security-advisories is a packagist component included in the Tidelift Subscription

With a comprehensive open source management solution like the Tidelift Subscription, organizations can efficiently manage the ways development teams use thousands of open source components across JavaScript, Java, Python, Swift, and Golang. (Beta-compatible with Rust, C#, Ruby, and PHP.) Improve the health, security, and resilience of the open source used in their applications with catalogs of known-good, proactively maintained open source components—backed by maintainers.

security-advisories is a part of the Tidelift Subscription

About security-advisories

roave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.

roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.

What does that mean?

roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:

• No files or actual dependencies are added to the project
• Packages with security issues are filtered out during dependency resolution
• No more CLI tool to run separately, no more CI setup steps
• No need to upgrade the roave/security-advisories separately
• No coupling or version constraints with any dependencies used by similar CLI-based alternatives

roave/security-advisories has been downloaded more than 9 million times.

You can learn more about roave/security-advisories in this blog post written by the creator.

roave/security-advisories is available via the Packagist package manager.