Have you heard of Drupal Dependency Quality Gate Composer Audit plugin?

[mxr576]

Hello,

During my online exploration, I unexpectedly came across this package and it seems that partially tackle challenges similar to those addressed by my own package (bundle), fetching and reporting PSA-s reported for Drupal packages. I'd like to take this opportunity to recommend the Drupal Dependency Quality Gate Composer Audit plugin or its source Drupal Dependency Quality Gate.

I spent considerable time to ensure that these solutions becomes the successor of drupal-composer/drupal-security-advisories as data source.

I apologize for the self-promotion, but I genuinely believe that this package could be beneficial for your needs. Your feedback is highly welcomed, and I hope you find the Drupal Dependency Quality Gate packages valuable for your projects.

[rsanzante]

Hi mxr576, I personally didn't know about hits project but it looks interesting. For what I've read, it will provide more cases of packages that shouldn't be used, like obsolete or unsupported Drupal projects, right?

It can be interesting, we have to find the time to look into this.

Thanks!

[mxr576]

For what I've read, it will provide more cases of packages that shouldn't be used, like obsolete or unsupported Drupal projects, right?

Correct, I had bigger goals with this package/these packages than just reporting insecure packages.