查資料的時候查到的,在 GitHub 上的 Roave/SecurityAdvisories 這個專案利用 Composer 的 require
條件限制,擋掉有安全漏洞的 library:
This package ensures that your application doesn't have installed dependencies with known security vulnerabilities.
看一下 composer.json 就知道作法了,裡面的 description
也說明了這個專案的用法:
Prevents installation of composer packages with known security vulnerabilities: no API, simply require it
這方法頗不賴的 XDDD