Composer 2.4 Release Auditing dependencies for known security vulnerabilitiesStaying on top of disclosed security vulnerabilities in dependencies is a constant challenge. There are many monitoring solutions created to help track the security status of your dependencies. We offer our own Private Packagist Security Monitoring to notify customers through various channels, but not every
Composer 2.3 Release Modernizing Composer internalsAs announced in the 2.2 release notes, Composer 2.3 increases the required PHP version to >=7.2.5 and thus stops supporting PHP 5.3.2 - 7.2.4. The 2.2 LTS is still there for users stuck on older PHP versions. This
Composer 2.2 Release LTS / Long Term SupportThe 2.2 minor release is an LTS (Long Term Support) release. We will provide bugfixes for critical bugs and security issues until at least the end of 2023, and will then reassess based on remaining usage. The reason we are doing this is that after over
Sunsetting the PHP Version Stats Blog Series Back in 2014 (a long time ago! PHP 5.6 was just released) I figured I actually had access to some interesting information on PHP usage in the Packagist.org logs. I wrote some shell commands to extract it and wrote the first blog post of the series. As our
PHP Versions Stats - 2021.1 Edition See 2014, 2015, 2016.1, 2016.2, 2017.1, 2017.2, 2018.1, 2018.2, 2019.1, 2019.2, 2020.1 and 2020.2 for previous similar posts. A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base.
packagist.org Deprecating Packagist.org support for Composer 1.x As you are hopefully aware by now, Composer 2.0 was released in late October 2020. We hinted in the release announcement that Composer 1.x was pretty much EOL and today I want to expand a bit on the timeline we have in mind for the Packagist.org support
composer PHP Versions Stats - 2020.2 Edition See 2014, 2015, 2016.1, 2016.2, 2017.1, 2017.2, 2018.1, 2018.2, 2019.1, 2019.2 and 2020.1 for previous similar posts. A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. I look
Composer 2.0 is now available! 1/ What's new?The list of changes and improvements is long, check the complete changelog if you are interested in reading it all. I will highlight a few key points here. Performance improvementsWe overhauled pretty much everything from the protocol used between Composer and packagist.org to the dependency resolution,
Composer and default git branches Last week a lot of people decided to change their default branch name away from master to use more inclusive language in technology (read Scott Hanselman explain why and how). As we fielded questions from Composer package authors wondering what the impact would be, we have investigated how well Composer
composer PHP Versions Stats - 2020.1 Edition See 2014, 2015, 2016.1, 2016.2, 2017.1, 2017.2, 2018.1, 2018.2, 2019.1 and 2019.2 for previous similar posts. A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. I look in the
composer Composer 2 Development Update Back in September 2018 we started working on a 2.0 branch for Composer. It took us a while to get there as we refactored, trying to bake in all the things we learned maintaining the project since 2011. The funding from Private Packagist subscriptions has provided us with enough
composer PHP Versions Stats - 2019.2 Edition It's stats o'clock! See 2014, 2015, 2016.1, 2016.2, 2017.1, 2017.2, 2018.1, 2018.2 and 2019.1 for previous similar posts. A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. I look in
composer PHP Versions Stats - 2019.1 Edition It's stats o'clock! See 2014, 2015, 2016.1, 2016.2, 2017.1, 2017.2, 2018.1 and 2018.2 for previous similar posts. A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. I look in the packagist.
packagist.org An Update on Packagist.org Hosting As we announced a bit over a week ago, we recently did some heavy server maintenance on the packagist.org website. I wanted to share some more details about the current infrastructure behind the website and how we got there.
composer PHP Versions Stats - 2018.2 Edition It's stats o'clock! See 2014, 2015, 2016.1, 2016.2, 2017.1, 2017.2 and 2018.1 for previous similar posts. A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. I look in the packagist.org logs