Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add check into post-install-cmd and prevent vulns being added? #8

Open
jezmck opened this issue Jul 24, 2017 · 2 comments
Open

Add check into post-install-cmd and prevent vulns being added? #8

jezmck opened this issue Jul 24, 2017 · 2 comments
Labels
wish Not a bug, but interesting enough to let people vote on.

Comments

@jezmck
Copy link
Contributor

jezmck commented Jul 24, 2017

Is it possible to add php artisan security-check:now in such as way that prevents known vulnerabilities from being installed?

Same for updates?

@jorijn
Copy link
Owner

jorijn commented Jul 25, 2017

I'm afraid that this is somewhat out of scope of what the package is supposed to do right now. It is to notify you when an installed package becomes vulnerable so you can take appropriate action.

However, I'll leave this issue open to see if there are other people that are interested so I can decide on if this is something I'll be including in later versions.

@jorijn jorijn added the wish Not a bug, but interesting enough to let people vote on. label Sep 3, 2018
@ctf0
Copy link

ctf0 commented Sep 5, 2018

@jezmck i think what u need is to run the command on composer install which composer have restrictions for package authors https://getcomposer.org/doc/articles/scripts.md#what-is-a-script-

so to solve this either @jorijn will have to do something similar to what i have in https://github.com/ctf0/PackageChangeLog or the user will have to add the cmnd himself to composer.json under pre-install-cmd ex

"scripts": {
        "pre-install-cmd": [
            "@php artisan security-check:now"
        ],

        // ...
    },

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
wish Not a bug, but interesting enough to let people vote on.
Projects
None yet
Development

No branches or pull requests

3 participants