Skip to content
The Nexus
DossierENTITY

Packagist

Coverage of Packagist in the Nexus archive.

Earliest in view: May 23 · 16:07 UTCMost recent: Jul 4 · 11:17 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 4 · 11:17 UTCTHE HACKER NEWS
    North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

    North Korean threat actors have published 108 malicious packages and web browser extensions across npm, Packagist, Go, and Google Chrome as part of the PolinRider campaign. The campaign remains active, with new malicious packages likely to continue appearing.

  • SECURITYMay 27 · 15:31 UTCHACKER NEWS
    An Update on Composer and Packagist Supply Chain Security

    The article discusses recent security updates for Composer and Packagist, focusing on enhancing supply chain security measures. Key improvements include stronger authentication and vulnerability checks to protect PHP package dependencies.

  • SECURITYMay 23 · 16:07 UTCTHE HACKER NEWS
    Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

    A coordinated supply chain attack has compromised eight packages on Packagist, injecting malicious code that executes a Linux binary hosted on GitHub Releases. The attack targeted JavaScript projects by inserting malicious content into package.json, bypassing composer.json in Composer packages.

Packagist · Dossier · The Nexus