home.social
Sign in Create account

#composerphp — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #composerphp, aggregated by home.social.

  1. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  2. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  3. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  4. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #githubactions #composerphp #magento #php
  5. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  6. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  7. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  8. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  9. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #phpc #composerphp #php
  10. packagist @[email protected] ·

    UPDATE: GitHub has rolled back their change to GitHub Actions tokens. It is no longer necessary to immediately disable GitHub Actions. We now have a few days to get the entire PHP ecosystem updated to safe Composer versions, before a new rollout of the new token format is attempted. GitHub is also looking into improving their secrets masking. Ideally a new rollout will not lead to any leaked credentials, even if they are accidentally exposed in logs. #php #composerphp #phpc

    #php #composerphp #phpc
  11. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  12. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  13. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  14. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #techupdate #softwaresecurity #codesmart #securitypatch #infosec #webdevlife
  15. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  16. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  17. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  18. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  19. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #supplychainattack #teampcp #pypi #composerphp #npm
  20. github.com/ghostwriter @[email protected] ·

    🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.

    [email protected]
    [email protected]

    socket.dev/blog/tanstack-npm-p

    #TeamPCP #SupplyChainAttack

    #npm #composerphp #pypi #teampcp #supplychainattack
  21. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  22. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  23. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  24. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #sustainability #opensource #freesoftwareisntfree #preserveopensource #softwaresupplychain #composerphp
  25. Nils Adermann @[email protected] ·

    RE: social.lfx.dev/@openssf/116527

    Open infrastructure isn't free. 🌱

    Packagist/Composer signed a joint
    OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

    Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

    #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

    #php #phpc #composerphp #softwaresupplychain #preserveopensource #freesoftwareisntfree
  26. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  27. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  28. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  29. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #security #composerphp #php
  30. graste @[email protected] ·

    linkedin.com/posts/nilsaderman

    Waiting for @packagist 2.10 :)

    #php mini Shai hulud attempt via #composerphp plugins #Security

    socket.dev/blog/mini-shai-hulu

    PyPi -> npmjs -> Packagist

    #php #composerphp #security
  31. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #npm #php #composerphp #composer #intercom #supplychain
  32. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #npm #php #composerphp #composer #intercom #supplychain
  33. github.com/ghostwriter @[email protected] ·

    Supply chain attack affecting Intercom has expanded beyond #npm and into the #PHP ecosystem.

    `intercom/[email protected]`

    github.com/intercom/intercom-p

    github.com/intercom/intercom-n

    intercomstatus.com/us-hosting/

    wiz.io/blog/mini-shai-hulud-su

    socket.dev/blog/mini-shai-hulu

    #PHP #ComposerPHP #Composer #Intercom #SupplyChain #SupplyChainAttack #MiniShaiHulud

    #minishaihulud #supplychainattack #supplychain #intercom #composer #composerphp
  34. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  35. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  36. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  37. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #webdev #webdevelopment #softwaredevelopment #marketplace #store #code
  38. .:\dGh/:. @[email protected] ·

    Fuck it, I'm going to make a store for Laravel Packages, per-package licensing, and quality commitment (no $49 shit that is barely two classes).

    Really. Fuck it.

    #PHP #ComposerPHP #Programming #Laravel #Coding #Code #Store #Marketplace #SoftwareDevelopment #WebDevelopment #WebDev

    #php #composerphp #programming #laravel #coding #code
  39. .:\dGh/:. @[email protected] ·

    Fed up with Composer not allowing per-package authentication (it forces per-host authentication).

    So I made a plugin.

    github.com/Laragear/MultiAuth

    Haven't tested it yet on prod, but it *should* work. If not, welp, I'm testing it today on a project.

    #PHP #Programming #ComposerPHP #Coding #Code #SoftwareDevelopment #WebDevelopment

    #php #programming #composerphp #coding #code #softwaredevelopment
  40. .:\dGh/:. @[email protected] ·

    Fed up with Composer not allowing per-package authentication (it forces per-host authentication).

    So I made a plugin.

    github.com/Laragear/MultiAuth

    Haven't tested it yet on prod, but it *should* work. If not, welp, I'm testing it today on a project.

