Dependency Review
The following issues were found:
- ✅ 0 vulnerable package(s)
- ✅ 0 package(s) with incompatible licenses
- ✅ 0 package(s) with invalid SPDX license definitions
- ⚠️ 1 package(s) with unknown licenses.
See the Details below.
License Issues
composer.json
Package | Version | License | Issue Type |
php | ~> 8.1.0 || ~> 8.2.0 || ~> 8.3.0 || ~> 8.4.0 | Null | Unknown License |
OpenSSF Scorecard
Package | Version | Score | Details |
composer/php | ~> 8.1.0 || ~> 8.2.0 || ~> 8.3.0 || ~> 8.4.0 |
:green_circle: 5.7 | DetailsCheck | Score | Reason |
---|
Maintained | :green_circle: 10 | 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 | Code-Review | :green_circle: 4 | Found 9/22 approved changesets -- score normalized to 4 | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | License | :green_circle: 9 | license file detected | Signed-Releases | :warning: -1 | no releases found | Packaging | :warning: -1 | packaging workflow not detected | Token-Permissions | :green_circle: 9 | detected GitHub workflow tokens with excessive permissions | Security-Policy | :green_circle: 10 | security policy file detected | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | Dangerous-Workflow | :warning: 0 | dangerous workflow patterns detected | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | Fuzzing | :green_circle: 10 | project is fuzzed | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | Binary-Artifacts | :green_circle: 8 | binaries present in source code | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
composer/php | >= 8.1.0,
| :green_circle: 5.7 | DetailsCheck | Score | Reason |
---|
Maintained | :green_circle: 10 | 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 | Code-Review | :green_circle: 4 | Found 9/22 approved changesets -- score normalized to 4 | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | License | :green_circle: 9 | license file detected | Signed-Releases | :warning: -1 | no releases found | Packaging | :warning: -1 | packaging workflow not detected | Token-Permissions | :green_circle: 9 | detected GitHub workflow tokens with excessive permissions | Security-Policy | :green_circle: 10 | security policy file detected | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | Dangerous-Workflow | :warning: 0 | dangerous workflow patterns detected | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | Fuzzing | :green_circle: 10 | project is fuzzed | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | Binary-Artifacts | :green_circle: 8 | binaries present in source code | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
Scanned Manifest Files
composer.json
- nikic/php-parser@>= 4.19.1, = 5.0.2,
- php@~> 8.1.0 || ~> 8.2.0 || ~> 8.3.0 || ~> 8.4.0
- nikic/php-parser@>= 4.19.1,
- php@>= 8.1.0,
Code Climate has analyzed commit dd789e34 and detected 0 issues on this pull request.
Too many changed lines in diff
View more on Code Climate.