Security issues with popular package managers

Created on 13 March 2022, over 2 years ago

Updated 15 June 2023, over 1 year ago

I just came across this article:

https://amp.thehackernews.com/thn/2022/03/multiple-security-flaws-discovered-in.html

As it says Composer has chosen to ignore this, and as I find nothing in the way of patches or additional information, and as Composer and NPM are major players in the whole of Drupal, I wanted to see if anyone has any additional information relating to keeping Drupal secure, in light of this article.

🌱 Plan

Status

Closed: outdated

Version

9.5

Component

Composer →

Last updated about 21 hours ago

No maintainer

Created by

🇺🇸United States BEGRAFX Laconia, New Hampshire

Live updates comments and jobs are added and updated live.

Automatic Updates Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇺🇸United States smustgrave
Seems there's nothing to do here. composer is now on 2.4 so think it's good.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024