{"id":13516175,"url":"https://github.com/fabpot/local-php-security-checker","last_synced_at":"2025-10-05T21:31:34.175Z","repository":{"id":37708748,"uuid":"329834563","full_name":"fabpot/local-php-security-checker","owner":"fabpot","description":"PHP security vulnerabilities checker","archived":true,"fork":false,"pushed_at":"2024-08-02T14:20:08.000Z","size":90,"stargazers_count":1173,"open_issues_count":0,"forks_count":77,"subscribers_count":29,"default_branch":"main","last_synced_at":"2024-09-26T08:38:44.336Z","etag":null,"topics":["composer","packagist","php","security"],"latest_commit_sha":null,"homepage":"https://github.com/FriendsOfPHP/security-advisories","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fabpot.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/advisories.go","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-15T07:02:07.000Z","updated_at":"2024-09-25T11:44:40.000Z","dependencies_parsed_at":"2024-05-08T17:10:57.106Z","dependency_job_id":"6c75072a-7e69-4bda-93fc-4be6bcbff42b","html_url":"https://github.com/fabpot/local-php-security-checker","commit_stats":{"total_commits":37,"total_committers":11,"mean_commits":"3.3636363636363638","dds":0.4054054054054054,"last_synced_commit":"ef5935625cf9cb92b8739e94145c09433bc606e8"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabpot%2Flocal-php-security-checker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabpot%2Flocal-php-security-checker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabpot%2Flocal-php-security-checker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabpot%2Flocal-php-security-checker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fabpot","download_url":"https://codeload.github.com/fabpot/local-php-security-checker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219877064,"owners_count":16554821,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["composer","packagist","php","security"],"created_at":"2024-08-01T05:01:19.850Z","updated_at":"2025-10-05T21:31:28.928Z","avatar_url":"https://github.com/fabpot.png","language":"Go","readme":"Local PHP Security Checker\n==========================\n\n**WARNING**: This repository is now archived. Use `composer audit` instead:\n\n COMPOSER_AUDIT_ABANDONED=ignore composer audit\n\nThe Local PHP Security Checker is a command line tool that checks if your PHP\napplication depends on PHP packages with known security vulnerabilities. It\nuses the [Security Advisories Database][1] behind the scenes.\n\nDownload a binary from the [Releases page on Github][2], rename it to\n`local-php-security-checker` and make it executable.\n\nFrom a directory containing a PHP project that uses Composer, check for known\nvulnerabilities by running the binary without arguments or flags:\n\n $ local-php-security-checker\n\nYou can also pass a `--path` to check a specific directory:\n\n $ local-php-security-checker --path=/path/to/php/project\n $ local-php-security-checker --path=/path/to/php/project/composer.lock\n\nBy default, the output is optimized for terminals, change it via the `--format`\nflag (supported formats: `ansi`, `markdown`, `json`, `junit`, and `yaml`):\n\n $ local-php-security-checker --format=json\n\nAll packages are checked for security vulnerabilities by default. You can skip the checks for packages listed in `require-dev` by passing the `no-dev` flag:\n\n $ local-php-security-checker --no-dev\n\nWhen running the command, it checks for an updated vulnerability database and\ndownloads it from Github if it changed since the last run. If you want to avoid\nthe HTTP round-trip, use `--local`. To force a database update without checking\nfor a project, use `--update-cache`.\n\nIf you want to continuously check for security issues on your applications in\nproduction, you can use this tool in combination with [croncape][3] to get an\nemail whenever a new security issue is detected:\n\n MAILTO=sysadmins@example.com\n 50 23 * * * croncape php-security-checker --path=/path/to/php/project\n\nThis tool returns the following codes\n\n| Code | Actions |\n|------|------------------------------------------------------------------------------------|\n| 0 | `--help`\u003cbr\u003eSuccessful run |\n| 1 | At least one vulnerability is found |\n| 2 | Invalid `--format` option |\n| 127 | Unable to load database\u003cbr\u003eUnable to find lock file\u003cbr\u003eGitHub output not available |\n\n[1]: https://github.com/FriendsOfPHP/security-advisories\n[2]: https://github.com/fabpot/local-php-security-checker/releases\n[3]: https://github.com/symfonycorp/croncape\n","funding_links":[],"categories":["Go","OSS and Dependency management","Free Tools"],"sub_categories":["PHP"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabpot%2Flocal-php-security-checker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffabpot%2Flocal-php-security-checker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabpot%2Flocal-php-security-checker/lists"}