Fast and secure Composer for PHP dependencies

I am going to introduce you two small tweaks that will help you to use composer. Every PHP developer should know Composer – it’s really useful tool for managing dependencies in your PHP projects. But it’s not perfect as is. Composer is really slow (and sometimes there’s a lot of memory consumption). You can really fix this issue by installing prestissimo. Just run this command:

composer global require "hirak/prestissimo:^0.3"

Your composer is as fast as hell now but there is one other thing. You may install libraries with known security bugs and you are not going to get noticed on this. That’s probably not what you want at all. And we can fix that as well.

You may use security advisories by Friends of PHP (was developed by Fabien Potencier / Symfony). This is pretty great tool but you have to download it and run the security checker to check if your composer.lock does not contain any libraries with security vulnerabilities. It’s not problem to hook this action to precommit hook in GIT but I think it’s not really comfortable. I am using Roave Security Advisories and I recommend you to use this library too.

This package should not be installed globally, so you have to add this as requirement for all your projects where you want to use it:

composer require roave/security-advisories:dev-master

Since that it won’t let you install library with known vulnerabilities and that’s exactly what you want. It will look like this: