This package includes an Artisan command that checks if your application uses dependencies with known security vulnerabilities. It is a wrapper around the Enlightn Security Checker.
You may use Composer to install the package on your Laravel application:
composer require --dev enlightn/laravel-security-checker
To check for security vulnerabilities in your dependencies, you may run the security:check
Artisan command:
php artisan security:check
You may specify a custom location for your composer.lock
file, using the optional argument:
php artisan security:check /path/to/composer.lock
By default, this command displays the result in ANSI. You may use the --format
option to display the result in JSON instead:
php artisan security:check --format=json
If you would like to exclude dev dependencies from the vulnerabilities scanning, you may use the --no-dev
option (defaults to false):
php artisan security:check --no-dev
By default, the security:check
command uses the directory returned by the sys_get_temp_dir
PHP function for storing the cached advisories database. If you wish to modify the directory, you may use the --temp-dir
option:
php artisan security:check --temp-dir=/tmp
Thank you for considering contributing to the Enlightn security checker project! The contribution guide can be found here.
The Enlightn security checker for Laravel is licensed under the MIT license.