home.social

#composerphp — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #composerphp, aggregated by home.social.

  1. packagist @[email protected] ·

    RE: phpc.social/@packagist/1165668

    If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc

    #composerphp #php #phpc
  2. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  3. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  4. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  5. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #php #slides #composerphp
  6. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  7. packagist @[email protected] ·

    Three months of Private Packagist updates: Malware filter list support is already in place, ahead of Composer 2.10's release next week. Flagged versions show warning banners on package pages and are marked in the version list. Permissions views on package level, better background job & sync visibility, and a narrower GitLab OAuth scope (read_api).

    blog.packagist.com/whats-new-i

    #php #phpc #composerphp

    #php #phpc #composerphp
  8. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  9. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  10. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  11. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #malware #supplychainsecurity #composerphp #phpday #phpc #php
  12. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  13. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  14. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  15. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  16. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #githubactions #composerphp #magento #php
  17. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  18. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  19. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  20. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  21. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #phpc #composerphp #php
  22. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  23. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  24. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  25. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  26. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #techupdate #softwaresecurity #codesmart #securitypatch #infosec #webdevlife
  27. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  28. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  29. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  30. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  31. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #supplychainattack #teampcp #pypi #composerphp #npm
  32. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  33. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #php #programming #laravel #laragear #composer #composerphp
  34. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #php #programming #laravel #laragear #composer #composerphp
  35. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #php #programming #laravel #laragear #composer #composerphp
  36. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #webdev #webdevelopment #softwaredevelopment #keygen #keygensh #zapier
  37. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #php #programming #laravel #laragear #composer #composerphp
  38. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  39. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  40. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  41. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #sustainability #opensource #freesoftwareisntfree #preserveopensource #softwaresupplychain #composerphp
  42. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  43. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  44. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  45. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  46. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #security #composerphp #php
  47. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  48. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #npm #php #composerphp #composer #intercom #supplychain
  49. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #npm #php #composerphp #composer #intercom #supplychain
  50. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #minishaihulud #supplychainattack #supplychain #intercom #composer #composerphp