Drupal Security Warning for Composer

This Composer plugin will display a warning when users install or update Drupal packages (via Composer) that are not supported by the Drupal Security team, as per the Security Advisory Policy.

Example

Installing or updating a "non-covered" Drupal package via composer install will display:

    You are using Drupal packages that are not supported by the Drupal Security Team!
      - drupal/consumers:1.0.0.0-beta1: Project has not opted into security advisory coverage!
      - drupal/inline_entity_form:1.0.0.0-beta1: Beta releases are not covered by Drupal security advisories.
      - drupal/scheduled_updates:1.0.0.0-alpha6: Project has not opted into security advisory coverage!
      - drupal/diff:1.0.0.0-RC1: RC releases are not covered by Drupal security advisories.
      - drupal/seckit:1.0.0.0-alpha2: Alpha releases are not covered by Drupal security advisories.
      - drupal/security_review:dev-1.x: Dev releases are not covered by Drupal security advisories.
    See https://www.drupal.org/security-advisory-policy for more information.

Requirements

You must use Composer to manage your Drupal site dependencies. This may require several modifications to your application's root composer.json. You must modify your composer.json in accordance with the linked documentation before following the installation instructions. Please read the documentation if you are not familiar with the specifics of managing a Drupal site with Composer.

Installation

composer require grasmash/drupal-security-warning

Support and Contribution

The main repository is on GitHub, mirrored here for convenience. Pull requests on GitHub are preferred for bug fixes and feature additions, since automated tests are run.

Support requests are welcome on GitHub.