How does it identify vulnerable packages?

The skill utilizes tools like 'composer audit' and references databases such as the PHP Security Advisories Database, Snyk, and NVD to locate known CVEs.

What happens if a package is abandoned?

The skill detects abandoned packages and suggests modern alternatives, such as moving from SwiftMailer to Symfony Mailer or Zend Framework to Laminas.

Does this skill check transitive dependencies?

Yes, it analyzes the composer.lock file to identify vulnerabilities in indirect (transitive) dependencies that your direct requirements rely on.

Can it help me upgrade my PHP version?

Yes, it identifies End-of-Life (EOL) PHP versions that no longer receive security updates and provides recommendations for currently supported versions.

Is it compatible with CI/CD workflows?

Absolutely. The skill provides specific patterns and YAML configurations for integrating security audits into GitHub Actions and other automated pipelines.

PHP Dependency Security Audit

Name: PHP Dependency Security Audit
Author: dykyi-roman

bydykyi-roman

•

Seguridad y Pruebas

Identifies and remediates security vulnerabilities in PHP project dependencies by scanning Composer files for CVEs, EOL versions, and abandoned packages.

This skill empowers Claude to perform deep security audits of PHP environments by scanning composer.json and composer.lock files against known vulnerability databases and EOL schedules. It detects risky version constraints, identifies vulnerable transitive dependencies, and provides actionable remediation steps—including specific upgrade commands and CI/CD integration patterns—to ensure applications remain secure and compliant with modern PHP architecture standards.

Características Principales

01Automated CVE detection for popular PHP packages like Symfony, Laravel, and Guzzle

0245 GitHub stars

03Detection of End-of-Life (EOL) PHP versions and abandoned Composer packages

04Actionable remediation guidance with dry-run update commands and version constraint fixes

05Deep analysis of composer.lock to identify vulnerable transitive dependencies

06Severity-based classification of security risks from critical to minor

Casos de Uso

01Modernizing legacy PHP applications by identifying outdated or abandoned dependencies that require replacement

02Performing a pre-deployment security audit to ensure no known vulnerabilities are shipped to production

03Integrating automated dependency scanning into CI/CD pipelines to prevent the introduction of risky packages

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-dependency-vulnerabilities

For use in Claude.ai and ChatGPT

Download Skill