Composer 2.9 delivered new CLI security improvements this week, but the bigger story for the PHP ecosystem is the work now underway on Packagist.org. With support from the Sovereign Tech Agency, the PHP Foundation, and Private Packagist, the team is building a transparency log aimed at strengthening PHP’s supply chain. Given the scale of Packagist today, introducing systematic visibility into package activity has become a practical necessity.
The transparency log will surface security-relevant events through a web interface and an API. That includes changes to package ownership, source URLs, maintainers, version releases or removals, and updates to underlying git tags, along with account security actions such as two-factor authentication status changes and password resets. Making these events publicly accessible gives researchers, companies, and tool builders the data they need to monitor dependency changes, spot suspicious patterns, and investigate incidents more effectively.
Implementation has begun, with features rolling out incrementally. This work aligns with the OpenSSF guidance for secure package repositories and moves the PHP ecosystem closer to stronger, audit-ready supply chain practices. Looking ahead, the team is also preparing a new model for organizational package ownership, set to address long-standing issues with shared accounts and improve security for both companies and open-source projects.
We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now. To get timely updates, follow us on LinkedIn, Twitter, Bluesky, and Facebook. You can also join us on Drupal Slack at #thedroptimes.
Thank you.
Sincerely, Alka Elizabeth, Sub-editor, The DropTimes.
DrupalCon Nara 2025 is more than a conference—it’s a cultural journey. Join the Treasure Hunt on November 16 or explore ancient temples like Todai-ji and Kofuku-ji on your own. Don’t forget to share your Nara moments with The Drop Times!
Seventy-one Drupalers gathered in Troutdale, Oregon, for the 2025 PNW Drupal Summit on October 18–19. They shared 24 sessions, lively unconference topics, and post-event drives through the Columbia Gorge. Recordings are now online—alongside a call to grow and support local Drupal communities in the region.
At DrupalCon Vienna, over 100 university students joined a free one-day crash course called “Drupal in a Day,” part of the Drupal Open University Initiative. Created by Hilmar Kári Hallbjörnsson and supported by global contributors, the program is designed to teach the essentials of Drupal quickly and accessibly. It’s open source, repeatable, and headed next to DrupalCon Chicago. The effort is not only about education—it’s building the next generation of contributors.
Rachael Censuales makes her speaking debut at DrupalCamp Italy 2025 in Rome. Her session explores OpenAI integration with Drupal using contrib modules like Drupal AI and vector search. It’s a big step for a new developer—and a great sign for the community’s future.
The Drupal Association is spotlighting DrupalCamp Burkina Faso, scheduled for April 24–26, 2026. Organisers are seeking global sponsors and virtual speakers to strengthen local open-source capacity. It’s a key chance to support digital growth and Drupal adoption in West Africa.
Stanford WebCamp 2026 is calling for volunteers to support its upcoming event on April 30 and May 1. Roles include session support, tech assistance, media coordination, registration, and more. Both in-person and online opportunities are available. Those interested can sign up through the event website.
The Drupal Association has opened sponsorships for DrupalCon Chicago 2026, happening March 23–26. Packages include booths, summit tie-ins, and branded add-ons for exposure to 1,200+ Drupal professionals. Early booking secures prime placement and strategic access across key sectors like AI, gov, and higher ed.
Fox Valley Drupal hosts a hybrid meetup on Nov 19 featuring a Drupal Forge demo by Salim Lakhani. The tool enables Drupal site launches in under five seconds, with support for templates and recipes. Developers can join remotely via Zoom or in person at Fox.Build in St. Charles, Illinois.
The Drupal Association has relaunched its industry-specific pages to showcase Drupal’s sector impact. Each page now features targeted messaging and case studies from Certified Partners. The refresh supports enterprise outreach and strengthens Drupal’s strategic visibility.
Dripyard has released version 1.0.5 of its premium themes, optimized for Drupal Canvas. The update adds new components, bug fixes, and early compatibility support for the upcoming builder. A future webinar and NEDCamp talk will explore theming workflows with Canvas and AI.
Drupal Open University is calling for global instructors to teach its “Drupal in a Day” course. The course offers hands-on training for newcomers and is a key part of Drupal’s academic outreach. Interested contributors can join the #open-university-initiative channel on Drupal Slack to get involved.
The Drupal economy is shrinking fast, with many agencies reporting steep workforce reductions. But not all is bleak—some firms are growing, and new opportunities are emerging globally. The Drupal Center of Excellence says recovery is possible through smart tools, hiring, and engagement.
Dries Buytaert shows how to connect Drupal with Activepieces for workflow automation. Using JSON:API and Basic Auth, Drupal can trigger actions across tools like Slack or Sheets. Advanced setups use the Orchestration module to add AI agents and smarter automations.
