Closed m-vo closed 4 years ago
(Note: with
sensiolabs/security-checker
currently being a dev dependency this would trigger an error with--no-dev
.)
Which is why it cannot be a composer script, can it? When you deploy this on the live system, you'll do a composer install
with --no-dev
.
It could maybe be solved with a script that wraps execution or returns 0 if the target does not exist. Or by moving from dev deps.
Description
What about running the security checker when installing/updating composer packages? This would then behave a bit like
roave/security-advisories
(without blocking of course) and users won't forget to do so.(I'm using
symfony security:check
from the symfony binary but this might be a good default nevertheless.)Example
(Note: with
sensiolabs/security-checker
currently being a dev dependency this would trigger an error with--no-dev
.)