Package managers like Composer make it quick and easy to add third-party libraries to an application. Unfortunately, they can also make it easy to import code that’s not meant to run in production—and might intentionally expose certain vulnerabilities—if your development team isn’t careful.