Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.Using packagist-signed.drupalcode.org
Last updated on
2 May 2025
packagist-signed.drupalcode.org is a partial mirror of Packagist.org, including packages in the drupal/ and php-tuf/ namespaces. To provide additional security for Drupal’s automatic updates, signing metadata following The Update Framework (TUF) is generated.
It is maintained by the Drupal Association using Satis for mirroring and Rugged for TUF. Its code is on GitLab.com.
This service is relatively new and needs testing! Follow #3477553: Manually test TUF-enabled Composer projects to help test, and #3358504: Require PHP-TUF's Composer integration plugin for using packagist-signed and TUF by default.
Help improve this page
Page status: No known problems
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
