PHPackages liveecommerce/security-advisories - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. liveecommerce/security-advisories ActiveMetapackage[Security](/categories/security) liveecommerce/security-advisories ================================= Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 04.5k↓23.8% Since Jul 11Pushed 1y agoCompare [ Source](https://github.com/liveecommerce/SecurityAdvisories)[ Packagist](https://packagist.org/packages/liveecommerce/security-advisories)[ RSS](/packages/liveecommerce-security-advisories/feed)WikiDiscussions latest Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Roave Security Advisories ========================= [](#roave-security-advisories) This is a fork to use laminas 2.11.\*. -------------------------------------- [](#this-is-a-fork-to-use-laminas-211) A message to Russian 🇷🇺 people ------------------------------ [](#a-message-to-russian--people) If you currently live in Russia, please read [this message](./ToRussianPeople.md). [![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md) ### Purpose [](#purpose) [![Hourly build](https://github.com/Roave/SecurityAdvisoriesBuilder/workflows/Hourly%20build/badge.svg?branch=latest)](https://github.com/Roave/SecurityAdvisoriesBuilder/actions?query=workflow%3A%22Hourly+build%22)[![Downloads](https://camo.githubusercontent.com/81ea1506fec7a312bcea5745a637f534b5eddb7a791c05de107687c38c724ccb/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f726f6176652f73656375726974792d61647669736f726965732e737667)](https://packagist.org/packages/roave/security-advisories) This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installation ------------ [](#installation) ``` composer require --dev roave/security-advisories:dev-latest ``` Usage ----- [](#usage) This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add `"roave/security-advisories": "dev-latest"` to your `composer.json` `"require-dev"` section and you will not be able to harm yourself with software with known security vulnerabilities. For example, try following: ``` composer require --dev roave/security-advisories:dev-latest # following commands will fail: composer require symfony/symfony:2.5.2 composer require zendframework/zendframework:2.3.1 ``` The checks are only executed when adding a new dependency via `composer require` or when running `composer update`: deploying an application with a valid `composer.lock` and via `composer install` won't trigger any security versions checking. > You can manually trigger a version check by using the `--dry-run` switch on an update while not doing anything. Running `composer update --dry-run roave/security-advisories` is an effective way to manually trigger a security version check. roave/security-advisories for enterprise ---------------------------------------- [](#roavesecurity-advisories-for-enterprise) Available as part of the Tidelift Subscription. The maintainers of roave/security-advisories and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more](https://tidelift.com/subscription/pkg/packagist-roave-security-advisories?utm_source=packagist-roave-security-advisories&utm_medium=referral&utm_campaign=enterprise&utm_term=repo). You can also contact us at for looking into security issues in your own project. Stability --------- [](#stability) This package can only be required in its `dev-latest` version: there will never be stable/tagged versions because of the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a specific tagged version of the package would not make any sense. This package is therefore only suited for installation in the root of your deployable project. Sources ------- [](#sources) This package extracts information about existing security issues in various composer projects from the [FriendsOfPHP/security-advisories](https://github.com/FriendsOfPHP/security-advisories) repository and the [GitHub Advisory Database](https://github.com/advisories?query=ecosystem%3Acomposer). ### Health Score 21 — LowBetter than 18% of packages Maintenance27 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community16 Small or concentrated contributor base Maturity18 Early-stage or recently created project Bus Factor1 Top contributor holds 97.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/6d9f529a8742282fdaa98c35e8ef65394e69d2c6471ae27c1a6706b0a133a862?d=identicon)[felipeantoniolli](/maintainers/felipeantoniolli) --- Top Contributors [![Ocramius](https://avatars.githubusercontent.com/u/154256?v=4)](https://github.com/Ocramius "Ocramius (1115 commits)")[![felipeantoniolli](https://avatars.githubusercontent.com/u/40534681?v=4)](https://github.com/felipeantoniolli "felipeantoniolli (5 commits)")[![stof](https://avatars.githubusercontent.com/u/439401?v=4)](https://github.com/stof "stof (3 commits)")[![glensc](https://avatars.githubusercontent.com/u/199095?v=4)](https://github.com/glensc "glensc (2 commits)")[![GeeH](https://avatars.githubusercontent.com/u/613376?v=4)](https://github.com/GeeH "GeeH (2 commits)")[![asgrim](https://avatars.githubusercontent.com/u/496145?v=4)](https://github.com/asgrim "asgrim (2 commits)")[![pborreli](https://avatars.githubusercontent.com/u/77759?v=4)](https://github.com/pborreli "pborreli (1 commits)")[![rob006](https://avatars.githubusercontent.com/u/5972388?v=4)](https://github.com/rob006 "rob006 (1 commits)")[![slash3b](https://avatars.githubusercontent.com/u/3269573?v=4)](https://github.com/slash3b "slash3b (1 commits)")[![zbrag](https://avatars.githubusercontent.com/u/1644844?v=4)](https://github.com/zbrag "zbrag (1 commits)")[![Zombaya](https://avatars.githubusercontent.com/u/13340313?v=4)](https://github.com/Zombaya "Zombaya (1 commits)")[![chapeupreto](https://avatars.githubusercontent.com/u/834048?v=4)](https://github.com/chapeupreto "chapeupreto (1 commits)")[![christiaan](https://avatars.githubusercontent.com/u/118490?v=4)](https://github.com/christiaan "christiaan (1 commits)")[![devatliveecommerce](https://avatars.githubusercontent.com/u/49412087?v=4)](https://github.com/devatliveecommerce "devatliveecommerce (1 commits)")[![GrahamCampbell](https://avatars.githubusercontent.com/u/2829600?v=4)](https://github.com/GrahamCampbell "GrahamCampbell (1 commits)")[![malukenho](https://avatars.githubusercontent.com/u/3275172?v=4)](https://github.com/malukenho "malukenho (1 commits)") ### Embed Badge ![Health badge](/badges/liveecommerce-security-advisories/health.svg) ``` [![Health](https://phpackages.com/badges/liveecommerce-security-advisories/health.svg)](https://phpackages.com/packages/liveecommerce-security-advisories) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)