GigaTap articles tagged packagist.
- A Packagist Dev Branch Exposed a Supply Chain Gap - Socket found malware in a Packagist-listed dev branch of a legitimate Laravel package. The risk is branch trust, not the whole ecosystem.
- Packagist attack shows a blind spot in mixed PHP builds - Eight Packagist packages were reportedly modified to run a Linux binary via GitHub Releases, with malicious code placed in package.json rather than compose
- Laravel Lang attack shows how package tags can betray trust - Snyk says hundreds of historical Packagist versions for Laravel localization packages were republished with credential-stealing malware. The key failure wa