{"id":19030020,"url":"https://github.com/padosoft/laravel-composer-security","last_synced_at":"2025-04-23T15:54:56.061Z","repository":{"id":57035059,"uuid":"48175776","full_name":"padosoft/laravel-composer-security","owner":"padosoft","description":"Laravel command to test security vulnerabilities in your composer files.","archived":false,"fork":false,"pushed_at":"2022-09-22T03:35:12.000Z","size":741,"stargazers_count":30,"open_issues_count":1,"forks_count":2,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-18T01:47:30.805Z","etag":null,"topics":["composer","laravel","laravel-command","laravel-package","security"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/padosoft.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-12-17T13:26:07.000Z","updated_at":"2023-05-08T03:46:07.000Z","dependencies_parsed_at":"2022-08-23T20:50:57.001Z","dependency_job_id":null,"html_url":"https://github.com/padosoft/laravel-composer-security","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/padosoft%2Flaravel-composer-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/padosoft%2Flaravel-composer-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/padosoft%2Flaravel-composer-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/padosoft%2Flaravel-composer-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/padosoft","download_url":"https://codeload.github.com/padosoft/laravel-composer-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250467957,"owners_count":21435447,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["composer","laravel","laravel-command","laravel-package","security"],"created_at":"2024-11-08T21:16:14.994Z","updated_at":"2025-04-23T15:54:56.016Z","avatar_url":"https://github.com/padosoft.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LARAVEL COMPOSER SECURITY COMMAND\n\n[![Latest Version on Packagist][ico-version]][link-packagist]\n[![Software License][ico-license]](LICENSE.md)\n[![Build Status][ico-travis]][link-travis]\n[![Coverage Status][ico-scrutinizer]][link-scrutinizer]\n[![Quality Score][ico-code-quality]][link-code-quality]\n[![Total Downloads][ico-downloads]][link-downloads]\n[![SensioLabsInsight][ico-sensiolab]][link-sensiolab]\n\nThis is a Laravel 5.1/5.2/5.3 package that provides an artisan command for testing security vulnerabilties into your composer.lock files.\nIs ready and tested for php7.0 and php7.1 too.\n\n\nTable of Contents\n=================\n\n  * [LARAVEL COMPOSER SECURITY COMMAND](#laravel-composer-security-command)\n  * [Table of Contents](#table-of-contents)\n  * [PREREQUISITES](#prerequisites)\n    * [INSTALL](#install)\n    * [USAGE](#usage)\n      * [EXAMPLE:](#example)\n    * [SCHEDULE COMMAND](#schedule-command)\n    * [SCREENSHOOTS](#screenshoots)\n  * [Testing](#testing)\n  * [Contributing](#contributing)\n  * [Security](#security)\n  * [API Documentation](#api-documentation)\n  * [Credits](#credits)\n  * [About Padosoft](#about-padosoft)\n  * [License](#license)\n\n  \n# PREREQUISITES\n\nLARAVEL 5.1+\nGUZZLE 6+\n\n## INSTALL\n\nThis package can be installed through Composer.\n\n``` bash\ncomposer require padosoft/laravel-composer-security\n``` \nYou must install this service provider.\n\n``` php\n// config/app.php\n'provider' =\u003e [\n    ...\n    Padosoft\\LaravelComposerSecurity\\ComposerSecurityCheckServiceProvider::class,\n    ...\n];\n```\nYou don't need to register the command in app/Console/Kernel.php, because it provides by ComposerSecurtyCheckServiceProvider register() method.\n\nYou can publish the config file of this package with this command:\n``` bash\nphp artisan vendor:publish --provider=\"Padosoft\\LaravelComposerSecurity\\ComposerSecurityCheckServiceProvider\"\n```\nThe following config file will be published in `config/composer-security-check.php`\n``` php\nreturn array(\n    'mailSubjectSuccess' =\u003e env(\n        'SECURITY_CHECK_SUBJECT_SUCCESS',\n        '[composer-security-check]: Ok - no vulnerabilities detected.'\n    ),\n    'mailSubjetcAlarm' =\u003e env(\n        'SECURITY_CHECK_SUBJECT_ALARM',\n        '[composer-security-check]: Alarm - vulnerabilities detected.'\n    ),\n    'mailFrom' =\u003e env('SECURITY_CHECK_MESSAGE_FROM', 'info@example.com'),\n    'mailFromName' =\u003e env('SECURITY_CHECK_MESSAGE_FROM_NAME', 'Info Example'),\n    'mailViewName' =\u003e env('SECURITY_CHECK_MAIL_VIEW_NAME', 'composer-security-check::mail'),\n    'logFilePath' =\u003e env('SECURITY_CHECK_LOG_FILE_PATH', storage_path().'/composersecurityCheck.log')\n );\n```\n\nIn config folder you can copy from .env.example the settings for yours .env file used in composer-security-check.php.\nIf you use mathiasgrimm/laravel-env-validator in config folder you'll find and example for validate the env settings.