PHPackages                             ows/composer-dependencies-security-checker - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. ows/composer-dependencies-security-checker

ActiveLibrary[Security](/categories/security)

ows/composer-dependencies-security-checker
==========================================

Security checker for your composer dependencies

1.1.0(5y ago)16.0kGPL-2.0-or-laterPHP

Since Jan 22Pushed 2mo ago11 watchersCompare

[ Source](https://github.com/OWS/composer-dependencies-security-checker)[ Packagist](https://packagist.org/packages/ows/composer-dependencies-security-checker)[ RSS](/packages/ows-composer-dependencies-security-checker/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (3)Versions (4)Used By (0)

Composer dependencies security checker
======================================

[](#composer-dependencies-security-checker)

[![Build Status](https://camo.githubusercontent.com/ed57d89e232c5bd3d359193dcd675ba5e3fb7a188e1a35988736577959de3dc0/68747470733a2f2f6170692e7472617669732d63692e6f72672f4f57532f636f6d706f7365722d646570656e64656e636965732d73656375726974792d636865636b65722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/OWS/composer-dependencies-security-checker)

This library checks a composer.lock file to find existing security advisories published in a composer.json having the **conflict** property filled like  does.

This one is the default used if none passed in constructor.

Installation
------------

[](#installation)

This project can be installed with [Composer](https://getcomposer.org/):

```
$ composer require ows/composer-dependencies-security-checker
```

Usage
-----

[](#usage)

```
$checker = new Ows\ComposerDependenciesSecurityChecker\SecurityChecker();
$data = $checker->checkComposer(file_get_contents('composer.lock'));
if ($data['status'] == 'vulnerable') {
    foreach ($data['vulnerabilities'] as $package => $infos) {
        echo "{$package} ({$infos['version']}):\n";
        foreach ($infos['links'] as $link) {
            echo "{$link['title']}: {$link['link']}\n";
        }
    }
}
```

Sources
-------

[](#sources)

This library extracts data from  and indirectly from .

###  Health Score

40

—

FairBetter than 86% of packages

Maintenance57

Moderate activity, may be stable

Popularity24

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity55

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 57.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~161 days

Total

2

Last Release

1826d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/de640b896bc934391c7f5018f5fb59e226629eed72809fcb135dec858f59b871?d=identicon)[Sylry](/maintainers/Sylry)

---

Top Contributors

[![jcisio](https://avatars.githubusercontent.com/u/243907?v=4)](https://github.com/jcisio "jcisio (4 commits)")[![Sylry](https://avatars.githubusercontent.com/u/9798412?v=4)](https://github.com/Sylry "Sylry (3 commits)")

---

Tags

securitydependencieschecker

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/ows-composer-dependencies-security-checker/health.svg)

```
[![Health](https://phpackages.com/badges/ows-composer-dependencies-security-checker/health.svg)](https://phpackages.com/packages/ows-composer-dependencies-security-checker)
```

###  Alternatives

[matomo/matomo

Matomo is the leading Free/Libre open analytics platform

21.7k38.9k](/packages/matomo-matomo)[symfony/symfony

The Symfony PHP framework

31.4k87.2M2.2k](/packages/symfony-symfony)[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k465.6M1.5k](/packages/phpseclib-phpseclib)[defuse/php-encryption

Secure PHP Encryption Library

3.9k175.2M254](/packages/defuse-php-encryption)[craftcms/cms

Craft CMS

3.6k3.6M3.1k](/packages/craftcms-cms)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M142](/packages/mews-purifier)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
