composer - Private Packagist

CVE-2022-24828: Composer Command Injection Vulnerability

Please immediately update Composer to version 2.3.5 [https://github.com/composer/composer/releases/tag/2.3.5], 2.2.12 [https://github.com/composer/composer/releases/tag/2.2.12], or 1.10.26 [https://github.com/composer/composer/releases/tag/1.10.26] (composer.phar self-update). The

composer

Introducing: Update Review

As of today, when you update your dependencies in a pull request, Private Packagist comments with all composer.lock changes displayed in a clear and easy to scan table. This feature is immediately available to all our customers at no additional cost. > We love it! With the Private Packagist Update

security

Composer Command Injection Vulnerability

Please immediately update Composer to version 2.0.13 [https://github.com/composer/composer/releases/tag/2.0.13] or 1.10.22 [https://github.com/composer/composer/releases/tag/1.10.22] (composer.phar self-update). The new releases include fixes for a command injection security vulnerability [https://github.com/

composer

Installing Composer Packages from Monorepos with Private Packagist

A monorepo is a single repository that stores the source code of several or all packages of an organization. One of the biggest advantages [https://en.wikipedia.org/wiki/Monorepo#Advantages] of using monorepos is that it's easier to share and reuse code across multiple packages inside the monorepo. However,

packagist.org

Deprecating Packagist.org support for Composer 1.x

As you are hopefully aware by now, Composer 2.0 [https://getcomposer.org/2] was released in late October 2020. We hinted in the release announcement that Composer 1.x was pretty much EOL and today I want to expand a bit on the timeline we have in mind for

composer

Preventing Dependency Confusion in PHP with Composer

Alex Birsan recently published his article "Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies" [https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610] in which he explains how he used language level package managers like npm (Javascript), pip (Python), and gems (Ruby) to get companies to install and

composer

PHP Versions Stats - 2020.2 Edition

See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/php-versions-stats-2018-1-edition], 2018.2

security

Security Monitoring for Composer Projects

As of today Private Packagist [https://packagist.com] automatically keeps track of security vulnerabilities in your Composer project dependencies. When we notice you are using a vulnerable version of a dependency we'll alert you either by email, on Slack, on Microsoft Teams, or through a webhook of your own choosing.

composer

PHP Versions Stats - 2020.1 Edition

See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/php-versions-stats-2018-1-edition], 2018.2

composer

Composer 2 Development Update

Back in September 2018 we started working on a 2.0 branch for Composer. It took us a while to get there as we refactored, trying to bake in all the things we learned maintaining the project since 2011. The funding from Private Packagist [https://packagist.com] subscriptions has provided

composer

PHP Versions Stats - 2019.2 Edition

It's stats o'clock! See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/

composer

PHP Versions Stats - 2019.1 Edition

It's stats o'clock! See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition], 2018.1 [https://seld.be/notes/

composer

PHP Versions Stats - 2018.2 Edition

It's stats o'clock! See 2014 [https://seld.be/notes/my-view-of-php-version-adoption], 2015 [https://seld.be/notes/php-versions-stats-2015-edition], 2016.1 [https://seld.be/notes/php-versions-stats-2016-1-edition], 2016.2 [https://seld.be/notes/php-versions-stats-2016-2-edition], 2017.1 [https://seld.be/notes/php-versions-stats-2017-1-edition], 2017.2 [https://seld.be/notes/php-versions-stats-2017-2-edition] and 2018.1 [https://seld.be/