PHP / Composer / Drupal, beer nerd and JavaScript fan. I also maintain the PHP update service violinist.io
Joined November 2010
- Tweets 591
- Following 172
- Followers 294
- Likes 503
60 Photos and videos
Woah this team is really shipping stuff these days 😎🚀
Jun 4
The Composer CLI is part of your supply chain. Older versions miss the protections in 2.10 and carry known CVEs of their own.
Private Packagist customers can now enforce which Composer client versions can talk to their repository.
#php #phpc #composerphp
ALT Private Packagist: Enforce a Safe Composer Version Across Your Organization 3 groups of people connecting to a package with the composer logo and a checkmark in front of a shield icon
1
18
eiriksm retweeted
Jun 2
⛔ Composer policies block flagged malware, but only on 2.10. A CI image running an old Composer version, or a project disabling the policy, still installs flagged versions.
Private Packagist now blocks these at the registry, on any client.
#php #phpc #composerphp
1
12
47
3,056
eiriksm retweeted
May 28
Composer 2.10 is out.
Native malware filtering via @AikidoSecurity, enabled by default on @Packagist. Plus a unified config.policy framework, deprecated source fallback, and wildcards in --with.
#php #phpc #composerphp
ALT Composer fending off packages, Malware automatically blocked
9
85
334
25,160
It's that feeling that makes me remember why I love open source. Someone took the library I made to "beep out" communication from the Casio mod "sensor watch" and made a totp browser extension youtube.com/shorts/Nnia2b510…
And an input paste extension too!
So cool ❤️
74
You can have 1 attempt at guessing what time the #Drupal security advisory was published. Don't know what people are sweating about with these, I make the @violinist_io bot sweat for me instead 🤓✌️
1
82
Not really breaking much sweat with a #drupal core update. PR set to auto merge 20 minutes before the advisory came out 😎 @violinist_io saves so much time, also when time matters #PHP
3
183
Currently in a docker container in a ec2 instance in a session manager session from my home computer on a tailscale ssh connection from my phone in a sleeping bag in a hammock hanging from trees in Bymarka #hardToKeepTrack
1
2
333
Wonder how many of the proposals for @DrupalConEur will fall into one of these categories:
A) About AI / LLM
B) Abstract generated by chat gpt
C) About AI / LLM and the abstract is generated by chat gpt
Happy reading and good luck to the committee 🤓🤞
130
Slides for the session with the following elaborate title is up now: "Pushing Drupal development limits with 22 million products, 1 million product updates per day and 3 sites on a shared codebase" #DrupalConPrague docs.google.com/presentation…
1
2
5
Curious about what it means to maintain and develop a @drupalcommerce site with 10s of millions of entities? Come see lessons learned, nerdy numbers and more from our experience at @NyMediaAS . Tomorrow at 1030 @DrupalConEur events.drupal.org/prague2022… #DrupalConPrague #drupal
2
8
I like error messages as much as the next person, but today I really want to show my appreciation for this error message from the patch(1) command:
patch: **** Only garbage was found in the patch input.
I mean. It's not trying to be diplomatic is it? Only, exclusively garbage!
2
Created a blog post again basically describing how to fail your tests when an update has an unexpected database update #drupal #PHP eiriksm.dev/site-schema
1
1
Consistently getting automated #drupal core security updates from @violinist_io before the SA is published. This was also the case this Wednesday! Here is an older analysis from the Violinist blog: medium.com/@violinistdevio/r…
2
Slides for my talk "The unique challenges of launching B2B stores on @drupalcommerce" can be found here #drupal #drupalconeur. Thanks for having me! docs.google.com/presentation…
1
2
4
Join me next week on @DrupalConEur where I will talk about how we at @NyMediaAS make our customers succeed with their B2B E-commerce sites, built using @drupalcommerce #drupal events.drupal.org/europe2021…
5
Totally happened again. Update ready in my inbox before the #drupal security advisory made it to my inbox. Getting core updates with violinist.io is so convenient. #drupal #automation
ALT Violinist update arriving before Drupal security advisories
1
6