An Update on Composer and Packagist Supply Chain Security

Packagist has introduced automated malware scanning for all new package submissions using the npm registry's scanning infrastructure, and now requires two-factor authentication for all maintainers of the 100 most-downloaded packages, with a plan to gradually expand 2FA requirements to all package maintainers.