I recently found this really nice tool for scanning a project's dependancies for security issues: https://security.sensiolabs.org/. You'll need to...
For further actions, you may consider blocking this person and/or reporting abuse
Didn't know about it until now. I will keep this in mind for our build server, too.
Thanks Gabriel for sharing!
There is also Roave Security Advisories that can be required in composer.json ;)