Here are the slides I presented at the and When you install a JavaScript library, it usually comes with hundreds of transitive dependencies, i.e. libraries that are installed as a side effect because they are essential to the operation of the library you want to use. This proliferation of dependencies opens the door to supply chain attacks.

As I explained back in 2018, the PHP ecosystem is slightly less susceptible to this type of attack than the JavaScript ecosystem, because maintainers of popular libraries and frameworks are relatively careful not to rely on too many third-party dependencies, which limits the problem…

What if we could do better with our favorite library management software: Composer? During this talk, I present how supply chain attacks work, outline some organizational methods that could limit the problem, and finally, explain how to take back full control of your vendor/ folder thanks to I crafted for this occasion.

Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week

Fathom Analytics | Fast, simple and privacy-focused website analytics. Fathom Analytics | Fast, simple and privacy-focused website analytics.
Community Partners