PHPackages webflo/drupal-security-advisories - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. webflo/drupal-security-advisories Abandoned → [drupal-composer/drupal-security-advisories](/?search=drupal-composer%2Fdrupal-security-advisories)Metapackage[Security](/categories/security) webflo/drupal-security-advisories ================================= 8.x-dev(7y ago)0181GPL-2.0-or-laterPHP Since Oct 31Pushed 7y ago1 watchersCompare [ Source](https://github.com/webflo/drupal-security-advisories)[ Packagist](https://packagist.org/packages/webflo/drupal-security-advisories)[ RSS](/packages/webflo-drupal-security-advisories/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (3)Used By (0) Drupal Security Advisories for Composer ======================================= [](#drupal-security-advisories-for-composer) This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Inspired by [Roave Security Advisories](https://github.com/Roave/SecurityAdvisories). [![Circle CI](https://camo.githubusercontent.com/f26b15d2600f1433dfcd2478c9084578603a15a0e2049d5dd1c1e84c69fb5570/68747470733a2f2f636972636c6563692e636f6d2f67682f64727570616c2d636f6d706f7365722f64727570616c2d73656375726974792d61647669736f726965732f747265652f6d61737465722e7376673f7374796c653d737667)](https://circleci.com/gh/drupal-composer/drupal-security-advisories/tree/master) Installation ------------ [](#installation) ### Drupal 8 ([composer.json](https://github.com/drupal-composer/drupal-security-advisories/blob/8.x/composer.json)) [](#drupal-8-composerjson) ``` ~$ composer require drupal-composer/drupal-security-advisories:8.x-dev ``` ### Drupal 7 ([composer.json](https://github.com/drupal-composer/drupal-security-advisories/blob/7.x/composer.json)) [](#drupal-7-composerjson) ``` ~$ composer require drupal-composer/drupal-security-advisories:7.x-dev ``` Usage ===== [](#usage) This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Stability ========= [](#stability) This package can only be required in its dev-\* version: there will never be stable/tagged versions because of the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a specific tagged version of the package would not make any sense. This package is therefore only suited for installation in the root of your deployable project. Handling Failures ================= [](#handling-failures) In the rare event that a security release does not affect your project, and upgrading to latest release is undesireable, you can suppress a build failure by specifying a particular SHA project in composer.json. For example, assume that drupal/dynamic\_entity\_reference 8.1.0-beta2 just came out as a Security release. In order to keep using 8.1.0-beta1, you can specify the following in composer.json: ``` "require": { "drupal/dynamic_entity_reference": "dev-8.x-1.x#8713890" }, ``` Note: that this approach opts your package out of any future security releases. You can check for future security releases with `drush pm:security` (drush9) or `drush pm-updatestatus` (drush8). Sources ======= [](#sources) This packages gets information form Drupal.org APIs. Build command: `./build/build.sh` ### Health Score 23 — LowBetter than 27% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community10 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 92.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~7 days Total 2 Last Release 2740d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c711eb409734c42befd3bb9d507be67da46d0db9bd03c5172c8fe2da1705c239?d=identicon)[webflo](/maintainers/webflo) --- Top Contributors [![webflo](https://avatars.githubusercontent.com/u/123946?v=4)](https://github.com/webflo "webflo (39 commits)")[![weitzman](https://avatars.githubusercontent.com/u/7740?v=4)](https://github.com/weitzman "weitzman (3 commits)") ### Embed Badge ![Health badge](/badges/webflo-drupal-security-advisories/health.svg) ``` [![Health](https://phpackages.com/badges/webflo-drupal-security-advisories/health.svg)](https://phpackages.com/packages/webflo-drupal-security-advisories) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)