Composer Security

Developed by


Composer Security will install a job that:

- Creates a list of composer.lock files;
- Checks each file for vulnerability issues;
- Sends a notification per email in case there is a problem.

Why is this important?

Are you 100% sure that all your Composer dependencies are safe? In case you are not, you can automate scanning all your project dependencies, so you don't have to think about it.

This package is open source (MIT), see
It can be installed via Composer (composer require a3020/composer_security).

Read more in the FAQ.

Tested in PHP 5.6 and 7.1.
Works in concrete5 8.1 and up.

Translations: English, Dutch.

Current Version: 1.0
Fully Translatable: Yes
Needs External Libraries: No
Compatible 8.1.0+
License: MIT
Support Response: Replies to tickets every few days.
Support Hosted: On
Needs extra server permissions: No
Needs Internet: No
Marketplace Tests:
Passed Automated Tests
Passed PRB Review