🚨 Composer 2.9.6 and 2.2.27 are out with fixes for CVE-2026-40261 and CVE-2026-40176, command injection issues in the Perforce driver. Run composer self-update now. No exploits detected on Packagist.org and Private Packagist. Details: blog.packagist.com/composer-2-9... #php #phpc #composerphp
We need your help to test Composer 2.10. Expect a final release next week, now is the time to try it out and flag any issue you find! github.com/composer/com... #composerphp #phpc
Private Packagist is a member of the @opensourcepledge.com & gave over $4k/FTE in 2025 to #opensource maintainers. Have your company join too! blog.packagist.com/private-pack... - Reach out if you want to be a launch partner for our Composer&Packagist.org sponsorship program! #composerphp #php #phpc
Yeah most likely connected. Anyway i saw your email and security report already just didn't get to handle it yet..
🚀 Private Packagist February update: Redesigned login flow, team member MFA resets for org owners, new Microsoft Teams Workflow notifications (old connectors deprecated), clickable composer search URLs in your terminal blog.packagist.com/whats-new-in... #composerphp #php #phpc
Proud to announce we just renewed our annual $18,000 sponsorship for the The PHP Foundation!
Check out this summary on the work completed in 2025. So much more could be accomplished, if all businesses using PHP contributed. Sign up as a sponsor and help moving PHP forward!
Nils Adermann in yellow Private Packagist t-shirt and blue hoodie presenting in front of a crowd at SymfonyCon Amsterdam 2025.
Nils Adermann presenting on 2FA enforcement in package manager ecosystems in front of a crowd at SymfonyCon Amsterdam 2025.
Nils Adermann presenting at SymfonyCon Amsterdam 2025 on stage, discussing the npm Shai-Hulud Worm security incident. The slide shows details of the November 2024 supply chain attack that compromised 700+ packages and exposed credentials from 26k+ repositories through GitHub Actions code injection.
Conference attendees gathered around the Private Packagist booth at SymfonyCon Amsterdam 2025 having discussions.
Back from our annual #SymfonyCon trip! Great experience celebrating 20 years of #Symfony with its community in Amsterdam. The @packagist.com booth was busy throughout the event, and my package manager security outlook talk sparked good conversations. See you in Warsaw 2026! #php #composerphp
New in Private Packagist: Usage Tracking can now help prioritize security updates by showing how deps cascade through projects and where vulnerable versions are used. Trusted Publishing for GitHub Actions and better synchronization setup. blog.packagist.com/whats-new-in... #php #phpc #composerphp
After Composer 2.9 CLI security improvements, we're working on a transparency log for Packagist to strengthen PHP supply chain security, funded by the @sovereign.tech with help of the @thephpf.bsky.social and Private Packagist. Details at blog.packagist.com/strengthenin... #php #phpc #composerphp
Composer 2.9 is here! 🚀 It automatically blocks packages with known vulnerabilities, has a new repository command to manage repos from the CLI, and lots more!
blog.packagist.com/composer-2-9/
#composerphp #phpc #PHP
Composer 2.9 is coming, and there's an RC to try out! We need your help and feedback github.com/composer/com... #composerphp #phpc
🚨 Warning to #PHP package maintainers: We did not email you to change your passwords & 2FA. Emails asking you to update your credentials are a phishing attempt. We had the phishing site & domain taken down. If you got the email and entered your credentials, please contact us. #phpc
Together with PyPI, Maven Central, cratesio and other major package registries we signed a statement on sustainable open source infrastructure.
3B+ installs/month and evolving #composerphp and packagist.org requires sharing the costs.
#phpc #php
The era of Composer v1 finally comes to an end, long live Composer v2! 👑 Today packagist.org support for v1 metadata has been shut down as announced last year. blog.packagist.com/packagist-or... #composerphp #phpc #php
August update: dependency usage tracking across your packages, automatic GitLab token rotation, and Conductor improvements with custom labels and smarter PR handling blog.packagist.com/whats-new-in... #php #composer #composerphp #phpc
🚨 Packagist.org shutdown of Composer 1.x support postponed to September 1st, 2025. Act now, upgrade to Composer 2! Last resort: check out Private Packagist extended 1.x support if you really cannot migrate right now. blog.packagist.com/packagist-or...
I will be at WordCamp Europe today talking about Composer and dependency management. Find me if you want to chat about @packagist.com!
I expected more from the AI model too tbh.. Do ping if you're in town tho!
You're lucky I cannot seem to ai-gen an image of you roasting marshmallows with your flintstone-lit farts.
Definitely the cork, it makes sure you don't let out any extra gas too, another sustainability win.
She must've thought the rage against the sewing machine sweater means you're a big crochet guy
Let's add modern compression formats to PHP!
The new RFC for natively integrating Zstandard and Brotli proposed by @seld.be and myself would significantly improve Composer and asset pre-compression by @symfony.com AssetMapper.
Two people on stools at a table in front of a Private Packagist and a Conductor banner as well as a big screen.
Stop by our @packagist.com booth at #LaraconEU and have a chat about Composer, Packagist, Conductor or anything else relating to dependency management and supply chain security! #Laravel #Laracon
Got our #SymfonyCon tickets for next year already
Team photo in front of Symfony Logo
Meet our team at #SymfomyCon Vienna! We'd love to chat about how you manage your Composer dependencies, your questions around supply chain security, Private Packagist or our upcoming product Conductor! #symfony #php #composerphp
We're excited to introduce you to 🧑✈️Conductor! Automatic dependency update PRs with Composer for PHP projects - Security fixes patched in minutes - Continuous updates without the hassle - all running in your own CI env!
Early access waitlist: packagist.com/features/con...
#composerphp #php #phpc
➡️ The PHP manual has learned a new trick, you can now run the code right in the browser!
🥳 Thanks to @soyuka for the implementation!
#php #documentation
