laravel-security-checker icon indicating copy to clipboard operation
laravel-security-checker copied to clipboard

Published 20 hours ago verified publisher icon jorijn

Add check into post-install-cmd and prevent vulns being added?

Open jezmck opened this issue 8 years ago • 2 comments

Is it possible to add php artisan security-check:now in such as way that prevents known vulnerabilities from being installed?

Same for updates?

jezmck avatar Jul 24 '17 14:07 jezmck

I'm afraid that this is somewhat out of scope of what the package is supposed to do right now. It is to notify you when an installed package becomes vulnerable so you can take appropriate action.

However, I'll leave this issue open to see if there are other people that are interested so I can decide on if this is something I'll be including in later versions.

jorijn avatar Jul 25 '17 06:07 jorijn

@jezmck i think what u need is to run the command on composer install which composer have restrictions for package authors https://getcomposer.org/doc/articles/scripts.md#what-is-a-script-

so to solve this either @Jorijn will have to do something similar to what i have in https://github.com/ctf0/PackageChangeLog or the user will have to add the cmnd himself to composer.json under pre-install-cmd ex

"scripts": {
        "pre-install-cmd": [
            "@php artisan security-check:now"
        ],

        // ...
    },

ctf0 avatar Sep 05 '18 12:09 ctf0