Packagist

Packagist

packagist.org

1

About this website

Packagist is the main Composer repository and the primary package registry for the PHP ecosystem, aggregating public PHP packages installable with Composer, the dependency manager for PHP. The platform serves as the central hub where PHP developers publish, discover, and distribute open-source libraries and frameworks, hosting hundreds of thousands of packages with billions of total package installs. The repository automatically crawls version control systems to detect new releases, compute dependency resolution trees, and generate optimized package metadata for the Composer client. Packages declare their dependencies, autoloading rules, and metadata in a composer.json manifest file, which Composer validates, resolves, and installs into a vendor directory with PSR-4 and PSR-0 autoloading support. The platform provides browsing and search capabilities with filters by type, tags, and popularity, along with per-package statistics including install counts, GitHub stars, and dependency relationships. Supply chain security has become a central focus, with Composer 2.10 released on May 28, 2026 introducing native malware filtering and consolidated dependency policy configuration to control the handling of security advisories. The platform maintains a transparency log for package metadata to detect tampering and unauthorized modifications. Recent security fixes include CVE-2026-40261 and CVE-2026-40176 addressing command injection vulnerabilities in the Perforce driver, and token disclosure fixes in version 2.9.8 for GitHub Actions credentials in error messages. Private Packagist provides commercial hosting for private Composer repositories with per-user authentication and team management. CDN and bandwidth are provided by Bunny.net, and malware detection is powered by Aikido Security. Copyright 2026 Composer and Packagist contributors.

Tags & Categories

Categories

Tags

Statistics

1
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!