PHPackages                             thirtybittech/safe-check - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. thirtybittech/safe-check

ActiveStatamic-addon[Security](/categories/security)

thirtybittech/safe-check
========================

A Statamic control panel addon that scans Composer dependencies for known security vulnerabilities.

v1.0.6(5mo ago)08MITVuePHP ^8.1

Since Jan 18Pushed 5mo agoCompare

[ Source](https://github.com/thirtyBitTech/safe-check)[ Packagist](https://packagist.org/packages/thirtybittech/safe-check)[ Docs](https://github.com/thirtybittech/safe-check)[ RSS](/packages/thirtybittech-safe-check/feed)WikiDiscussions main Synced today

READMEChangelog (4)Dependencies (3)Versions (8)Used By (0)

Safe Check
==========

[](#safe-check)

[![Overview](screenshots/overview.png)](screenshots/overview.png)

**Dependency Vulnerability Scanning for Statamic**

Safe Check is a Statamic Control Panel addon that scans your Composer dependencies for **known security vulnerabilities** and presents the results in a **clear, actionable, human-readable format**.

Built for teams who want visibility, not noise.

---

Why Safe Check?
---------------

[](#why-safe-check)

Modern PHP applications depend on dozens (sometimes hundreds) of third-party packages. Vulnerabilities in those dependencies are one of the most common attack vectors, yet they often go unnoticed.

Safe Check brings **dependency vulnerability awareness directly into the Statamic Control Panel**, without external dashboards, CI complexity, or overwhelming reports.

It’s designed for:

- Statamic developers
- Agencies maintaining multiple sites
- Teams who want *clarity*, not security theater

---

Key Features
------------

[](#key-features)

### 🔍 Dependency Vulnerability Scanning

[](#-dependency-vulnerability-scanning)

Scan your project’s `composer.lock` file and identify known vulnerabilities using trusted public advisory data.

- Package name
- Installed version
- Vulnerability identifiers (GHSA / OSV IDs)
- Severity (best-effort)
- Affected version ranges

---

Installation
------------

[](#installation)

Safe Check is installed like any other Statamic addon.

### 1. Require the package via Composer

[](#1-require-the-package-via-composer)

```
composer require thirtybittech/safe-check
```

---

### 🧠 Plain-English Explanations

[](#-plain-english-explanations)

Safe Check doesn’t just list vulnerabilities — it explains them when they are available.

For each issue, you’ll see:

- **What the vulnerability is**
- **Why it matters**
- **What to do next** (update, monitor, or reduce exposure)

This makes the output useful not just for security experts, but for everyday developers.

---

### 📊 Clean Control Panel Interface

[](#-clean-control-panel-interface)

All results live inside the Statamic CP, designed to feel native and unobtrusive.

- Scan summary at a glance
- Clear vulnerability table
- Drill-down modal with detailed context
- Technical details and references

**Screenshot: Control Panel overview**[![Overview](screenshots/overview.png)](screenshots/overview.png)

---

### 📄 Exportable Reports

[](#-exportable-reports)

Download a clean JSON report of the latest scan for:

- Audits
- Client handover
- Internal documentation

Exports are intentionally minimal and stable.

#### Sample Export (JSON)

[](#sample-export-json)

```
{
  "scanned_at": "2026-01-18T10:42:00Z",
  "packages_scanned": 45,
  "vulnerabilities_found": 1,
  "items": [
    {
      "package": "phpoffice/phpspreadsheet",
      "installed_version": "4.5.0",
      "id": "GHSA-rx7m-68vc-ppxh"
    }
  ]
}
```

---

### ⚡ On-Demand &amp; Cached Lookups

[](#-on-demand--cached-lookups)

Vulnerability detail views are fetched on demand and cached aggressively to keep the Control Panel fast and responsive.

---

How It Works (High Level)
-------------------------

[](#how-it-works-high-level)

1. Safe Check reads your `composer.lock` file.
2. Dependencies are checked against public vulnerability advisories.
3. Results are normalized and stored as a scan snapshot.
4. Detailed vulnerability information is fetched only when requested.

