PHPackages                             tisayama/composer-vuln-handler - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. tisayama/composer-vuln-handler

AbandonedArchivedComposer-plugin

tisayama/composer-vuln-handler
==============================

0.1.0(9y ago)36UnlicensePHP

Since May 20Pushed 9y ago1 watchersCompare

[ Source](https://github.com/tisayama/composer-vuln-handler)[ Packagist](https://packagist.org/packages/tisayama/composer-vuln-handler)[ RSS](/packages/tisayama-composer-vuln-handler/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (2)Versions (3)Used By (0)

composer-vuln-handler
=====================

[](#composer-vuln-handler)

A tool to investigate whether there is any known vulnerabilities in a package that is require in the Composer. \[Experimental\]

###  Health Score

25

—

LowBetter than 37% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

3641d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/6c973327510e4da6193dad68e11c5a625f429e5ec8fc76e59f07f05c4250f63f?d=identicon)[tisayama](/maintainers/tisayama)

---

Top Contributors

[![tisayama](https://avatars.githubusercontent.com/u/1536821?v=4)](https://github.com/tisayama "tisayama (6 commits)")

### Embed Badge

![Health badge](/badges/tisayama-composer-vuln-handler/health.svg)

```
[![Health](https://phpackages.com/badges/tisayama-composer-vuln-handler/health.svg)](https://phpackages.com/packages/tisayama-composer-vuln-handler)
```

###  Alternatives

[humbug/box

Fast, zero config application bundler with PHARs.

1.3k801.5k68](/packages/humbug-box)[vaimo/composer-patches

Applies a patch from a local or remote file to any package that is part of a given composer project. Patches can be defined both on project and on package level. Optional support for patch versioning, sequencing, custom patch applier configuration and patch command for testing/troubleshooting added patches.

2994.3M14](/packages/vaimo-composer-patches)[mglaman/composer-drupal-lenient

1317.4M15](/packages/mglaman-composer-drupal-lenient)[drupal/core-composer-scaffold

A flexible Composer project scaffold builder.

5341.9M440](/packages/drupal-core-composer-scaffold)[roots/wordpress-core-installer

A Composer custom installer to handle installing WordPress as a dependency

4115.6M19](/packages/roots-wordpress-core-installer)[drupal/core-project-message

Adds a message after Composer installation.

2122.6M172](/packages/drupal-core-project-message)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)