PHPackages funkjedi/composer-plugin-security-check - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. funkjedi/composer-plugin-security-check ActiveComposer-plugin[Security](/categories/security) funkjedi/composer-plugin-security-check ======================================= Plugin for Composer to check if your application uses dependencies with known security vulnerabilities. 1.3.0(5y ago)09.9k[1 issues](https://github.com/funkjedi/composer-plugin-security-check/issues)MITPHPCI failing Since Mar 8Pushed 5y agoCompare [ Source](https://github.com/funkjedi/composer-plugin-security-check)[ Packagist](https://packagist.org/packages/funkjedi/composer-plugin-security-check)[ RSS](/packages/funkjedi-composer-plugin-security-check/feed)WikiDiscussions master Synced 5d ago READMEChangelog (4)Dependencies (4)Versions (5)Used By (0) Composer - Security Check Plugin ================================ [](#composer---security-check-plugin) Plugin for Composer to check if your application uses dependencies with known security vulnerabilities. Performs a securty check on your project's depenencies using the SensioLabs Security Checker. The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the [SensioLabs Security Check Web service](http://security.sensiolabs.org) and the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories). Installation ------------ [](#installation) ``` $ composer require funkjedi/composer-plugin-security-check --dev ``` Usage ----- [](#usage) ``` $ composer check-security ``` ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community6 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~321 days Total 4 Last Release 2028d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/409ca1cc960f4126409e74afcf2daeef025b45c2c07eab05576adbf24de6db9c?d=identicon)[funkjedi](/maintainers/funkjedi) --- Top Contributors [![funkjedi](https://avatars.githubusercontent.com/u/9314?v=4)](https://github.com/funkjedi "funkjedi (6 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/funkjedi-composer-plugin-security-check/health.svg) ``` [![Health](https://phpackages.com/badges/funkjedi-composer-plugin-security-check/health.svg)](https://phpackages.com/packages/funkjedi-composer-plugin-security-check) ``` ### Alternatives [drupal/core-vendor-hardening Hardens the vendor directory for when it's in the docroot. 174.5M28](/packages/drupal-core-vendor-hardening)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 10103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)[mxr576/ddqg-composer-audit Drupal Dependency Quality Gate Composer Audit plugin 1056.7k2](/packages/mxr576-ddqg-composer-audit)[plan2net/typo3-update-check A Composer plugin that checks for TYPO3 updates and provides detailed information about breaking changes and security updates 204.5k](/packages/plan2net-typo3-update-check) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)