The release of Composer 2.9 this week introduced new security features on the Composer CLI client, which were funded by Private Packagist through service subscriptions. But in parallel, we are working on security on the main PHP package repository at Packagist.org with additional funding from the Sovereign Tech
