PHPackages                             smichaelsen/no-insecure-typo3-extensions - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. smichaelsen/no-insecure-typo3-extensions

ActiveLibrary[Security](/categories/security)

smichaelsen/no-insecure-typo3-extensions
========================================

This package declares conflicts to insecure TYPO3 extensions

866.6k↓54.2%

Since Aug 31Pushed 1mo ago2 watchersCompare

[ Source](https://github.com/smichaelsen/no-insecure-typo3-extensions)[ Packagist](https://packagist.org/packages/smichaelsen/no-insecure-typo3-extensions)[ RSS](/packages/smichaelsen-no-insecure-typo3-extensions/feed)WikiDiscussions master Synced 3d ago

READMEChangelogDependenciesVersions (2)Used By (0)

No insecure TYPO3 extensions
============================

[](#no-insecure-typo3-extensions)

This package is inspired by [roave/security-advisories](https://github.com/Roave/SecurityAdvisories). When you require this package it ensures that you can not load TYPO3 extensions in versions with known vulnerabilities (according to the rating in the TER by the TYPO3 security team).

I've built this with best intentions and to my best knowledge. Nevertheless this comes without guarantee. Do not hold me responsible in case something unexpected/undesired happens.

Usage
-----

[](#usage)

### Option #1: Require

[](#option-1-require)

`composer require smichaelsen/no-insecure-typo3-extensions dev-master`

Require this package in your project permanently and from now on when you require a TYPO3 extension that has known security issues you will get a composer conflict on `composer update`.

**Pro**: Easy to setup and fits every (composer based) TYPO3 project.
**Con**: You only recognize insecure extensions when you actively perform `composer update`.

### Option #2: Dry Run in CI

[](#option-2-dry-run-in-ci)

If you have a CI that can run tests on your project you can perform on every test:

`composer update --dry-run smichaelsen/no-insecure-typo3-extensions dev-master`

**Pro**: You will immediatelly be informed about insecure extensions in your project in every test run.
**Con:** You need a CI server or a similar setup where automatic tests are performed.

Does this make my project (more) secure?
----------------------------------------

[](#does-this-make-my-project-more-secure)

When you are maintaining TYPO3 projects it's your responsibility to stay up to date with [security advisories](https://typo3.org/help/security-advisories/) and best practices. This package can not take this responsibility from you. However it can be an additional security measure.

Which TYPO3 extensions are covered?
-----------------------------------

[](#which-typo3-extensions-are-covered)

This package relies on information from the [TYPO3 TER](https://extensions.typo3.org/) - so only extensions that are published there are covered. It also covers Extensions published via packagist, when they are available in the TER.

How (often) is it updated?
--------------------------

[](#how-often-is-it-updated)

[This project](https://gitlab.com/smichaelsen/no-insecure-extensions-updater) automatically checks the TER extension list for updated security information twice a day and updates this package when necessary.

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance60

Regular maintenance activity

Popularity35

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity31

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/886face3e57e668db2bf95d62325f423baf7e9d8949a9e4c84d3a0e6c3891920?d=identicon)[smichaelsen](/maintainers/smichaelsen)

---

Top Contributors

[![smichaelsen](https://avatars.githubusercontent.com/u/912435?v=4)](https://github.com/smichaelsen "smichaelsen (64 commits)")

### Embed Badge

![Health badge](/badges/smichaelsen-no-insecure-typo3-extensions/health.svg)

```
[![Health](https://phpackages.com/badges/smichaelsen-no-insecure-typo3-extensions/health.svg)](https://phpackages.com/packages/smichaelsen-no-insecure-typo3-extensions)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M143](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24820.0k38](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
