PHPackages o-rey/legs - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. o-rey/legs ActivePackage[Security](/categories/security) o-rey/legs ========== Security issue demo package 22PHP Since Dec 11Pushed 2y ago1 watchersCompare [ Source](https://github.com/o-rey/legs)[ Packagist](https://packagist.org/packages/o-rey/legs)[ RSS](/packages/o-rey-legs/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Legs are not required! ====================== [](#legs-are-not-required) Security issue proof of concept. It uses a well-known plugin `kylekatarnls/update-helper` to do some nasty stuff. Being required, this package outputs welcome message ("Legs are not required") and deletes root `autoload.php`. [![Legs are not required](media/legs.webp?raw=true "Das not good")](media/legs.webp?raw=true) Usage ----- [](#usage) ``` composer require o-rey/legs ``` ### Health Score 14 — LowBetter than 2% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community7 Small or concentrated contributor base Maturity20 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/b05b7b070366b9e859cc024a0cbf85048cf5376cc4955fe13b73b0edd978fe2b?d=identicon)[o-rey](/maintainers/o-rey) --- Top Contributors [![o-rey](https://avatars.githubusercontent.com/u/5132302?v=4)](https://github.com/o-rey "o-rey (2 commits)") ### Embed Badge ![Health badge](/badges/o-rey-legs/health.svg) ``` [![Health](https://phpackages.com/badges/o-rey-legs/health.svg)](https://phpackages.com/packages/o-rey-legs) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)