Skip to content
The Nexus
DossierENTITY

Composer

Coverage of Composer in the Nexus archive.

Earliest in view: Apr 14 · 15:57 UTCMost recent: May 27 · 15:31 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 27 · 15:31 UTCHACKER NEWS
    An Update on Composer and Packagist Supply Chain Security

    The article discusses recent security updates for Composer and Packagist, focusing on enhancing supply chain security measures. Key improvements include stronger authentication and vulnerability checks to protect PHP package dependencies.

  • SECURITYMay 23 · 20:48 UTCBLEEPING COMPUTER
    Laravel Lang packages hijacked to deploy credential-stealing malware

    A supply chain attack exploited Laravel Lang localization packages by hijacking GitHub version tags to distribute credential-stealing malware via Composer packages, exposing developers to a sophisticated malware campaign.

  • SECURITYMay 23 · 16:07 UTCTHE HACKER NEWS
    Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

    A coordinated supply chain attack has compromised eight packages on Packagist, injecting malicious code that executes a Linux binary hosted on GitHub Releases. The attack targeted JavaScript projects by inserting malicious content into package.json, bypassing composer.json in Composer packages.

  • SECURITYApr 14 · 15:57 UTCTHE HACKER NEWS
    New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

    Two high-severity command injection vulnerabilities in Composer's Perforce VCS driver could allow arbitrary command execution. Patches have been released to address these flaws, which are tracked as CVE-2026-40176 and another unspecified CVE.

Composer · Dossier · The Nexus