PkgRadar

Composer · packagist.org

friendsofphp/php-cs-fixer

Remote Payload: matched "github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases/download"

Why PkgRadar flagged v3.95.5

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases/download" · PHP-CS-Fixer-PHP-CS-Fixer-7f86d87/src/ToolInfo.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v3.95.5Review52026-06-09

Block this in CI

PkgRadar gates friendsofphp/php-cs-fixer (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer friendsofphp/[email protected]
Start free — 25 scans / moView full evidence
friendsofphp/php-cs-fixer — Composer security scan | PkgRadar