PHPackages                             tisayama/composer-vuln-handler - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. tisayama/composer-vuln-handler

AbandonedArchivedComposer-plugin[Security](/categories/security)

tisayama/composer-vuln-handler
==============================

0.1.0(10y ago)36UnlicensePHP

Since May 20Pushed 10y ago1 watchersCompare

[ Source](https://github.com/tisayama/composer-vuln-handler)[ Packagist](https://packagist.org/packages/tisayama/composer-vuln-handler)[ RSS](/packages/tisayama-composer-vuln-handler/feed)WikiDiscussions master Synced 3w ago

READMEChangelogDependencies (2)Versions (3)Used By (0)

composer-vuln-handler
=====================

[](#composer-vuln-handler)

A tool to investigate whether there is any known vulnerabilities in a package that is require in the Composer. \[Experimental\]

###  Health Score

25

—

LowBetter than 36% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

3687d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/6c973327510e4da6193dad68e11c5a625f429e5ec8fc76e59f07f05c4250f63f?d=identicon)[tisayama](/maintainers/tisayama)

---

Top Contributors

[![tisayama](https://avatars.githubusercontent.com/u/1536821?v=4)](https://github.com/tisayama "tisayama (6 commits)")

### Embed Badge

![Health badge](/badges/tisayama-composer-vuln-handler/health.svg)

```
[![Health](https://phpackages.com/badges/tisayama-composer-vuln-handler/health.svg)](https://phpackages.com/packages/tisayama-composer-vuln-handler)
```

###  Alternatives

[symfony/runtime

Enables decoupling PHP applications from global state

74694.9M938](/packages/symfony-runtime)[drupal/core-composer-scaffold

A flexible Composer project scaffold builder.

5344.1M526](/packages/drupal-core-composer-scaffold)[drupal/core-vendor-hardening

Hardens the vendor directory for when it's in the docroot.

174.7M41](/packages/drupal-core-vendor-hardening)[drupal/core-project-message

Adds a message after Composer installation.

2124.0M193](/packages/drupal-core-project-message)[drupal-composer/drupal-paranoia

Composer Plugin for improving the security of composer-based Drupal projects by moving all PHP files out of docroot.

642.2M3](/packages/drupal-composer-drupal-paranoia)[altis/core

Core module for Altis

19222.5k2](/packages/altis-core)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)