<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

59% of maintainers have quit or considered quitting. Scary, huh? đź‘»

security-advisories is a packagist component included in the Tidelift Subscription

Tidelift is working with the maintainers of security-advisories and thousands of other projects to provide application development teams with customizable catalogs of known-good, proactively maintained open source.

free trial

With a comprehensive open source management solution like the Tidelift Subscription, you can efficiently manage the ways development teams use thousands of open source components across JavaScript, Python, Java, PHP, Ruby, .NET, Rust, and more. Accelerate application development, cut costs, and reduce risk with catalogs of known-good, proactively maintained open source components—backed by maintainers. 


Catalog-hero_1 security-advisories is a part of the Tidelift Subscription

About security-advisories

roave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.

roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.

What does that mean?

roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:

  • No files or actual dependencies are added to the project
  • Packages with security issues are filtered out during dependency resolution
  • No more CLI tool to run separately, no more CI setup steps
  • No need to upgrade the roave/security-advisories separately
  • No coupling or version constraints with any dependencies used by similar CLI-based alternatives

roave/security-advisories has been downloaded more than 9 million times.

You can learn more about roave/security-advisories in this blog post written by the creator.

roave/security-advisories is available via the Packagist package manager.



- Marco Pivetta, Security Advisories Maintainer


The Tidelift Subscription includes all of the tools you need to efficiently track and manage open source across the organization.

paved path

A paved path

Accelerate development by creating catalogs of approved and pre-vetted components your developers can draw from safely.


An integrated experience

Tidelift integrates with your existing source code and repository management tools so developers don’t need to change their workflow.


Clear policies

Automatically enforce standards, such as your organization's license policy, early in the software development lifecycle.



Get a head start with Tidelift-managed catalogs

Start building a paved path for your organization with our catalogs of known-good, proactively maintained components, like security-advisories.

Security-advised npm

JavaScript users get vulnerability remediation advice for 59,272 package releases

License-annotated Maven

Java users get SPDX-formatted licenses for 55,933 package releases

License-annotated PyPi

Python users get SPDX-formatted licenses for 11,191 package releases

License-annotated Conda

Conda users get SPDX-formatted licenses for 201 package releases

Security-advised PyPi

Python users get vulnerability remediation advice for 10,840 package releases