Roave Security Advisories
Roave Security Advisories ensures that your application doesn't have installed dependencies with known security vulnerabilities.
This tool is backed by the PHP Security Advisories Database.
This package does not provide any API or usable classes;
its only purpose is to prevent installation of software with known and documented security issues.
Simply require it to your
and you will not be able to harm yourself with software with known security vulnerabilities.
For example, try the following:
composer require roave/security-advisories:dev-master # following commands will fail: composer require symfony/symfony:2.5.2 composer require zendframework/zendframework:2.3.1
The checks are only executed when adding a new dependency via
composer require or when running
deploying an application with a valid
composer.lock and via
composer install won't trigger any security versions
This package can only be required in its
There will never be stable/tagged versions because of the nature of the problem being targeted.
Security issues are in fact a moving target, and locking your project
to a specific tagged version of the package would not make any sense.
This package is therefore only suited for installation in the root of your deployable project.