PHPackages magehost/composer-security-check-plugin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. magehost/composer-security-check-plugin AbandonedArchivedComposer-plugin[Security](/categories/security) magehost/composer-security-check-plugin ======================================= Checks installed dependencies against SensioLabs security advisory database 2.0.0(5y ago)08.4kMITPHP Since Jun 8Pushed 5y agoCompare [ Source](https://github.com/magehost/composer-security-check-plugin)[ Packagist](https://packagist.org/packages/magehost/composer-security-check-plugin)[ RSS](/packages/magehost-composer-security-check-plugin/feed)WikiDiscussions master Synced 3d ago READMEChangelog (2)Dependencies (4)Versions (9)Used By (0) Security Check Plugin for Composer 2.x ====================================== [](#security-check-plugin-for-composer-2x) For global install: ``` composer global require magehost/composer-security-check-plugin ``` For project install: ``` composer require magehost/composer-security-check-plugin ``` Run these commands to see some sample behavior: ``` mkdir insecure-project cd insecure-project composer init --name="insecure/project" --description="insecure project" -l MIT -n composer require 3f/pygmentize:1.0 composer require magehost/composer-security-check-plugin composer audit composer audit --format=simple composer audit --format=json composer validate composer require 3f/pygmentize --update-with-all-dependencies composer audit ``` By default this tool uploads your `composer.lock` file to the [security.symfony.com](https://security.symfony.com/) webservice which uses the checks from . You can check offline by downloading a local version of this [repo](https://github.com/FriendsOfPHP/security-advisories) and specify its path using: ``` composer audit --audit-db /path/to/security-advisories ``` Inspired on: Alternative: ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community8 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor1 Top contributor holds 86.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~217 days Total 5 Last Release 2026d ago Major Versions 1.2.1 → 2.0.02020-10-26 ### Community Maintainers ![](https://www.gravatar.com/avatar/fa91a42671fb8d5ae19a3ab11e41077750d88a5993925c644afd5c587e52532a?d=identicon)[MageHost](/maintainers/MageHost) --- Top Contributors [![sbuzonas](https://avatars.githubusercontent.com/u/1659267?v=4)](https://github.com/sbuzonas "sbuzonas (19 commits)")[![jeroenvermeulen](https://avatars.githubusercontent.com/u/658024?v=4)](https://github.com/jeroenvermeulen "jeroenvermeulen (3 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/magehost-composer-security-check-plugin/health.svg) ``` [![Health](https://phpackages.com/badges/magehost-composer-security-check-plugin/health.svg)](https://phpackages.com/packages/magehost-composer-security-check-plugin) ``` ### Alternatives [enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker)[drupal/core-vendor-hardening Hardens the vendor directory for when it's in the docroot. 174.5M28](/packages/drupal-core-vendor-hardening)[craftcamp/php-abac Library used to implement Attribute-Based Access Control in a PHP application 987.1k2](/packages/craftcamp-php-abac)[mxr576/ddqg-composer-audit Drupal Dependency Quality Gate Composer Audit plugin 1056.7k2](/packages/mxr576-ddqg-composer-audit) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)