Please immediately update Composer to version 2.0.13 [https://github.com/composer/composer/releases/tag/2.0.13] or 1.10.22 [https://github.com/composer/composer/releases/tag/1.10.22] (composer.phar self-update). The new releases include fixes for a command injection security vulnerability [https://github.com/
On March 9th, the Git project published new releases [https://email@example.com/] for maintained branches to address security vulnerability CVE-2021-21300 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300]. We recommend you update your Git installation to a release containing the fix.
A monorepo is a single repository that stores the source code of several or all packages of an organization. One of the biggest advantages [https://en.wikipedia.org/wiki/Monorepo#Advantages] of using monorepos is that it's easier to share and reuse code across multiple packages inside the monorepo. However,
As of today Private Packagist [https://packagist.com] automatically keeps track of security vulnerabilities in your Composer project dependencies. When we notice you are using a vulnerable version of a dependency we'll alert you either by email, on Slack, on Microsoft Teams, or through a webhook of your own choosing.
If you're selling PHP packages, the easiest way to offer Composer package installation to your customers is now Private Packagist for Vendors [https://packagist.com/vendors?utm_source=blog&utm_medium=link&utm_content=vendors] . You get a unique URL and authentication token for each customer and they can use
Today we're happy to present a new feature on Private Packagist [https://packagist.com/?utm_source=blog&utm_medium=link&utm_content=agencies]: per-project Composer repositories with simplified permissions for agencies and other companies who manage multiple independent Composer projects which cannot share all packages. We originally built Private Packagist
Redundancy and Dependency Integrity with Private Packagist [https://packagist.com/?utm_source=blog&utm_medium=blog&utm_content=mirroring] When you first run Composer, you usually install some open-source dependencies from its default package archive packagist.org [https://packagist.org/]. Packagist.org is the public repository for all open-source PHP