diff --git a/src/Composer/Util/ConfigValidator.php b/src/Composer/Util/ConfigValidator.php
index a7ddaca9b..f4a876cfe 100644
--- a/src/Composer/Util/ConfigValidator.php
+++ b/src/Composer/Util/ConfigValidator.php
@@ -124,6 +124,19 @@ class ConfigValidator
             }
         }
 
+        // check for commit references
+        $require = isset($manifest['require']) ? $manifest['require'] : array();
+        $requireDev = isset($manifest['require-dev']) ? $manifest['require-dev'] : array();
+        $packages = array_merge($require, $requireDev);
+        foreach ($packages as $package => $version) {
+            if (preg_match('/#/', $version) === 1) {
+                $warnings[] = sprintf(
+                    'The package "%s" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.',
+                    $package
+                );
+            }
+        }
+
         // check for empty psr-0/psr-4 namespace prefixes
         if (isset($manifest['autoload']['psr-0'][''])) {
             $warnings[] = "Defining autoload.psr-0 with an empty namespace prefix is a bad idea for performance";
diff --git a/tests/Composer/Test/Util/ConfigValidatorTest.php b/tests/Composer/Test/Util/ConfigValidatorTest.php
new file mode 100644
index 000000000..e4edc1ca4
--- /dev/null
+++ b/tests/Composer/Test/Util/ConfigValidatorTest.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of Composer.
+ *
+ * (c) Nils Adermann <naderman@naderman.de>
+ *     Jordi Boggiano <j.boggiano@seld.be>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Composer\Test\Util;
+
+use Composer\IO\NullIO;
+use Composer\Util\ConfigValidator;
+use Composer\TestCase;
+
+/**
+ * ConfigValidator test case
+ */
+class ConfigValidatorTest extends TestCase
+{
+    /**
+     * Test ConfigValidator warns on commit reference
+     */
+    public function testConfigValidatorCommitRefWarning()
+    {
+        $configValidator = new ConfigValidator(new NullIO());
+        list(, , $warnings) = $configValidator->validate(__DIR__ . '/Fixtures/composer_commit-ref.json');
+
+        $this->assertEquals(true, in_array(
+            'The package "some/package" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.',
+            $warnings
+        ));
+    }
+}
diff --git a/tests/Composer/Test/Util/Fixtures/composer_commit-ref.json b/tests/Composer/Test/Util/Fixtures/composer_commit-ref.json
new file mode 100644
index 000000000..40bbbe41d
--- /dev/null
+++ b/tests/Composer/Test/Util/Fixtures/composer_commit-ref.json
@@ -0,0 +1,5 @@
+{
+    "require": {
+        "some/package": "dev-master#fgb42d"
+    }
+}