\n\n\n## USAGE\n\nWhen the installation is done you can easily run command to print help:\n```bash\nphp artisan composer-security:check\n```\n\nThe `composer-security:check` command looks for every composer.lock file in the given path\nand foreach composer.lock check for security issues in the project dependencies:\n`php composer-security:check`\n\nIf you omit path argument, command look into current folder.\n\nYou can also pass the path as an argument:\n`php composer-security:check /path/to/my/repos`\n\nYou can use * in path argument as jolly character i.e. `/var/www/*/*/`\n\nBy default, the command displays the result in console, but you can also\nsend an html email by using the `--mail`option:\n```bash\nphp composer-security:check /path/to/my/repos --mail=mymail@mydomain.me\n```\n### EXAMPLE:\n\nHere is a basic example to check composer.lock into these dir:\n```bash\nphp artisan composer-security:check \"/dir/to/check/*/*/\"\n```\nHere is an example to send output report to mail:\n```bash\nphp artisan composer-security:check \"/dir/to/check/*/*/\" --mail=mymail@mydomain\n```\nHere is an example to ignore two composer.lock vulnerabilities into two dir (if command found any vulnerabilities into these dir, write it into output but the email subject isn't set to ALERT):\n```bash\nphp artisan composer-security:check \"/dir/to/check/*/*/\" --mail=mymail@mydomain --whitelist=\"/dir/to/put/in/witelist,/another/dir/to/put/in/witelist\"\n```\n\n\n## SCHEDULE COMMAND\n\nYou can schedule a daily (or weekly etc..) report easly, by adding this line into `schedule` method in `app/Console/Kernel.php` :\n```php\n// app/console/Kernel.php\n\nprotected function schedule(Schedule $schedule)\n{\n    ...\n\t$schedule-\u003ecommand('composer-security:check \"/dir/to/check/\" --mail=mymail@mydomain')\n            -\u003edaily()\n            -\u003ewithoutOverlapping()\n            -\u003esendOutputTo(Config::get('composer-security-check.logFilePath'));\n}\n```\n\n## SCREENSHOOTS\n\nOUTPUT CONSOLE:\n![screenshoot](https://raw.githubusercontent.com/padosoft/laravel-composer-security/master/resources/img/console-output.png)\n\nEMAIL VIEW WITH ALERT:\n![screenshoot](https://raw.githubusercontent.com/padosoft/laravel-composer-security/master/resources/img/alert-vulnerability.png)\n\nEMAIL VIEW WITH VULNERABILITY WITELISTED:\n![screenshoot](https://raw.githubusercontent.com/padosoft/laravel-composer-security/master/resources/img/warning-vulerability-witelisted.png)\n\n# Testing\n```bash\n$ composer test\n```\n\n# Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) and [CONDUCT](CONDUCT.md) for details.\n\n# Security\n\nIf you discover any security related issues, please email  instead of using the issue tracker.\n\n# API Documentation\n\nPlease see API documentation at [https://padosoft.github.io/laravel-composer-security](https://padosoft.github.io/laravel-composer-security)\n- [master](https://padosoft.github.io/laravel-composer-security/build/master/)\n\n# Credits\n\n- [Lorenzo Padovani](https://github.com/lopadova)\n- [All contributors](https://github.com/thephpleague/skeleton/contributors)\n\n# About Padosoft\nPadosoft is a software house based in Florence, Italy. Specialized in E-commerce and web sites.\n\n# License\n\nThe MIT License (MIT). Please see [License File](LICENSE.md) for more information.\n\n[ico-version]: https://img.shields.io/packagist/v/padosoft/laravel-composer-security.svg?style=flat-square\n[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square\n[ico-travis]: https://img.shields.io/travis/padosoft/laravel-composer-security/master.svg?style=flat-square\n[ico-scrutinizer]: https://img.shields.io/scrutinizer/coverage/g/padosoft/laravel-composer-security.svg?style=flat-square\n[ico-code-quality]: https://img.shields.io/scrutinizer/g/padosoft/laravel-composer-security.svg?style=flat-square\n[ico-downloads]: https://img.shields.io/packagist/dt/padosoft/laravel-composer-security.svg?style=flat-square\n[ico-sensiolab]: https://insight.sensiolabs.com/projects/80fa0430-55ff-4079-a34e-d189a9d21d5e/small.png\n\n[link-packagist]: https://packagist.org/packages/padosoft/laravel-composer-security\n[link-travis]: https://travis-ci.org/padosoft/laravel-composer-security\n[link-scrutinizer]: https://scrutinizer-ci.com/g/padosoft/laravel-composer-security/code-structure\n[link-code-quality]: https://scrutinizer-ci.com/g/padosoft/laravel-composer-security\n[link-downloads]: https://packagist.org/packages/padosoft/laravel-composer-security\n[link-sensiolab]: https://insight.sensiolabs.com/projects/80fa0430-55ff-4079-a34e-d189a9d21d5e\n[link-author]: https://github.com/lopadova\n[link-contributors]: ../../contributors\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpadosoft%2Flaravel-composer-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpadosoft%2Flaravel-composer-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpadosoft%2Flaravel-composer-security/lists"}