PHPackages simonhamp/ensemble-plugin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. simonhamp/ensemble-plugin ActiveLibrary[Security](/categories/security) simonhamp/ensemble-plugin ========================= Connects your project to Ensemble v2.0.1(6y ago)4893MITPHP Since Jun 7Pushed 6y ago1 watchersCompare [ Source](https://github.com/simonhamp/ensemble-plugin)[ Packagist](https://packagist.org/packages/simonhamp/ensemble-plugin)[ Docs](https://ens.emble.app/)[ GitHub Sponsors](https://github.com/simonhamp)[ RSS](/packages/simonhamp-ensemble-plugin/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (5)Versions (8)Used By (0) Ensemble Plugin =============== [](#ensemble-plugin) Adds a public endpoint to your application that [Ensemble](https://ens.emble.app)can periodically request for information about your Composer packages. 🙏 Please consider [sponsoring](https://github.com/sponsors/simonhamp) the development of Ensemble 💚 Requirements ------------ [](#requirements) - An Ensemble account (completely free!) - Laravel 7+ - PHP 7+ #### Security, Privacy & Performance [](#security-privacy--performance) To protect your application, we encrypt the information about your packages using a unique, private key that is given to you when you set up your app in Ensemble. This means, even if your app is only accessible via HTTP, it will be very hard for a third party to discover what packages it depends on. **!!! DON'T SHARE YOUR PRIVATE KEY !!!** If you feel that the key is compromised, you will be able to generate a new one easily. Also, even though the endpoint is public, it requires a special kind of `POST`containing an encrypted payload (also using the pre-shared private key), to make sure only Ensemble can request the encrypted data about your packages. And if someone does discover the payload, it has a time limit so it can only be used for a short time (usually less than a minute). Further, to stop even Ensemble causing you problems, this plugin caches the response before sending it back. This cache lasts for 60 minutes by default (configurable, see below). This helps prevent Ensemble from abusing your app/server resources, either inadvertently or in the unlikely event of a security breach. If you disable Ensemble or we have any problems communicating with your app multiple times in a row, we'll stop trying until you tell us otherwise. Installation ------------ [](#installation) ``` $ composer require simonhamp/ensemble-plugin ``` This will install the latest version of the plugin. You can install earlier versions that will support Laravel 5.5+, but I highly recommend that you upgrade your app to the latest version of Laravel. **NB: This package currently only supports Laravel.**If you'd like to use Ensemble with another framework, please [raise an issue](https://github.com/simonhamp/ensemble-plugin/issues/new?template=integration.md) ##### Configure [](#configure) Add the following to your `.env`: ``` # Required config ENSEMBLE_ENABLED=true ENSEMBLE_PRIVATE_KEY=#The key provided when creating your app in Ensemble# # Optional config ENSEMBLE_ENDPOINT=#The URL we'll use to communicate with your app. Default: /ensemble# ENSEMBLE_CACHE_TTL=#The cache life in minute. Default: 60# ``` ### Health Score 32 — LowBetter than 71% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community9 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 84% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~116 days Recently: every ~171 days Total 7 Last Release 2196d ago Major Versions v1.2.1 → v2.0.02020-05-03 ### Community Maintainers ![](https://www.gravatar.com/avatar/9ab43d3432a80f0f41fe7015280f6024ff13fe8c2306cf114a1fbc91a4cd6f35?d=identicon)[simonhamp](/maintainers/simonhamp) --- Top Contributors [![simonhamp](https://avatars.githubusercontent.com/u/31628?v=4)](https://github.com/simonhamp "simonhamp (21 commits)")[![Jamesking56](https://avatars.githubusercontent.com/u/253237?v=4)](https://github.com/Jamesking56 "Jamesking56 (4 commits)") --- Tags composersecurityupdatespackages ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/simonhamp-ensemble-plugin/health.svg) ``` [![Health](https://phpackages.com/badges/simonhamp-ensemble-plugin/health.svg)](https://phpackages.com/packages/simonhamp-ensemble-plugin) ``` ### Alternatives [enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker)[jorijn/laravel-security-checker Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you. 2021.8M1](/packages/jorijn-laravel-security-checker)[bringyourownideas/silverstripe-maintenance Toolset to help with the day by day maintenance work. 32221.8k3](/packages/bringyourownideas-silverstripe-maintenance)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 11103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[flarum/extension-manager An extension manager to install, update and remove extension packages from the interface (Wrapper around composer). 12211.5k](/packages/flarum-extension-manager) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)