home.social

#composerphp — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #composerphp, aggregated by home.social.

  1. packagist @[email protected] ·

    RE: phpc.social/@packagist/1165668

    If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc

    #composerphp #php #phpc
  2. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  3. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  4. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  5. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #php #slides #composerphp
  6. graste @[email protected] ·

    #composerphp malware handling improvements upcoming in Composer v2.10

    glaubinix.github.io/talks/2026

    #slides #php

    #composerphp #slides #php
  7. packagist @[email protected] ·

    Three months of Private Packagist updates: Malware filter list support is already in place, ahead of Composer 2.10's release next week. Flagged versions show warning banners on package pages and are marked in the version list. Permissions views on package level, better background job & sync visibility, and a narrower GitLab OAuth scope (read_api).

    blog.packagist.com/whats-new-i

    #php #phpc #composerphp

    #php #phpc #composerphp
  8. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  9. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  10. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  11. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #malware #supplychainsecurity #composerphp #phpday #phpc #php
  12. packagist @[email protected] ·

    We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!

    Slides at glaubinix.github.io/talks/2026

    #php #phpc #phpday #composerphp #supplychainsecurity #malware

    #php #phpc #phpday #composerphp #supplychainsecurity #malware
  13. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  14. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  15. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  16. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #githubactions #composerphp #magento #php
  17. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  18. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  19. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  20. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  21. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #phpc #composerphp #php
  22. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  23. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  24. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  25. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  26. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #techupdate #softwaresecurity #codesmart #securitypatch #infosec #webdevlife
  27. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  28. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  29. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  30. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  31. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #supplychainattack #teampcp #pypi #composerphp #npm
  32. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  33. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  34. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  35. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  36. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #sustainability #opensource #freesoftwareisntfree #preserveopensource #softwaresupplychain #composerphp
  37. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  38. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  39. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  40. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  41. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #security #composerphp #php
  42. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  43. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #npm #php #composerphp #composer #intercom #supplychain
  44. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #npm #php #composerphp #composer #intercom #supplychain
  45. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #minishaihulud #supplychainattack #supplychain #intercom #composer #composerphp
  46. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  47. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  48. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  49. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #webdev #webdevelopment #softwaredevelopment #marketplace #store #code
  50. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code