PHPackages ypereirareis/composer-hack-poc - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ypereirareis/composer-hack-poc ActiveLibrary[Security](/categories/security) ypereirareis/composer-hack-poc ============================== Dependency to demonstrate composer deps vulnerability 3.99(5y ago)119proprietaryPHPPHP >=7.4 Since Feb 25Pushed 5y ago1 watchersCompare [ Source](https://github.com/ypereirareis/composer-hack-poc)[ Packagist](https://packagist.org/packages/ypereirareis/composer-hack-poc)[ RSS](/packages/ypereirareis-composer-hack-poc/feed)WikiDiscussions master Synced yesterday READMEChangelog (6)DependenciesVersions (7)Used By (0) email-template-bundle ===================== [](#email-template-bundle) Project to show that dependency source must be checked (private ou public). Public packagist repo : ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community7 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 6 Last Release 1901d ago Major Versions 1.0.0 → 2.12021-02-25 2.2 → 3.02021-02-25 ### Community Maintainers ![](https://www.gravatar.com/avatar/826e1af36a66a40f99e6553b7c097df3e1d0e9b101beedd32e96d47c8f93f1bb?d=identicon)[ypereirareis](/maintainers/ypereirareis) --- Top Contributors [![ypereirareis](https://avatars.githubusercontent.com/u/6838923?v=4)](https://github.com/ypereirareis "ypereirareis (2 commits)") --- Tags composerhack ### Embed Badge ![Health badge](/badges/ypereirareis-composer-hack-poc/health.svg) ``` [![Health](https://phpackages.com/badges/ypereirareis-composer-hack-poc/health.svg)](https://phpackages.com/packages/ypereirareis-composer-hack-poc) ``` ### Alternatives [roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[jorijn/laravel-security-checker Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you. 2021.8M1](/packages/jorijn-laravel-security-checker)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[bringyourownideas/silverstripe-maintenance Toolset to help with the day by day maintenance work. 32221.8k4](/packages/bringyourownideas-silverstripe-maintenance)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 11103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)