No background daemons. No external dashboards. No CI setup required.

---

Permissions &amp; Access Control
--------------------------------

[](#permissions--access-control)

Safe Check respects Statamic permissions.

You can control who is allowed to:

- View scan results
- Run new scans
- Export reports

This makes it suitable for multi-user and agency environments.

---

Screenshots
-----------

[](#screenshots)

**Screenshot: Overview**[![Overview](screenshots/overview.png)](screenshots/overview.png)

**Screenshot: Vulnerability Details**[![Details](screenshots/popup.png)](screenshots/popup.png)

**Screenshot: Technical Details**

[![Details](screenshots/popup-tech.png)](screenshots/popup-tech.png)

**Screenshot: Affected Range**

[![Details](screenshots/popup-affected.png)](screenshots/popup-affected.png)

**Screenshot: References**

[![Details](screenshots/popup-ref.png)](screenshots/popup-ref.png)

**Screenshot: Navigation**

[![Details](screenshots/nav.png)](screenshots/nav.png)

---

Important Disclaimer ⚠️
-----------------------

[](#important-disclaimer-️)

Safe Check **does not guarantee the security of your application**.

This addon:

- Reports **known** vulnerabilities in third-party dependencies
- Vulnerability details are displayed on a best-effort basis and may be incomplete when public advisory data is limited or unavailable.
- Does **not** detect zero-day vulnerabilities
- Does **not** analyze your custom application code
- Does **not** replace security reviews, penetration testing, or best practices

Security is a process, not a plugin.

Safe Check is a **visibility and awareness tool**, designed to help you make informed decisions — not a promise of safety.

---

Requirements
------------

[](#requirements)

- PHP 8.1+
- Statamic 5.x
- A Composer-managed Statamic project

---

Support &amp; Updates
---------------------

[](#support--updates)

Safe Check is a **commercial addon**.

Active license holders receive:

- Bug fixes
- Compatibility updates for new Statamic releases
- Incremental feature improvements

If you need help, encounter a bug, or have questions about usage, please contact us at:

**[Contact Support](mailto:contact@30-bit.com)**

When reaching out, please include:

- Your Statamic version
- Your PHP version
- A brief description of the issue
- Any relevant error messages or screenshots

---

License
-------

[](#license)

This software is proprietary and licensed for use under the terms provided at purchase. Redistribution, resale, or modification without permission is not allowed.

---

Final Notes
-----------

[](#final-notes)

Safe Check is intentionally focused.

It does one thing well:

> **Make dependency risk visible and understandable inside Statamic.**

If you value clarity, control, and native tooling — Safe Check belongs in your Control Panel.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance71

Regular maintenance activity

Popularity4

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity48

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

7

Last Release

166d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/176063521?v=4)[ThirtyBitTech](/maintainers/ThirtyBitTech)[@thirtyBitTech](https://github.com/thirtyBitTech)

---

Top Contributors

[![thirtyBitTech](https://avatars.githubusercontent.com/u/176063521?v=4)](https://github.com/thirtyBitTech "thirtyBitTech (6 commits)")

---

Tags

composersecuritystatamicStatamic addonvulnerabilityosvdependency-scanning

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/thirtybittech-safe-check/health.svg)

```
[![Health](https://phpackages.com/badges/thirtybittech-safe-check/health.svg)](https://phpackages.com/packages/thirtybittech-safe-check)
```

###  Alternatives

[jorijn/laravel-security-checker

Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

2111.9M1](/packages/jorijn-laravel-security-checker)[psecio/versionscan

A PHP version scanner for reporting possible vulnerabilities

25056.4k1](/packages/psecio-versionscan)[dgtlss/warden

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

9062.1k](/packages/dgtlss-warden)[mitnick/laravel-security

laravel-mitnick helps you secure your Laravel apps by setting various HTTP headers. it can help!

8111.8k1](/packages/mitnick-laravel-security)[bringyourownideas/silverstripe-composer-security-checker

Provides information if your SilverStripe application uses dependencies with known vulnerabilities.

10103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
