roave/security-advisories dev-latest

The roave/security-advisories is an innovative composer package dedicated to enhancing the security of your PHP project. Its main function is to prevent the installation of any composer dependencies known for their security vulnerabilities. By incorporating roave/security-advisories into your project, you shield your software from potential security breaches associated with such insecure dependencies. The package does not offer any API or usable classes; its primary role is to ensure your chosen software doesn't pose any documented security threats.

To integrate roave/security-advisories into your project, require it as a developer dependency in your composer.json file. This inclusion will automatically inhibit the installation of packages with known security vulnerabilities. The installation command is as follows:

composer require --dev roave/security-advisories:dev-latest

For instance, trying to install insecure packages will fail:

composer require --dev roave/security-advisories:dev-latest
# following commands will fail:
composer require symfony/symfony:2.5.2
composer require zendframework/zendframework:2.3.1 

The security version checks are triggered when adding a new dependency via composer require or when running composer update. To manually initiate a version check, use the --dry-run switch by running composer update --dry-run roave/security-advisories. This action will run a security version check without making any changes.

The roave/security-advisories documentation is primarily found in its GitHub repository. For comprehensive details on its usage, potential enterprise support via Tidelift Subscription, and its stability information, visit Roave SecurityAdvisories on GitHub. The package draws its security issue information from resources such as the FriendsOfPHP/security-advisories repository and the GitHub Advisory Database.