c3e3d3e103eb6c6d92b322da7fcfdd3f44feef2fb7c7691/68747470733a2f2f706f7365722e707567782e6f72672f656e6c696768746e2f73656375726974792d636865636b65722f762f737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/enlightn/security-checker)[![Total Downloads](https://camo.githubusercontent.com/661c4089856f4a2caefceb7c6bdb7ba0abc804ebff5bdbbcaccc5af1e435db0c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f656e6c696768746e2f73656375726974792d636865636b65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/enlightn/security-checker) The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories). Installation Options -------------------- [](#installation-options) 1. You may install the Enlightn Security Checker with Composer globally, for use with multiple projects: ``` composer global require enlightn/security-checker ``` 2. You may also install the Enlightn Security Checker in your project as a dev dependency using Composer: ``` composer require --dev enlightn/security-checker ``` 3. Instead of installing via Composer, you may also download the [security-checker.phar](https://www.laravel-enlightn.com/security-checker.phar) file. Then, in the commands below you can replace `security-checker` with `security-checker.phar`. Usage ----- [](#usage) To check for security vulnerabilities in your dependencies, you may run the `security:check` command: ``` php security-checker security:check /path/to/composer.lock ``` This command will return a success status code of `0` if there are no vulnerabilities and `1` if there is at least one vulnerability. **Note**: You would need to provide the full path of the security-checker executable if the directory is not in your path. For instance: ``` php vendor/bin/security-checker security:check /path/to/composer.lock ``` Options ------- [](#options) ### Format [](#format) By default, this command displays the result in ANSI. You may use the `--format` option to display the result in JSON instead: ``` php security-checker security:check /path/to/composer.lock --format=json ``` ### Exclude Dev Dependencies [](#exclude-dev-dependencies) If you would like to exclude dev dependencies from the vulnerabilities scanning, you may use the `--no-dev` option (defaults to false): ``` php security-checker security:check /path/to/composer.lock --no-dev ``` ### Allow vulnerabilities [](#allow-vulnerabilities) If you would like to exclude some vulnerabilities, you may use the `--allow-list` option by passing the CVE identifier, or the CVE title. You can pass multiple values as well: ``` php security-checker security:check /path/to/composer.lock --allow-list CVE-2018-15133 --allow-list "untrusted X-XSRF-TOKEN value" ``` Do not forget to wrap the title with quotes ### Custom Directory for Caching Advisories Database [](#custom-directory-for-caching-advisories-database) By default, the `SecurityChecker` API and the `security:check` command use the directory returned by the `sys_get_temp_dir` PHP function for storing the cached advisories database. If you wish to modify the directory, you may use the `--temp-dir` option: ``` php security-checker security:check /path/to/composer.lock --temp-dir=/tmp ``` API --- [](#api) You may also use the API directly in your own code like so: ``` use Enlightn\SecurityChecker\SecurityChecker; $result = (new SecurityChecker)->check('/path/to/composer.lock'); ``` The result above is an associative array. The key is the package name and the value is an array of vulnerabilities based on your package version. An example of the JSON encoded version is as below: ``` { "laravel/framework": { "version": "8.22.0", "time": "2021-01-13T13:37:56+00:00", "advisories": [{ "title": "Unexpected bindings in QueryBuilder", "link": "https://blog.laravel.com/security-laravel-62011-7302-8221-released", "cve": null }] } } ``` Contribution Guide ------------------ [](#contribution-guide) Thank you for considering contributing to the Enlightn security-checker project! The contribution guide can be found [here](https://www.laravel-enlightn.com/docs/getting-started/contribution-guide.html). License ------- [](#license) The Enlightn security checkers licensed under the [MIT license](LICENSE.md). ### Health Score 54 — FairBetter than 97% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity68 Solid adoption and visibility Community41 Growing community involvement Maturity74 Established project with proven stability Bus Factor1 Top contributor holds 79.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~66 days Recently: every ~164 days Total 17 Last Release 891d ago Major Versions v1.11.0 → 2.x-dev2023-12-10 PHP version history (3 changes)v1.0PHP ^7.2.5|^8.0 v1.4PHP >=5.6 2.x-devPHP >=8.2 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/23558090?v=4)[Miguel Piedrafita](/maintainers/m1guelpf)[@m1guelpf](https://github.com/m1guelpf) ![](https://avatars.githubusercontent.com/u/25669876?v=4)[Lars Klopstra](/maintainers/LarsKlopstra)[@Larsklopstra](https://github.com/Larsklopstra) ![](https://www.gravatar.com/avatar/d3b4395cbe0ac91e6c75a298f834f347905a340bd030e5f2046249a341569fee?d=identicon)[paras-malhotra](/maintainers/paras-malhotra) --- Top Contributors [![paras-malhotra](https://avatars.githubusercontent.com/u/16099046?v=4)](https://github.com/paras-malhotra "paras-malhotra (76 commits)")[![Chris8934](https://avatars.githubusercontent.com/u/44963939?v=4)](https://github.com/Chris8934 "Chris8934 (6 commits)")[![ajgarlag](https://avatars.githubusercontent.com/u/388184?v=4)](https://github.com/ajgarlag "ajgarlag (5 commits)")[![m1guelpf](https://avatars.githubusercontent.com/u/23558090?v=4)](https://github.com/m1guelpf "m1guelpf (3 commits)")[![thomasderoo4](https://avatars.githubusercontent.com/u/1989912?v=4)](https://github.com/thomasderoo4 "thomasderoo4 (2 commits)")[![tobias47n9e](https://avatars.githubusercontent.com/u/6953323?v=4)](https://github.com/tobias47n9e "tobias47n9e (2 commits)")[![kbond](https://avatars.githubusercontent.com/u/127811?v=4)](https://github.com/kbond "kbond (1 commits)")[![jleonardolemos](https://avatars.githubusercontent.com/u/5474031?v=4)](https://github.com/jleonardolemos "jleonardolemos (1 commits)") --- Tags phpsecuritysecurity-scannervulnerability-scannervulnerability-scanningphppackagesecurityscannervulnerability scannersecurity advisories ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/enlightn-security-checker/health.svg) ``` [![Health](https://phpackages.com/badges/enlightn-security-checker/health.svg)](https://phpackages.com/packages/enlightn-security-checker) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[drupal/core Drupal is an open source content management platform powering millions of websites and applications. 19562.3M1.3k](/packages/drupal-core)[drupal/core-recommended Locked core dependencies; require this project INSTEAD OF drupal/core. 6939.5M343](/packages/drupal-core-recommended)[shopware/core Shopware platform is the core for all Shopware ecommerce products. 595.2M386](/packages/shopware-core)[ec-cube/ec-cube EC-CUBE EC open platform. 78527.0k1](/packages/ec-cube-ec-cube) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)