#composerphp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #composerphp, aggregated by home.social.
-
RE: https://phpc.social/@packagist/116566852406125489
If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc
-
#composerphp malware handling improvements upcoming in Composer v2.10
https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
-
#composerphp malware handling improvements upcoming in Composer v2.10
https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
-
#composerphp malware handling improvements upcoming in Composer v2.10
https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
-
#composerphp malware handling improvements upcoming in Composer v2.10
https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
-
#composerphp malware handling improvements upcoming in Composer v2.10
https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
-
Three months of Private Packagist updates: Malware filter list support is already in place, ahead of Composer 2.10's release next week. Flagged versions show warning banners on package pages and are marked in the version list. Permissions views on package level, better background job & sync visibility, and a narrower GitLab OAuth scope (read_api).
https://blog.packagist.com/whats-new-in-private-packagist-may-2026-update/
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261 -
"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261 -
"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261 -
"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261 -
"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261 -
UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc
-
UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc
-
UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc
-
UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc
-
UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
My "free stack" for Laragear packages from now onwards, until a better solution is done:
1. Sell in Gumroad
2. Zapier to KeyGen.sh to create the license
3. Zapier an email with the license
4. Dev uses KeyGen to download the packageThis is the only way that allows me to sell and receive payouts in my country (Chile).
#PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev
-
My "free stack" for Laragear packages from now onwards, until a better solution is done:
1. Sell in Gumroad
2. Zapier to KeyGen.sh to create the license
3. Zapier an email with the license
4. Dev uses KeyGen to download the packageThis is the only way that allows me to sell and receive payouts in my country (Chile).
#PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev
-
My "free stack" for Laragear packages from now onwards, until a better solution is done:
1. Sell in Gumroad
2. Zapier to KeyGen.sh to create the license
3. Zapier an email with the license
4. Dev uses KeyGen to download the packageThis is the only way that allows me to sell and receive payouts in my country (Chile).
#PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev
-
My "free stack" for Laragear packages from now onwards, until a better solution is done:
1. Sell in Gumroad
2. Zapier to KeyGen.sh to create the license
3. Zapier an email with the license
4. Dev uses KeyGen to download the packageThis is the only way that allows me to sell and receive payouts in my country (Chile).
#PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev
-
My "free stack" for Laragear packages from now onwards, until a better solution is done:
1. Sell in Gumroad
2. Zapier to KeyGen.sh to create the license
3. Zapier an email with the license
4. Dev uses KeyGen to download the packageThis is the only way that allows me to sell and receive payouts in my country (Chile).
#PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev
-
RE: https://social.lfx.dev/@openssf/116527089393674087
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
-
RE: https://social.lfx.dev/@openssf/116527089393674087
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
-
RE: https://social.lfx.dev/@openssf/116527089393674087
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
-
RE: https://social.lfx.dev/@openssf/116527089393674087
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
-
RE: https://social.lfx.dev/@openssf/116527089393674087
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
-
https://www.linkedin.com/posts/nilsadermann_composerphp-phpc-php-share-7455883397530451968-tuPc
Waiting for @packagist 2.10 :)
#php mini Shai hulud attempt via #composerphp plugins #Security
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
PyPi -> npmjs -> Packagist
-
https://www.linkedin.com/posts/nilsadermann_composerphp-phpc-php-share-7455883397530451968-tuPc
Waiting for @packagist 2.10 :)
#php mini Shai hulud attempt via #composerphp plugins #Security
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
PyPi -> npmjs -> Packagist
-
https://www.linkedin.com/posts/nilsadermann_composerphp-phpc-php-share-7455883397530451968-tuPc
Waiting for @packagist 2.10 :)
#php mini Shai hulud attempt via #composerphp plugins #Security
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
PyPi -> npmjs -> Packagist
-
https://www.linkedin.com/posts/nilsadermann_composerphp-phpc-php-share-7455883397530451968-tuPc
Waiting for @packagist 2.10 :)
#php mini Shai hulud attempt via #composerphp plugins #Security
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
PyPi -> npmjs -> Packagist
-
https://www.linkedin.com/posts/nilsadermann_composerphp-phpc-php-share-7455883397530451968-tuPc
Waiting for @packagist 2.10 :)
#php mini Shai hulud attempt via #composerphp plugins #Security
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
PyPi -> npmjs -> Packagist
-
Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.
`intercom/[email protected]`
https://github.com/intercom/intercom-php/security/advisories/GHSA-gr3r-crp5-qrrm
https://github.com/intercom/intercom-node/security/advisories/GHSA-54pg-9963-v8vg
https://www.intercomstatus.com/us-hosting/incidents/01KQFN6VS6ARP1XBR1K1SBYY59
https://www.wiz.io/blog/mini-shai-hulud-supply-chain-sap-npm
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
#PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud
-
Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.
`intercom/[email protected]`
https://github.com/intercom/intercom-php/security/advisories/GHSA-gr3r-crp5-qrrm
https://github.com/intercom/intercom-node/security/advisories/GHSA-54pg-9963-v8vg
https://www.intercomstatus.com/us-hosting/incidents/01KQFN6VS6ARP1XBR1K1SBYY59
https://www.wiz.io/blog/mini-shai-hulud-supply-chain-sap-npm
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
#PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud
-
Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.
`intercom/[email protected]`
https://github.com/intercom/intercom-php/security/advisories/GHSA-gr3r-crp5-qrrm
https://github.com/intercom/intercom-node/security/advisories/GHSA-54pg-9963-v8vg
https://www.intercomstatus.com/us-hosting/incidents/01KQFN6VS6ARP1XBR1K1SBYY59
https://www.wiz.io/blog/mini-shai-hulud-supply-chain-sap-npm
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
#PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud