WordPress Security Advisories

Published On2019-12-14

Inspired Roave/SecurityAdvisories, I have created a similar package that aims to provide rudimentary protection against installing known WordPress core packages, plugins, and themes. Introducing WordPress Security Advisories!

This is a metapackage, which means it does not add any functional code to your application. This file is purely a JSON file that contains a list of package conflicts, which instructs composer to block installation of known vulnerable packages.

To make use of this, add this package to your composer setup:

composer require --dev phpwatch/wordpress-security-advisories:dev-master

After adding this package, if you try to require a package with a known vulnerability, it will be blocked.

Recent Articles on PHP.Watch

All ArticlesFeed 
What's New in Composer 2.4

What's New in Composer 2.4

Composer 2.4 brings new `bump` and `audit` commands, shell completion support for commands and package names, automatic suggestions to install packages as `--dev` where appropriate, and several more new features and improvements.
Serverless PHP Applications on Digital Ocean Functions

Serverless PHP Applications on Digital Ocean Functions

How to run PHP applications on Digital Oceans Functions.
New `composer audit` Command and security audits in Composer 2.4

New `composer audit` Command and security audits in Composer 2.4

Composer 2.4 brings a new `audit` command that lists reported security issues, and automatic warnings when installing a package with known vulnerabilities.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.