    #PHP #Programming #ComposerPHP #Coding #Code #SoftwareDevelopment #WebDevelopment

    #php #programming #composerphp #coding #code #softwaredevelopment
  41. .:\dGh/:. @[email protected] ·

    Fed up with Composer not allowing per-package authentication (it forces per-host authentication).

    So I made a plugin.

    github.com/Laragear/MultiAuth

    Haven't tested it yet on prod, but it *should* work. If not, welp, I'm testing it today on a project.

    #PHP #Programming #ComposerPHP #Coding #Code #SoftwareDevelopment #WebDevelopment

    #php #programming #composerphp #coding #code #softwaredevelopment
  42. .:\dGh/:. @[email protected] ·

    Fed up with Composer not allowing per-package authentication (it forces per-host authentication).

    So I made a plugin.

    github.com/Laragear/MultiAuth

    Haven't tested it yet on prod, but it *should* work. If not, welp, I'm testing it today on a project.

    #PHP #Programming #ComposerPHP #Coding #Code #SoftwareDevelopment #WebDevelopment

    #webdevelopment #softwaredevelopment #code #coding #composerphp #programming
  43. .:\dGh/:. @[email protected] ·

    Fed up with Composer not allowing per-package authentication (it forces per-host authentication).

    So I made a plugin.

    github.com/Laragear/MultiAuth

    Haven't tested it yet on prod, but it *should* work. If not, welp, I'm testing it today on a project.

    #PHP #Programming #ComposerPHP #Coding #Code #SoftwareDevelopment #WebDevelopment

    #php #programming #composerphp #coding #code #softwaredevelopment
  44. .:\dGh/:. @[email protected] ·

    Dear people at @packagist:

    Add multi-auth bearer for packages under the same domain for #ComposerPHP.

    Thank you.

    #Programming #PHP #FOSS #OSS #OpenSource #Coding #Code #SoftwareDevelopment #PackageManager #WebDevelopment #WebDev

    #composerphp #programming #php #foss #oss #opensource
  45. .:\dGh/:. @[email protected] ·

    Dear people at @packagist:

    Add multi-auth bearer for packages under the same domain for #ComposerPHP.

    Thank you.

    #Programming #PHP #FOSS #OSS #OpenSource #Coding #Code #SoftwareDevelopment #PackageManager #WebDevelopment #WebDev

    #composerphp #programming #php #foss #oss #opensource
  46. .:\dGh/:. @[email protected] ·

    Dear people at @packagist:

    Add multi-auth bearer for packages under the same domain for #ComposerPHP.

    Thank you.

    #Programming #PHP #FOSS #OSS #OpenSource #Coding #Code #SoftwareDevelopment #PackageManager #WebDevelopment #WebDev

    #composerphp #programming #php #foss #oss #opensource
  47. .:\dGh/:. @[email protected] ·

    Dear people at @packagist:

    Add multi-auth bearer for packages under the same domain for #ComposerPHP.

    Thank you.

    #Programming #PHP #FOSS #OSS #OpenSource #Coding #Code #SoftwareDevelopment #PackageManager #WebDevelopment #WebDev

    #webdev #webdevelopment #packagemanager #softwaredevelopment #code #coding
  48. .:\dGh/:. @[email protected] ·

    Dear people at @packagist:

    Add multi-auth bearer for packages under the same domain for #ComposerPHP.

    Thank you.

    #Programming #PHP #FOSS #OSS #OpenSource #Coding #Code #SoftwareDevelopment #PackageManager #WebDevelopment #WebDev

    #composerphp #programming #php #foss #oss #opensource
  49. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #php #programming #laravel #laragear #composer #composerphp
  50. .:\dGh/:. @[email protected] ·

    My "free stack" for Laragear packages from now onwards, until a better solution is done:

    1. Sell in Gumroad
    2. Zapier to KeyGen.sh to create the license
    3. Zapier an email with the license
    4. Dev uses KeyGen to download the package

    This is the only way that allows me to sell and receive payouts in my country (Chile).

    #PHP #Programming #Laravel #Laragear #Composer #ComposerPHP #Gumroad #Zapier #KeyGenSH #KeyGen #SoftwareDevelopment #WebDevelopment #WebDev

    #php #programming #laravel #laragear #composer #composerphp