#packagist — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #packagist, aggregated by home.social.
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
> 120 malicious packages have been pulled from RubyGems
https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html
For those counting: #npm, #PyPI, #RubyGems, #cargo #NuGet, #packagist and #Maven so far…
-
> 120 malicious packages have been pulled from RubyGems
https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html
For those counting: #npm, #PyPI, #RubyGems, #cargo #NuGet, #packagist and #Maven so far…
-
> 120 malicious packages have been pulled from RubyGems
https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html
For those counting: #npm, #PyPI, #RubyGems, #cargo #NuGet, #packagist and #Maven so far…
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
I'm currently working on a #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist: https://packagist.org/packages/art4/rector-bc-library
And feel free to give me feedback.