The vendor/ folder should never be directly accessible from the web. Add rules to deny access:

autoindex off;

If your server is flagging this or you've found this file exposed, take these steps immediately: CVE-2017-9841 Detail - NVD

Run this command inside your project directory to check your current PHPUnit version: composer show phpunit/phpunit Use code with caution. How to Fix and Secure Your Application 1. Update PHPUnit Immediately

Many developers mistakenly upload the entire vendor directory (managed by Composer) to their web-accessible document root.