Switch to Cloudsmith
Stop pulling directly from risky upstreams like Packagist
Take a step forward. Switch to secure Cloudsmith and away from risky upstreams
With PackagistWhen Packaist goes down, work stops
With CloudsmithCaching OSS packages from public upstreams with Cloudsmith ensures that your team remains productive, even when a public repository goes down.
Poisoned packages are your problem
Cloudsmith protects your team from dependency confusion, namesquatting, typosquatting, denial of service, maintainer deletions, and more
Security scanning happens late in your workflow
Shift left. Cloudsmith scans for malware and CVEs, and lets you build rules into how to handle low, medium and high critical software vulnerabilities
With Cloudsmith you'll still use native PHP tooling, so switching is easy. We've selected some resources to help you learn more about using Composer with Cloudsmith, while retaining access to OSS packages.
Cloudsmith experts are ready to help you
- Discuss your situation and objectives
- Hear about industry trends and best practices
- Book an engineer-led demo that addresses your concerns