Olivia
Online
Igor Benko
@igorbenko
Software engineer at @packagist
Berlin
Joined May 2009
714 Following
170 Followers
844 Posts
⛔ Composer policies block flagged malware, but only on 2.10. A CI image running an old Composer version, or a project disabling the policy, still installs flagged versions.
Private Packagist now blocks these at the registry, on any client.
#php #phpc #composerphp
Composer 2.10 is out.
Native malware filtering via @AikidoSecurity, enabled by default on @Packagist. Plus a unified config.policy framework, deprecated source fallback, and wildcards in --with.
#php #phpc #composerphp
🔒An update on Composer & Packagist supply chain security: what's in place, what ships this week with Composer 2.10 (dependency policies, immutable versions), and what comes next.
If you maintain PHP packages, enable MFA now!
#php #phpc #composerphp
If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc
Who to follow
David C.
@davidcorto
F1, counter-strike, memes, cats and...⚠️ I break things in prod ⚠️ #yolo 😂
Mike Holford 
@holfyio
Somewhere between Art and Code. Building https://t.co/x4kJOSXQwQ (3M+ users) • https://t.co/dalhY3Q8to • https://t.co/46MaddeEAc
Hamza
@hamza_hsn
Making some pixels looks good, JS/TS/ DevOps passionate, traveler ✈️, boxer 🥊.
Three months of Private Packagist updates: Malware filter list support already in place, ahead of Composer 2.10's release next week. Plus a new package permissions tab, better background job visibility, and a narrower GitLab OAuth scope. Link 👇
#php #phpc #composerphp
🚨 Security advisory: Composer 2.9.8 and 2.2.28 are out and fix a vulnerability leaking GitHub Actions new format GITHUB_TOKENs into job logs via error messages.
Update now (composer self-update) or disable affected Actions workflows.
#composerphp #phpc #php
Open infrastructure isn't free. 🌱
Packagist/Composer signed a joint @OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
🚀 Private Packagist February update: Redesigned login flow, team member MFA resets for org owners, new Microsoft Teams Workflow notifications (old connectors deprecated), clickable composer search URLs in your terminal #composerphp #php #phpc
Proud to announce we just renewed our annual $18,000 sponsorship for the The PHP Foundation!
Check out this summary on the work completed in 2025. So much more could be accomplished, if all businesses using PHP contributed. Sign up as a sponsor and help moving PHP forward!
In Amsterdam next week and part of a group underrepresented at tech confs, or can't afford a ticket? Private Packagist is sponsoring @symfonycon (Nov 27th/28th) and we have a ticket to give away: Reply your favorite PHP8.5 feature to win #php #phpc #symfony #symfonycon
PHP 8.5 Released! 🎉
In this new release we have:
– URI Extension
– Pipe Operator
– Clone With
– A new #[\NoDiscard] attribute
– Closures and first-class callables in constant expressions
– Persistent cURL share handles
Read all about it: https://t.co/RNfkvZSyHY
![ThePHPF's tweet photo. PHP 8.5 Released! 🎉
In this new release we have:
– URI Extension
– Pipe Operator
– Clone With
– A new #[\NoDiscard] attribute
– Closures and first-class callables in constant expressions
– Persistent cURL share handles
Read all about it: https://t.co/RNfkvZSyHY https://t.co/En81Wb2ZFc](https://pbs.twimg.com/media/G6OIpwEXkAAqlKC.jpg)
New in Private Packagist: Usage Tracking page can now help prioritize security updates by showing how dependencies cascade through projects and where vulnerable versions are used. Trusted Publishing for GitHub Actions and better synchronization setup. #php #phpc #composerphp
After Composer 2.9 CLI security improvements, we're working on a transparency log for https://t.co/Gf5b9WSQGV to strengthen PHP supply chain security, funded by the @sovtechagency with help of the @ThePHPF and Private Packagist. #php #phpc #composerphp
Composer 2.9 is here! 🚀 It automatically blocks packages with known vulnerabilities, has a new repository command to manage repos from the CLI, and lots more!
#composerphp #phpc #PHP
🚨 Warning to PHP package maintainers: We did not email you to change your passwords & 2FA. Emails asking you to update your credentials are a phishing attempt. We had the phishing site & domain taken down. If you got the email and entered your credentials, please contact us.
Would you like to attend #APIPlatformCon 2025 in Lille on Sep 18/19 or online? Private Packagist is sponsoring: 4 tickets to give away! Part of a group underrepresented at tech conferences, or can't afford a ticket? Repost and reply favorite PHP package(s) #php #composerphp #phpc
The era of Composer v1 finally comes to an end, long live Composer v2! 👑 Today https://t.co/WIMPyEqZA2 support for v1 metadata has been shut down as announced last year. https://t.co/ObJ9gMQUpz #composerphp #phpc #php
August update: dependency usage tracking across your packages, automatic GitLab token rotation, and Conductor improvements with custom labels and smarter PR handling https://t.co/dK8qKNwPX8 #php #composer #composerphp #phpc
🚨 https://t.co/Gf5b9WSQGV shutdown of Composer 1.x support postponed to September 1st, 2025. Act now, upgrade to Composer 2! Last resort: check out Private Packagist extended 1.x support if you really cannot migrate right now.
Meet @igorbenko and me at IPC in Berlin today & tomorrow at our @packagist booth. 👋 Would love to chat about Composer, supply chain security, dependencies, or show you our new tool Conductor! Don't forget to pick up a Composer sticker 😉
#php #phpc #composerphp #ipc #ipc2025
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers