Thanks to maintainers working on projects like security-advisories, you can use Tidelift to give your teams access to a continuously curated stream of validated data about vetted components they need to make intelligent decisions, faster.
You can feel confident bringing security-advisories into your application’s dependency tree because the maintainers of security-advisories are paid by Tidelift to ensure their open source projects follow standardized secure software development practices.
roave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.
roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.
What does that mean?
roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:
roave/security-advisories has been downloaded more than 9 million times.
You can learn more about roave/security-advisories in this blog post written by the creator.
roave/security-advisories is available via the Packagist package manager.