During a job interview, the interviewer asked about my experiences using Composer in WordPress projects. Trying to be clever, I listed all the problems mixing Composer with WordPress ecosystem.
Instead of using my 9-year old composer plugin as the proof, foolish me decided build something new to showcase how miserable WordPress developers are. Here comes WP Sec Adv - a Composer repository for WordPress security advisories.
$ composer repo --append add wpsecadv composer https://repo-wpsecadv.typist.tech
$ composer audit
Composer resolver blocks known vulnerabilities and fails compsoer install|update|require. Every Bedrock project contains known CVEs. If you don’t see at least 2 vulnerabilities, you are doing it wrong.
Same as WP Composer philosophy: Independent, fully open source, community-funded (I hope - it is waiting for your sponsorship) and all that jazz.
Works with WP Composer, WPackagist, Satis, Private Packagist and plugins shops’ own Composer repositories, etc.
Learn more at typisttech/wpsecadv
Needless to say, the interviewer wasn’t impressed. I am still available for hire. My DM is open.