WordPress Security Advisories
Inspired Roave/SecurityAdvisories, I have created a similar package that aims to provide rudimentary protection against installing known WordPress core packages, plugins, and themes. Introducing WordPress Security Advisories!
This is a metapackage, which means it does not add any functional code to your application. This file is purely a JSON file that contains a list of package conflicts, which instructs composer to block installation of known vulnerable packages.
To make use of this, add this package to your composer setup:
composer require --dev phpwatch/wordpress-security-advisories:dev-master
After adding this package, if you try to
require a package with a known vulnerability, it will be blocked.