Top Tweets for #composerphp
⛔ Composer policies block flagged malware, but only on 2.10. A CI image running an old Composer version, or a project disabling the policy, still installs flagged versions.
Private Packagist now blocks these at the registry, on any client.
#php #phpc #composerphp
🛡️ Composer's download fallbacks can silently undermine repository security: A Private Packagist URL blocked for a malware-flagged version falls back to GitHub or a source clone.
Two new Private Packagist options close it off.
#php #phpc #composerphp
Composer 2.10 is out.
Native malware filtering via @AikidoSecurity, enabled by default on @Packagist. Plus a unified config.policy framework, deprecated source fallback, and wildcards in --with.
#php #phpc #composerphp
🔒An update on Composer & Packagist supply chain security: what's in place, what ships this week with Composer 2.10 (dependency policies, immutable versions), and what comes next.
If you maintain PHP packages, enable MFA now!
#php #phpc #composerphp
It took us a bit longer than expected but after over a month of discussions and rewrites, Composer 2.10 RC2 is now available for testing with a new policy config and detected malware now blocked by default on install. https://t.co/HrM6zu8asZ #composerphp #phpc
If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc
🚨 Security advisory: Composer 2.9.8 and 2.2.28 are out and fix a vulnerability leaking GitHub Actions new format GITHUB_TOKENs into job logs via error messages.
Update now (composer self-update) or disable affected Actions workflows.
#composerphp #phpc #php
Three months of Private Packagist updates: Malware filter list support already in place, ahead of Composer 2.10's release next week. Plus a new package permissions tab, better background job visibility, and a narrower GitLab OAuth scope. Link 👇
#php #phpc #composerphp
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy! #php #phpc #phpday #composerphp
🚨 Security advisory: Composer 2.9.8 and 2.2.28 are out and fix a vulnerability leaking GitHub Actions new format GITHUB_TOKENs into job logs via error messages.
Update now (composer self-update) or disable affected Actions workflows.
#composerphp #phpc #php
GitHub rolled back their change to GitHub Actions tokens for now. We now have a week to get everyone in the PHP ecosystem to update to a safe version of Composer to prepare for a new rollout. Need everyone's help with this effort! #phpc #php #composerphp
🚨 Security advisory: Composer 2.9.8 and 2.2.28 are out and fix a vulnerability leaking GitHub Actions new format GITHUB_TOKENs into job logs via error messages.
Update now (composer self-update) or disable affected Actions workflows.
#composerphp #phpc #php
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint @OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
Open Infrastructure Is Not Free Part II
10 trillion open source package downloads in 2026. Still running on donations and volunteers.
AI is accelerating attacks. The Sustaining Package Registries WG is here to help.
https://t.co/wcm4zEcBAh
#PreserveOpenSource
🚨 Composer 2.9.6 and 2.2.27 are out with fixes for CVE-2026-40261 and CVE-2026-40176, both command injection issues in the Perforce driver. Run composer self-update now. No exploitation detected on https://t.co/Gf5b9WSiRn and Private Packagist. #php #phpc #composerphp
We need your help to test Composer 2.10. Expect a final release next week, now is the time to try it out and flag any issue you find! https://t.co/hHhOLJKg2d #composerphp #phpc
@ThePledge Check out the details on our blog at https://t.co/wKXV0VtoVB and reach out if you want to be a launch partner for our Composer & https://t.co/Gf5b9WSiRn sponsorship program! #composerphp #php #phpc
Private Packagist is a member of @ThePledge and gave over $4k/FTE in 2025 to #opensource maintainers. Have your company join too and help fund our shared open source ecosystem!
#php #phpc #composerphp
Loved the very engaged audience of a thousand people at #LaraconEU 2026 in Amsterdam today at my "Composer Deep Dive" talk! Proud to sponsor the event with Private Packagist / @packagist - Find me and chat about package management or @ThePHPF #laravel #laracon #php #composerphp
🚀 Private Packagist February update: Redesigned login flow, team member MFA resets for org owners, new Microsoft Teams Workflow notifications (old connectors deprecated), clickable composer search URLs in your terminal #composerphp #php #phpc
Last Seen Hashtags on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers