A box with fragile tape on it

Packagist and Composer security with Jordi Boggiano

Josh welcomes Jordi Boggiano the lead maintainer of Composer and Packagist to explain the truckload of security features they’ve recently added. Packagist is the PHP package registry, Composer is the dependency manager for PHP. Recently the people behind these projects have added a number of security features that will improve the security of the entire ecosystem. Jordi explains it all to us and gives a glimpse of what’s coming next. ...

June 22, 2026 · Josh Bressers
The OpenVSX website

Sustaining Open VSX with Mike and Thabang

Josh welcomes Mike Milinkovich and Thabang Mashologu from the Eclipse Foundation to talk about their new managed Open VSX registry. This is the first open source package registry to create a commercial operation for large company users to help fund the registry. We discuss how we got here, what’s actually going on, and why this commercial approach is working. Everyone knew this day would come, and it looks like the Eclipse Foundation got this one right. ...

June 15, 2026 · Josh Bressers