Packagist.org maintainer account takeover
Scary stuff, but handled very well by the Packagist team.
Read more [blog.packagist.com]
Posts tagged with packagist
The Laravel package ecosystem
Packages play a big role in the Laravel scene. How big and which packages? Medium user Džuris took the data from the Packagist.org API and filtered out the Laravel packages.
Read more [medium.com]
Join 9,500+ smart developers
Every month I share what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
Typo Squatting and Packagist
Jordi Boggiano investigated if there are pundits actively abusing typos in package names.
Earlier this month an article was published summarizing Nikolai Philipp Tschacher's thesis about typosquatting. In short typosquatting is a way to attack users of a package manager by registering a package with a name similar to a popular package, hoping that someone will accidentally typo the name and end up installing your version of it that contains malware.... I wanted to take a look at our repository data and see if I could spot any bad actors.
Getting package statistics from Packagist original
At my work I'm currently creating a new dashboard. That's a fancy term for an html page sprinkled with some Vue magic that will be displayed on tv screen at the wall of our office. I won't say much about the dashboard itself on this post, but I'll make sure to write something on that in the near…