Is mdanter/ecc safe to use?

mdanter/ecc has 2 known vulnerabilities on the latest version (v1.0.0). DepScope rates its health at 0/100 (critical risk).

What is the latest version of mdanter/ecc?

The latest version of mdanter/ecc is v1.0.0, released 2021-01-16.

Does mdanter/ecc have known vulnerabilities?

Yes. mdanter/ecc has 2 known vulnerabilities. See depscope.dev/pkg/composer/mdanter/ecc for details.

Is mdanter/ecc deprecated?

Yes, mdanter/ecc is deprecated: paragonie/ecc

What are alternatives to mdanter/ecc?

DepScope has no curated alternatives for mdanter/ecc at this time.

What license does mdanter/ecc use?

mdanter/ecc is licensed under MIT.

mdanter/ecc

composervv1.0.0deprecated

PHP Elliptic Curve Cryptography library

License MITpermissive16 versions3 maintainers3 deps

phpecc/phpecc

/ 100

Health

do not use

mdanter/ecc has critical vulnerabilities — do not use

Update to >= 2.0.1 to fix known vulnerabilities

Low health score (0/100)
Package is deprecated
1 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

0/20

popularity

13/25

security

9/15

maturity

4/15

community

Vulnerabilities

1 critical1 medium

Advisories (2)

Severity	ID	Summary	Fixed in
critical	GHSA-346h-749j-r28w	PHPECC vulnerable to multiple cryptographic side-channel attacks	—
medium	CVE-2024-33851	mdanter/ecc affected by timing vulnerability in cryptographic side-channels	2.0.1

OSS Scorecard

OpenSSF security posture score

2.6/10

poor

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

0

Primary author dominance

0%

GitHub stars

347

single active maintainer 3m

Health History

Dependency Tree

License Audit

Dependencies (3)

php ext-gmp fgrosse/phpasn1

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/mdanter/ecc

Last updated · 2021-01-16T19:42:14+00:00