#packagist — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #packagist, aggregated by home.social.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)
🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
⚠️ Fake #Laravel packages on #Packagist deploy a cross-platform #RAT on Windows, macOS & Linux — researchers at Socket flagged 3 malicious #PHP packages disguised as Laravel utilities #cybersecurity #supplychain #opensource #infosec
📦 Malicious packages identified:
• nhattuanbl/lara-helper (37 downloads)
• nhattuanbl/simple-queue (29 downloads)
• nhattuanbl/lara-swagger (49 downloads)🧵 👇
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
I finally solved my Composer hanging/stuck issue 🚀
Set up a local proxy server and routed downloads using PHP stream functions.Added real-time debugging with log files to trace where it was freezing.
Result: smooth installs, zero guesswork 😌
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
The other night I made this little #PHP tool that validates #PHPDoc annotations against the actual method signature, to make sure that they are compatible and don't drift apart over time.
I use it as a quick check before running #PHPStan to make sure that the static analysis is correctly informed. Published it on #Packagist in case anyone else would find it useful too: https://packagist.org/packages/nsrosenqvist/phpdoc-validator
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
RE: https://infosec.exchange/@art4/115747129017446982
Just in time for the end of 2025 (at least in my time zone), I released version 1.0.0 of my new #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist:
https://packagist.org/packages/art4/rector-bc-library
Happy new year! 🥳
-
I'm currently working on a #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist: https://packagist.org/packages/art4/rector-bc-library
And feel free to give me feedback.
-
I'm currently working on a #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist: https://packagist.org/packages/art4/rector-bc-library
And feel free to give me feedback.
-
I'm currently working on a #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist: https://packagist.org/packages/art4/rector-bc-library
And feel free to give me feedback.
-
I'm currently working on a #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist: https://packagist.org/packages/art4/rector-bc-library
And feel free to give me feedback.
-
I'm currently working on a #RectorExtension that replaces the native type declaration set. The special thing about it: no breaking changes!
This means: no changes to parameter types or return types if your class/method is not private or final. This is particularly important for library maintainers who want to use #Rector but don't want to have any breaking changes.
If you are a maintainer of a #PHP library and #backwardcompatibility is important to you, then check it out on #packagist: https://packagist.org/packages/art4/rector-bc-library
And feel free to give me feedback.
-
How to use local packages in Composer: a guide for PHP developers
When working on a PHP project, it’s common to rely on external libraries published on Packagist. Composer makes installing and managing these dependencies effortless. But what if you need to work with a dependency locally, outside Packagist?
https://dev.to/robertobutti/how-to-use-local-packages-in-composer-a-guide-for-php-developers-h89
-
How to use local packages in Composer: a guide for PHP developers
When working on a PHP project, it’s common to rely on external libraries published on Packagist. Composer makes installing and managing these dependencies effortless. But what if you need to work with a dependency locally, outside Packagist?
https://dev.to/robertobutti/how-to-use-local-packages-in-composer-a-guide-for-php-developers-h89
-
How to use local packages in Composer: a guide for PHP developers
When working on a PHP project, it’s common to rely on external libraries published on Packagist. Composer makes installing and managing these dependencies effortless. But what if you need to work with a dependency locally, outside Packagist?
https://dev.to/robertobutti/how-to-use-local-packages-in-composer-a-guide-for-php-developers-h89
-
How to use local packages in Composer: a guide for PHP developers
When working on a PHP project, it’s common to rely on external libraries published on Packagist. Composer makes installing and managing these dependencies effortless. But what if you need to work with a dependency locally, outside Packagist?
https://dev.to/robertobutti/how-to-use-local-packages-in-composer-a-guide-for-php-developers-h89
-
How to use local packages in Composer: a guide for PHP developers
When working on a PHP project, it’s common to rely on external libraries published on Packagist. Composer makes installing and managing these dependencies effortless. But what if you need to work with a dependency locally, outside Packagist?
https://dev.to/robertobutti/how-to-use-local-packages-in-composer-a-guide-for-php-developers-h89
-
Strengthening PHP Supply Chain Security with a Transparency Log for Packagist.org. #PHP #packagist
http://packagist.org/?utm_source=flipboard&utm_medium=activitypub
Posted into SYMFONY FOR THE DEVIL @symfony-for-the-devil-mobileatom
-
Strengthening PHP Supply Chain Security with a Transparency Log for Packagist.org. #PHP #packagist
http://packagist.org/?utm_source=flipboard&utm_medium=activitypub
Posted into SYMFONY FOR THE DEVIL @symfony-for-the-devil-mobileatom
-
Strengthening PHP Supply Chain Security with a Transparency Log for Packagist.org. #PHP #packagist
http://packagist.org/?utm_source=flipboard&utm_medium=activitypub
Posted into SYMFONY FOR THE DEVIL @symfony-for-the-devil-mobileatom
-
Woot! Abivia Ledger for Laravel passes 25K downloads through Packagist!
This makes it the most popular piece of open source code I've written, ever. Also apparently one of the most bug-free. Just 12 issues on GitHub in over three years, and most of those not related to bugs.
My personal mission to help developers avoid building ill-conceived accounting logic into their applications continues!
-
Woot! Abivia Ledger for Laravel passes 25K downloads through Packagist!
This makes it the most popular piece of open source code I've written, ever. Also apparently one of the most bug-free. Just 12 issues on GitHub in over three years, and most of those not related to bugs.
My personal mission to help developers avoid building ill-conceived accounting logic into their applications continues!