Is Dependabot Composer Safe?

Dependabot Composer — Nerq Trust Score 68.2/100 (B- grade). Based on analysis of 2 trust dimensions, it is generally safe but has some concerns. Last updated: 2026-04-22.

Use Dependabot Composer with some caution. Dependabot Composer is a Ruby gem with a Nerq Trust Score of 68.2/100 (B-), based on 3 independent data dimensions. Below the recommended threshold of 70. Security: 90/100. Popularity: 100/100. Data sourced from rubygems.org, GitHub, and NVD. Last updated: 2026-03-20. Machine-readable data (JSON).

Is Dependabot Composer safe?

CAUTION — Dependabot Composer has a Nerq Trust Score of 68.2/100 (B-). It has moderate trust signals but shows some areas of concern that warrant attention. Suitable for development use — review security and maintenance signals before production deployment.

Security Analysis → Dependabot Composer Privacy Report →

What is Dependabot Composer's trust score?

Dependabot Composer has a Nerq Trust Score of 68.2/100, earning a B- grade. This score is based on 2 independently measured dimensions including security, maintenance, and community adoption.

Security
90
Popularity
100

What are the key security findings for Dependabot Composer?

Dependabot Composer's strongest signal is popularity at 100/100. No known vulnerabilities have been detected. It has not yet reached the Nerq Verified threshold of 70+.

Security score: 90/100 (strong)
Popularity: 100/100 — community adoption

What is Dependabot Composer and who maintains it?

AuthorDependabot
CategoryRuby Gems
SourceN/A

Similar Gems by Trust Score

tzinfo (68)multipart-post (68)mime-types-data (68)loofah (68)domain_name (68)
See all safest Gems →

Compare

Dependabot Composer vs tzinfoDependabot Composer vs multipart-postDependabot Composer vs mime-types-data

Safety Guide: Dependabot Composer

What is Dependabot Composer?

Dependabot Composer is a Ruby gem — Dependabot-Composer provides support for bumping PHP (composer) libraries via Dependabot. If you want support for multiple package managers, you probably want the meta-gem dependabot-omnibus..

How to Verify Safety

Run bundle audit. Review on rubygems.org.

You can also check the trust score via API: GET /v1/preflight?target=dependabot-composer

Key Safety Concerns for Ruby gem

When evaluating any Ruby gem, watch for: dependency vulnerabilities, maintenance status.

Trust Assessment

Dependabot Composer has a Nerq Trust Score of 68/100 (B-) and has not yet reached Nerq trust threshold (70+). This score is based on automated analysis of security, maintenance, community, and quality signals.

Key Takeaways

Detailed Score Analysis

DimensionScore
Security90/100
Maintenance50/100
Popularity100/100
Quality65/100
Community35/100

Based on 5 dimensions. Data from rubygems.org, GitHub, and NVD.

What data does Dependabot Composer collect?

Privacy assessment for Dependabot Composer is not yet available. See our methodology for how Nerq measures privacy, or the public privacy review for any community-contributed notes.

Is Dependabot Composer secure?

Security score: 90/100. This meets the recommended security threshold for production use.

Nerq monitors this entity against NVD, OSV.dev, and registry-specific vulnerability databases for ongoing security assessment.

Full analysis: Dependabot Composer Security Report

How we calculated this score

Dependabot Composer's trust score of 68.2/100 (B-) is computed from rubygems.org, GitHub, and NVD. The score reflects 5 independent dimensions: security (90/100), maintenance (50/100), popularity (100/100), quality (65/100), community (35/100). Each dimension is weighted equally to produce the composite trust score.

Nerq analyzes over 7.5 million entities across 26 registries using the same methodology, enabling direct cross-entity comparison. Scores are updated continuously as new data becomes available.

This page was last reviewed on April 22, 2026. Data version: 0.0.

Full methodology documentation · Machine-readable data (JSON API)

Frequently Asked Questions

Is Dependabot Composer Safe?
Use with some caution. dependabot-composer with a Nerq Trust Score of 68.2/100 (B-). Strongest signal: popularity (100/100). Score based on Security (90/100), Popularity (100/100).
What is Dependabot Composer's trust score?
dependabot-composer: 68.2/100 (B-). Score based on Security (90/100), Popularity (100/100). Scores update as new data becomes available. API: GET nerq.ai/v1/preflight?target=dependabot-composer
What are safer alternatives to Dependabot Composer?
In the Ruby Gems category, more Ruby gems are being analyzed — check back soon. dependabot-composer scores 68.2/100.
Does Dependabot Composer have known vulnerabilities?
Nerq checks Dependabot Composer against NVD, OSV.dev, and registry-specific vulnerability databases. Current security score: 90/100. Run your package manager's audit command for the latest findings.
Is Dependabot Composer actively maintained?
Dependabot Composer maintenance score: N/A. Check the repository for recent commit activity and issue responsiveness.
API: /v1/preflight Trust Badge API Docs

Popular in Ruby Gems

Tzinfo 68Multipart Post 68Mime Types Data 68Loofah 68Domain Name 68Thread Safe 68Erubi 68Multi Xml 68Unf 68Dotenv 68Rack Protection 68Rb Fsevent 68

Recently Analyzed

Github Codespaces saasHaiku (Animator) saasLibsql (Sqld) saasBrowserstack saasExpensify saasLoom saasQuickdatabaseflow saasOtter.Ai (Business) saasAutoemailhub saasPrivy saas

See Also

Disclaimer: Nerq trust scores are automated assessments based on publicly available signals. They are not endorsements or guarantees. Always conduct your own due diligence.

Apps npm PyPI VPNs Games All Categories Compare
We use cookies for analytics and caching. Privacy