Safeguard
Tag

composer

Safeguard articles tagged "composer" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Application Security

PHP Laravel security best practices

One line, `protected $guarded = [];`, can turn a Laravel signup form into an admin-account minting machine — here's how to lock down five real Laravel risk areas.

Jul 7, 20266 min read
Security Guides

Auditing PHP Dependencies with composer audit

Composer ships a native security auditor. Learn to run composer audit against your composer.lock, catch abandoned packages, and extend it with continuous SCA.

Jul 5, 20265 min read
Supply Chain Attacks

Composer/PHP Supply Chain Threats: 2025 Report

A senior engineer's 2025 report on Composer and Packagist supply chain threats: namespace abuse, abandoned maintainers, plugin hooks, and the attacks that actually landed on PHP shops.

Apr 2, 20268 min read
Open Source Security

Composer/PHP Package Supply Chain in 2026

PHP's Composer and Packagist ecosystem has quietly improved its supply chain story. Here is where things actually stand in 2026, and what PHP shops should do now.

Mar 5, 20268 min read
Open Source Security

Composer Arbitrary Code Execution via Platform Config Han...

CVE-2021-41116 let malicious composer.json platform config values inject PHP code into Composer autoload files, causing code execution on install.

Nov 30, 20257 min read
Open Source Security

Packagist's GitHub Webhook Flaw That Could Have Poisoned ...

A 2022 Packagist webhook vulnerability let a crafted GitHub branch name trigger command injection on Packagist's servers, threatening the entire PHP/Composer supply chain.

Nov 30, 20256 min read
Engineering

PHP Composer Security: Lockfiles, Packagist and Abandoned Packages

composer.lock is your integrity anchor, Packagist is a single point of trust, and roughly one in ten packages you depend on is quietly unmaintained. A field guide.

Apr 18, 20246 min read
Dependency Security

PHP Composer Dependency Security

Securing PHP applications through Composer lockfiles, Packagist verification, and automated vulnerability scanning.

Oct 5, 20224 min read
composer — Safeguard Blog