Roave / SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
MIT License
2.72k stars 105 forks source link

Typo in package name "symfont/process" #84

Closed craiglondon closed 3 years ago

craiglondon commented 3 years ago

I think there is a typo in this package name

    "symfont/process": ">=0,<4"

I think it is supposed to be

    "symfony/process": ">=0,<4"
orklah commented 3 years ago

I think it's the result of #83

Ocramius commented 3 years ago

It's intentional: the security issue is caused by literally somebody releasing symfoty/process (typo intentional), and having people mis-type it, and installing a malicious package.