With a comprehensive open source management solution like the Tidelift Subscription, you can efficiently manage the ways development teams use thousands of open source components across JavaScript, Python, Java, PHP, Ruby, .NET, Rust, and more. Accelerate application development, cut costs, and reduce risk with catalogs of known-good, proactively maintained open source components—backed by maintainers like Marco Pivetta.
security-advisories is a part of the Tidelift Subscriptionroave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.
roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.
What does that mean?
roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:
roave/security-advisories has been downloaded more than 9 million times.
You can learn more about roave/security-advisories in this blog post written by the creator.
roave/security-advisories is available via the Packagist package manager.
Accelerate development by creating catalogs of known-good, proactively maintained components your developers can draw from safely.
Tidelift integrates with your existing source code and repository management tools so developers don’t need to change their workflow.
Automatically enforce standards, such as your organization's license policy, early in the software development life cycle.
JavaScript users get vulnerability remediation advice for 59,272 package releases
Java users get SPDX-formatted licenses for 55,933 package releases
Python users get SPDX-formatted licenses for 11,191 package releases
Conda users get SPDX-formatted licenses for 201 package releases
Python users get vulnerability remediation advice for 10,840 package releases
