Is your feature request related to a problem? Please describe.
We have a Composer repository managed with Satis and we want to be able to inform users that a package has known vulnerabilities.
Describe the solution you'd like
Composer supports querying an API to get advisories: https://packagist.org/apidoc#list-security-advisories
Describe alternatives you've considered
Our current workaround is to use blacklist in satis.json to remove the vulnerable packages.
But this does not inform users running composer audit.
Is your feature request related to a problem? Please describe.
We have a Composer repository managed with Satis and we want to be able to inform users that a package has known vulnerabilities.
Describe the solution you'd like
Composer supports querying an API to get advisories: https://packagist.org/apidoc#list-security-advisories
Describe alternatives you've considered
Our current workaround is to use
blacklistin satis.json to remove the vulnerable packages.But this does not inform users running
composer audit.