Dependency manifest files (composer.json, package.json, requirements.txt) list every library and framework your application uses, with exact version numbers — publicly readable, this hands attackers a precise shopping list of known vulnerabilities to try against your specific stack.
composer.json and package.json list your exact dependency versions — a ready-made target list for attackers checking each one against known CVEs, instead of having to guess what you're running.
Dependency manifest files return 403/404 when requested directly over the web.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →