Private Packagist

<!DOCTYPE html> <html lang="en"> <head> <title>Private Packagist</title> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="HandheldFriendly" content="True" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <style> :root { --button-bg-color: #ffffff; --button-text-color: var(--color-darkgrey); } </style> <link rel="stylesheet" type="text/css" href="https://blog.packagist.com/assets/built/screen.css?v=779445e934" /> <meta name="description" content="PHP Package Repositories for Composer"> <link rel="icon" href="https://blog.packagist.com/content/images/size/w256h256/2018/11/logo-128.png" type="image/png"> <link rel="canonical" href="https://blog.packagist.com/"> <meta name="referrer" content="no-referrer-when-downgrade"> <link rel="next" href="https://blog.packagist.com/page/2/"> <meta property="og:site_name" content="Private Packagist"> <meta property="og:type" content="website"> <meta property="og:title" content="Private Packagist"> <meta property="og:description" content="PHP Package Repositories for Composer"> <meta property="og:url" content="https://blog.packagist.com/"> <meta property="og:image" content="https://blog.packagist.com/content/images/size/w1200/2018/11/DSC_6578_BestWide.jpg"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:title" content="Private Packagist"> <meta name="twitter:description" content="PHP Package Repositories for Composer"> <meta name="twitter:url" content="https://blog.packagist.com/"> <meta name="twitter:image" content="https://blog.packagist.com/content/images/size/w1200/2018/11/DSC_6578_BestWide.jpg"> <meta name="twitter:site" content="@packagist"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="800"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "WebSite", "publisher": { "@type": "Organization", "name": "Private Packagist", "url": "https://blog.packagist.com/", "logo": { "@type": "ImageObject", "url": "https://blog.packagist.com/content/images/2018/11/logo-right-square-1.png", "width": 60, "height": 60 } }, "url": "https://blog.packagist.com/", "name": "Private Packagist", "image": { "@type": "ImageObject", "url": "https://blog.packagist.com/content/images/size/w1200/2018/11/DSC_6578_BestWide.jpg", "width": 1200, "height": 800 }, "mainEntityOfPage": "https://blog.packagist.com/", "description": "PHP Package Repositories for Composer" } </script> <meta name="generator" content="Ghost 5.109"> <link rel="alternate" type="application/rss+xml" title="Private Packagist" href="https://blog.packagist.com/rss/"> <script defer src="https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/sodo-search.min.js" data-key="7a42b182b712d76c29202d03df" data-styles="https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/main.css" data-sodo-search="https://private-packagist.ghost.io/" data-locale="en" crossorigin="anonymous"></script> <link href="https://blog.packagist.com/webmentions/receive/" rel="webmention"> <script defer src="/public/cards.min.js?v=779445e934"></script><style>:root {--ghost-accent-color: #ecc054;}</style> <link rel="stylesheet" type="text/css" href="/public/cards.min.css?v=779445e934"> </head> <body class="home-template"> <div class="viewport"> <header id="gh-head" class="gh-head has-cover"> <nav class="gh-head-inner inner gh-container"> <div class="gh-head-brand"> <a class="gh-head-logo" href="https://blog.packagist.com"> <img src="https://blog.packagist.com/content/images/2018/11/logo-right-square-1.png" alt="Private Packagist" /> </a> <a class="gh-burger" role="button"> <div class="gh-burger-box"> <div class="gh-burger-inner"></div> </div> </a> </div> <div class="gh-head-menu"> <ul class="nav"> <li class="nav-home nav-current"><a href="https://blog.packagist.com/">Home</a></li> <li class="nav-packagist-com"><a href="https://packagist.com">Packagist.com</a></li> <li class="nav-about"><a href="https://packagist.com/about/">About</a></li> </ul> </div> <div class="gh-head-actions"> <div class="gh-social"> <a class="gh-social-twitter" href="https://twitter.com/packagist" title="Twitter" target="_blank" rel="noopener"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path d="M30.063 7.313c-.813 1.125-1.75 2.125-2.875 2.938v.75c0 1.563-.188 3.125-.688 4.625a15.088 15.088 0 0 1-2.063 4.438c-.875 1.438-2 2.688-3.25 3.813a15.015 15.015 0 0 1-4.625 2.563c-1.813.688-3.75 1-5.75 1-3.25 0-6.188-.875-8.875-2.625.438.063.875.125 1.375.125 2.688 0 5.063-.875 7.188-2.5-1.25 0-2.375-.375-3.375-1.125s-1.688-1.688-2.063-2.875c.438.063.813.125 1.125.125.5 0 1-.063 1.5-.25-1.313-.25-2.438-.938-3.313-1.938a5.673 5.673 0 0 1-1.313-3.688v-.063c.813.438 1.688.688 2.625.688a5.228 5.228 0 0 1-1.875-2c-.5-.875-.688-1.813-.688-2.75 0-1.063.25-2.063.75-2.938 1.438 1.75 3.188 3.188 5.25 4.25s4.313 1.688 6.688 1.813a5.579 5.579 0 0 1 1.5-5.438c1.125-1.125 2.5-1.688 4.125-1.688s3.063.625 4.188 1.813a11.48 11.48 0 0 0 3.688-1.375c-.438 1.375-1.313 2.438-2.563 3.188 1.125-.125 2.188-.438 3.313-.875z"/></svg> </a> </div> </div> </nav> </header> <div class="site-content"> <div class="site-header-content"> <img class="site-header-cover" srcset="/content/images/size/w300/2018/11/DSC_6578_BestWide.jpg 300w, /content/images/size/w600/2018/11/DSC_6578_BestWide.jpg 600w, /content/images/size/w1000/2018/11/DSC_6578_BestWide.jpg 1000w, /content/images/size/w2000/2018/11/DSC_6578_BestWide.jpg 2000w" sizes="100vw" src="/content/images/size/w2000/2018/11/DSC_6578_BestWide.jpg" alt="" /> <h1 class="site-title"> Private Packagist </h1> <p>PHP Package Repositories for Composer</p> </div> <main id="site-main" class="site-main outer"> <div class="inner posts"> <div class="post-feed"> <article class="post-card post tag-changelog tag-private-packagist no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/whats-new-in-private-packagist-february-update/"> <header class="post-card-header"> <div class="post-card-primary-tag">changelog</div> <h2 class="post-card-title">What鈥檚 New in Private Packagist, February Update</h2> </header> <div class="post-card-excerpt"> <p>While we鈥檙e also putting the final touches on Conductor, our team has shipped regular updates and improvements to Private Packagist. We鈥檒l share some significant changes we've made to Private Packagist over the past few months. Support for PIE We've introduced support for php-ext metadata,</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/stevenrombauts/" class="static-avatar"> <img class="author-profile-image" src="https://www.gravatar.com/avatar/9520a0a29b1b67b1d8af6dfc4980c5f5?s=250&r=x&d=mp" alt="Steven Rombauts" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/stevenrombauts/">Steven Rombauts</a></span> <span class="post-card-byline-date"><time datetime="2025-02-13">Feb 13, 2025</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-opensource tag-sustainability tag-funding tag-donations no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/the-reality-of-funding-open-source/"> <header class="post-card-header"> <div class="post-card-primary-tag">opensource</div> <h2 class="post-card-title">The Reality of Funding Open Source</h2> </header> <div class="post-card-excerpt"> <p>As the founder of Packagist Conductors, a small company with just eight employees, I've had a front-row seat to one of the most pressing challenges in software development today: sustainable open source funding. We found our own way to fund a major open source project, and managed to</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2025-02-07">Feb 7, 2025</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-security tag-packagist-org tag-private-packagist tag-composer tag-audit no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/discover-security-advisories-with-composers-audit-command/"> <header class="post-card-header"> <div class="post-card-primary-tag">security</div> <h2 class="post-card-title">Discover Security Advisories with Composer鈥檚 audit command</h2> </header> <div class="post-card-excerpt"> <p>Did you know that October is Cyber Security Awareness month, and that this year already marks its 21st anniversary? This collaborative effort between government and industry aims to raise awareness of online risks and to share important safety tips. These campaigns focus on basic best practices, such as protecting your</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/stevenrombauts/" class="static-avatar"> <img class="author-profile-image" src="https://www.gravatar.com/avatar/9520a0a29b1b67b1d8af6dfc4980c5f5?s=250&r=x&d=mp" alt="Steven Rombauts" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/stevenrombauts/">Steven Rombauts</a></span> <span class="post-card-byline-date"><time datetime="2024-10-09">Oct 9, 2024</time> <span class="bull">•</span> 5 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-opensource tag-private-packagist tag-sustainability tag-donations no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/packagist-is-joining-the-open-source-pledge/"> <header class="post-card-header"> <div class="post-card-primary-tag">opensource</div> <h2 class="post-card-title">Private Packagist is joining the Open Source Pledge</h2> </header> <div class="post-card-excerpt"> <p>We're joining the Open Source Pledge because our business is built on and with open-source software. We will spend at least $2,000 per full-time developer on open-source projects and maintainers. Sentry launched this initiative after a $500,000 distribution across their open-source dependencies, and others followed. Sustainability</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2024-09-04">Sep 4, 2024</time> <span class="bull">•</span> 1 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-packagist-org tag-opensource tag-eol no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/shutting-down-packagist-org-support-for-composer-1-x/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Shutting down Packagist.org support for Composer 1.x</h2> </header> <div class="post-card-excerpt"> <p>Composer 1.x has served the PHP community well, but with Composer 2.0 released four years ago in October 2020, it's time to move forward. As of today, more than 95% of Composer updates are using v2, benefiting from its significant improvements in performance, memory usage, and</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2024-09-03">Sep 3, 2024</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-security tag-audit no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-2-7-7/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Composer 2.7.7 & Security Audit by Cure53 funded by Alpha-Omega</h2> </header> <div class="post-card-excerpt"> <p>Today we鈥檙e releasing Composer 2.7.7 (PHP 7.2+) and 2.2.24 (LTS for use on PHP 5.3 to 7.1) to address two security vulnerabilities as well as a number of smaller security hardening measures, please update to the new versions immediately (e.g. with</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2024-06-10">Jun 10, 2024</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-security tag-dependencies tag-update no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-2-7-and-cve-2024-24821/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Composer 2.7 and CVE-2024-24821: Code execution and possible privilege escalation</h2> </header> <div class="post-card-excerpt"> <p>Please immediately update Composer to version 2.7.0 or 2.2.23 (composer.phar self-update). The new releases includes fixes for a code execution and possible privilege escalation via InstalledVersions.php or installed.php vulnerability (CVE-2024-24821) reported by Ed Cradock. The vulnerability does not impact packagist.org and Private</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2024-02-08">Feb 8, 2024</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-security tag-packagist-org no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/packagist-org-maintainer-account-takeover/"> <header class="post-card-header"> <div class="post-card-primary-tag">security</div> <h2 class="post-card-title">Packagist.org maintainer account takeover</h2> </header> <div class="post-card-excerpt"> <p>What happened? On May 1st, 2023 between 3:08pm UTC and 4:05pm UTC an attacker accessed four user accounts that had been inactive on Packagist.org for a period of time but still had access to a total of 14 packages. The attacker forked each of the packages and</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2023-05-03">May 3, 2023</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-security tag-audit no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-2-4/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Composer 2.4 Release</h2> </header> <div class="post-card-excerpt"> <p>Auditing dependencies for known security vulnerabilities Staying on top of disclosed security vulnerabilities in dependencies is a constant challenge. There are many monitoring solutions created to help track the security status of your dependencies. We offer our own Private Packagist Security Monitoring [https://blog.packagist.com/security-monitoring/] to notify customers</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2022-08-16">Aug 16, 2022</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-security tag-composer tag-packagist-org tag-private-packagist no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/cve-2022-24828-composer-command-injection-vulnerability/"> <header class="post-card-header"> <div class="post-card-primary-tag">security</div> <h2 class="post-card-title">CVE-2022-24828: Composer Command Injection Vulnerability</h2> </header> <div class="post-card-excerpt"> <p>Please immediately update Composer to version 2.3.5, 2.2.12, or 1.10.26 (composer.phar self-update). The new releases include fixes for a command injection security vulnerability (CVE-2022-24828) reported by Thomas Chauchefoin from SonarSource. Fixes for Packagist.org and Private Packagist were deployed within 24 hours of</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2022-04-13">Apr 13, 2022</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-2-3/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Composer 2.3 Release</h2> </header> <div class="post-card-excerpt"> <p>Modernizing Composer internals As announced in the 2.2 release notes, Composer 2.3 increases the required PHP version to >=7.2.5 and thus stops supporting PHP 5.3.2 - 7.2.4. The 2.2 LTS is still there for users stuck on older PHP versions.</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2022-03-30">Mar 30, 2022</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-2-2/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Composer 2.2 Release</h2> </header> <div class="post-card-excerpt"> <p>LTS / Long Term Support The 2.2 minor release is an LTS (Long Term Support) release. We will provide bugfixes for critical bugs and security issues until at least the end of 2023, and will then reassess based on remaining usage. The reason we are doing this is that after</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2021-12-22">Dec 22, 2021</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-private-packagist tag-composer tag-dependencies tag-update tag-review tag-codereview tag-security no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/introducing-update-review/"> <header class="post-card-header"> <div class="post-card-primary-tag">Private Packagist</div> <h2 class="post-card-title">Introducing: Update Review</h2> </header> <div class="post-card-excerpt"> <p>As of today, when you update your dependencies in a pull request, Private Packagist comments with all composer.lock changes displayed in a clear and easy to scan table. This feature is immediately available to all our customers at no additional cost. We love it! With the Private Packagist Update</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/glaubinix/" class="static-avatar"> <img class="author-profile-image" src="/content/images/size/w100/2021/04/stephan.jpg" alt="Stephan Vock" loading="lazy" /> </a> </li> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/glaubinix/">Stephan Vock</a>, <a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2021-12-02">Dec 2, 2021</time> <span class="bull">•</span> 4 min read</span> </div> </footer> </div> </article> <article class="post-card post no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/sunsetting-the-php-version-stats-blog-series/"> <header class="post-card-header"> <h2 class="post-card-title">Sunsetting the PHP Version Stats Blog Series</h2> </header> <div class="post-card-excerpt"> <p>Back in 2014 (a long time ago! PHP 5.6 was just released) I figured I actually had access to some interesting information on PHP usage in the Packagist.org logs. I wrote some shell commands to extract it and wrote the first blog post of the series [https://seld.</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2021-06-03">Jun 3, 2021</time> <span class="bull">•</span> 1 min read</span> </div> </footer> </div> </article> <article class="post-card post no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/php-versions-stats-2021-1-edition/"> <header class="post-card-header"> <h2 class="post-card-title">PHP Versions Stats - 2021.1 Edition</h2> </header> <div class="post-card-excerpt"> <p>See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/php-versions-stats-2018-1-edition], 2018.2</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2021-05-10">May 10, 2021</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-security tag-composer tag-packagist-org no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-command-injection-vulnerability/"> <header class="post-card-header"> <div class="post-card-primary-tag">security</div> <h2 class="post-card-title">Composer Command Injection Vulnerability</h2> </header> <div class="post-card-excerpt"> <p>Please immediately update Composer to version 2.0.13 [https://github.com/composer/composer/releases/tag/2.0.13] or 1.10.22 [https://github.com/composer/composer/releases/tag/1.10.22] (composer.phar self-update). The new releases include fixes for a command injection security vulnerability [https://github.com/</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2021-04-27">Apr 27, 2021</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-security tag-composer no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/git-clone-security-vulnerability/"> <header class="post-card-header"> <div class="post-card-primary-tag">security</div> <h2 class="post-card-title">Git Clone Security Vulnerability</h2> </header> <div class="post-card-excerpt"> <p>On March 9th, the Git project published new releases [https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/] for maintained branches to address security vulnerability CVE-2021-21300 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300]. We recommend you update your Git installation to a release containing the fix.</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2021-03-11">Mar 11, 2021</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-private-packagist tag-composer tag-monorepo tag-packagist-org tag-multipackage no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/installing-composer-packages-from-monorepos/"> <header class="post-card-header"> <div class="post-card-primary-tag">Private Packagist</div> <h2 class="post-card-title">Installing Composer Packages from Monorepos with Private Packagist</h2> </header> <div class="post-card-excerpt"> <p>A monorepo is a single repository that stores the source code of several or all packages of an organization. One of the biggest advantages of using monorepos is that it's easier to share and reuse code across multiple packages inside the monorepo. However, when you want to publish</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/wissem/" class="static-avatar"> <img class="author-profile-image" src="/content/images/size/w100/2021/02/wissem.jpeg" alt="Wissem Riahi" loading="lazy" /> </a> </li> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/wissem/">Wissem Riahi</a>, <a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2021-02-26">Feb 26, 2021</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-packagist-org tag-composer no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/deprecating-composer-1-support/"> <header class="post-card-header"> <div class="post-card-primary-tag">packagist.org</div> <h2 class="post-card-title">Deprecating Packagist.org support for Composer 1.x</h2> </header> <div class="post-card-excerpt"> <p>As you are hopefully aware by now, Composer 2.0 [https://getcomposer.org/2] was released in late October 2020. We hinted in the release announcement that Composer 1.x was pretty much EOL and today I want to expand a bit on the timeline we have in mind for</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2021-02-25">Feb 25, 2021</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-packagist-org tag-security no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/preventing-dependency-hijacking/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">Preventing Dependency Confusion in PHP with Composer</h2> </header> <div class="post-card-excerpt"> <p>Alex Birsan recently published his article "Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies" [https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610] in which he explains how he used language level package managers like npm (Javascript), pip (Python), and gems (Ruby) to get companies to</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2021-02-11">Feb 11, 2021</time> <span class="bull">•</span> 3 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-packagist-org tag-statistics tag-php no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/php-versions-stats-2020-2-edition/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">PHP Versions Stats - 2020.2 Edition</h2> </header> <div class="post-card-excerpt"> <p>See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/php-versions-stats-2018-1-edition], 2018.2</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2020-11-30">Nov 30, 2020</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-hash-nofeature "> <a class="post-card-image-link" href="/composer-2-0-is-now-available/"> <img class="post-card-image" srcset="/content/images/size/w300/2020/10/image_2020-10-24_175325.png 300w, /content/images/size/w600/2020/10/image_2020-10-24_175325.png 600w, /content/images/size/w1000/2020/10/image_2020-10-24_175325.png 1000w, /content/images/size/w2000/2020/10/image_2020-10-24_175325.png 2000w" sizes="(max-width: 1000px) 400px, 800px" src="/content/images/size/w600/2020/10/image_2020-10-24_175325.png" alt="Composer 2.0 is now available!" loading="lazy" /> </a> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-2-0-is-now-available/"> <header class="post-card-header"> <h2 class="post-card-title">Composer 2.0 is now available!</h2> </header> <div class="post-card-excerpt"> <p>1/ What's new? The list of changes and improvements is long, check the complete changelog [https://github.com/composer/composer/releases/tag/2.0.0] if you are interested in reading it all. I will highlight a few key points here. Performance improvements We overhauled pretty much everything</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2020-10-24">Oct 24, 2020</time> <span class="bull">•</span> 6 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-security tag-composer tag-packagist-org tag-opensource "> <a class="post-card-image-link" href="/security-monitoring/"> <img class="post-card-image" srcset="/content/images/size/w300/2020/07/twitter-security-monitoring.png 300w, /content/images/size/w600/2020/07/twitter-security-monitoring.png 600w, /content/images/size/w1000/2020/07/twitter-security-monitoring.png 1000w, /content/images/size/w2000/2020/07/twitter-security-monitoring.png 2000w" sizes="(max-width: 1000px) 400px, 800px" src="/content/images/size/w600/2020/07/twitter-security-monitoring.png" alt="Security Monitoring for Composer Projects" loading="lazy" /> </a> <div class="post-card-content"> <a class="post-card-content-link" href="/security-monitoring/"> <header class="post-card-header"> <div class="post-card-primary-tag">security</div> <h2 class="post-card-title">Security Monitoring for Composer Projects</h2> </header> <div class="post-card-excerpt"> <p>As of today Private Packagist [https://packagist.com] automatically keeps track of security vulnerabilities in your Composer project dependencies. When we notice you are using a vulnerable version of a dependency we'll alert you either by email, on Slack, on Microsoft Teams, or through a webhook of your</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/naderman/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/dc5728eadcbd629aa6b14f3d47148968?s=250&d=mm&r=x" alt="Nils Adermann" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/naderman/">Nils Adermann</a></span> <span class="post-card-byline-date"><time datetime="2020-07-16">Jul 16, 2020</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> <article class="post-card post no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/composer-and-default-git-branches/"> <header class="post-card-header"> <h2 class="post-card-title">Composer and default git branches</h2> </header> <div class="post-card-excerpt"> <p>Last week a lot of people decided to change their default branch name away from master to use more inclusive language in technology (read Scott Hanselman [https://www.hanselman.com/blog/EasilyRenameYourGitDefaultBranchFromMasterToMain.aspx] explain why and how). As we fielded questions from Composer package authors wondering what the impact would</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2020-06-19">Jun 19, 2020</time> <span class="bull">•</span> 1 min read</span> </div> </footer> </div> </article> <article class="post-card post tag-composer tag-packagist-org tag-statistics tag-php no-image "> <div class="post-card-content"> <a class="post-card-content-link" href="/php-versions-stats-2020-1-edition/"> <header class="post-card-header"> <div class="post-card-primary-tag">composer</div> <h2 class="post-card-title">PHP Versions Stats - 2020.1 Edition</h2> </header> <div class="post-card-excerpt"> <p>See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/php-versions-stats-2018-1-edition], 2018.2</p> </div> </a> <footer class="post-card-meta"> <ul class="author-list"> <li class="author-list-item"> <a href="/author/seldaek/" class="static-avatar"> <img class="author-profile-image" src="//www.gravatar.com/avatar/bbdb1af4db12e46734bea659120f2a4e?s=250&d=mm&r=x" alt="Jordi Boggiano" loading="lazy" /> </a> </li> </ul> <div class="post-card-byline-content"> <span><a href="/author/seldaek/">Jordi Boggiano</a></span> <span class="post-card-byline-date"><time datetime="2020-05-20">May 20, 2020</time> <span class="bull">•</span> 2 min read</span> </div> </footer> </div> </article> </div> </div> </main> </div> <footer class="site-footer outer"> <div class="inner"> <section class="copyright"><a href="https://packagist.com/home">Private Packagist</a></section> <nav class="site-footer-nav"> <ul class="nav"> <li class="nav-about"><a href="https://packagist.com/about">About</a></li> <li class="nav-terms"><a href="https://packagist.com/about/terms">Terms</a></li> <li class="nav-privacy"><a href="https://packagist.com/about/privacy">Privacy</a></li> <li class="nav-imprint"><a href="https://packagist.com/about/imprint">Imprint</a></li> </ul> </nav> </div> </footer> </div> <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"> </script> <script src="https://blog.packagist.com/assets/built/casper.js?v=779445e934"></script> <script> $(document).ready(function () { // Mobile Menu Trigger $('.gh-burger').click(function () { $('body').toggleClass('gh-head-open'); }); // FitVids - Makes video embeds responsive $(".gh-content").fitVids(); }); </script> <script type="module"> import Plausible from "https://unpkg.com/plausible-tracker@0.3.4/build/module/index.js" const plausible = Plausible({ domain: 'blog.packagist.com', apiHost: 'https://packagist.com', }); plausible.trackPageview(); </script> </body> </html>

CINXE.COM

Private Packagist