I don't have an exact count, but during my analysis, I found that ~40 of the top 100 starred repos in the PHP ecosystem were impacted. Primarily by jobs that run `on: schedule` or by a maintainer with an `on: push`
I was the reporter on this one. If you have Github Actions in your organization, disable them immediately if you're unsure which version of composer your Github Actions run.
From a brief review, it looks like the underlying platform they use is https://www.scayle.com/ (though I'm not sure its the one that was attacked) its just the one I found while looking at their site.
I'd like to think that I'm a somewhat "odd" person, but I'm not exactly sure how that reflects in my code. This code hasn't been taken over, it's just been something I've been working on a long time.
I believe is what you're looking for. The issue, as I recall, is that all of Faker is random, so what does it mean to have a `random` module namespace. We moved it out of a hope for improved clarity.
Businesses will always have commerce problems, so you're pretty stable in terms of consistent income.
If you can make a name for yourself, you can do very well. Especially for Magento, I love the fact that I can make small change, deliver it as a composer package, and then (if the code is good enough) see the results on many brands within a few months.
It's hard to get that close-to-customer visibility anywhere else as most "cool" large scale FOSS projects are dev focused, which means your impact on the lay user is less obvious.
Fully agree. The problems are hard, the interested talent is limited (who would want to work on line of business software when academia actively pushes people towards other things), and the problem space (all possible online business configurations) is immense.
Re:frontend, you're absolutely correct. Magento's frontend is a sad state. MageOS is actively looking for ways to move Luma/Blank into a separate installable package so that devs are not forced to see it at every turn.
In terms of Headless, there are a bunch of different heads at this point, but none have yet solved what I call the "upgrade-safe theme" problem.
I like what we've done with Daffodil since it doesn't impose any of those limitations that come with themes, while still handling a lot of the complexity that devs face when building ecommerce stores.
MageOS is not a maintenance mode, unfortunately we don't do a good job expressing that.
The goal is to migrate management of the codebase out of Adobe's hands back into the community's. Community PRs, triage, etc.
We're currently working on getting the entire CI pipeline setup in Github Actions (if you're interested in contributing, we could really use friendly faces, it's quite an undertaking). Once we're past that, we have goals that are in progress:
DevX:
1. Correct the dep graph of MageOS to be a legitimate DAG and then use nx/bazel/make, etc to compute the build graph.
2. Create codespaces/gitpods/devcontainers for easier day 1 devs.
3. Rip GraphQl out into a separate package space.
4. Create smaller more use-case specific metapackages so that you're not forced into all of Magento or nothing.
5. Maintain backwards compatibility with existing Magento packages.
UX:
1. Significantly improve overall performance.
MerchX:
1. Improve Merch documentation and make Merch docs easier to consume.
Generally to your question, we're not interested in maintenance, we're interested in taking on the burden of being a better development effort alongside a better merchant experience.
That said, this is not a sales pitch. The problem is hard, but we'd like to prove that we're harder.
I'm one of the maintainers of MageOS (a fork of Magento) as well as a maintainer of Daffodil (a monolithic Angular PWA framework - not Microfrontends yet).
APIS are definitely the way to go but, while that's a great next step, what we're really facing is a standards issues.
Some have tried.
Schema.org as a standard is overly complex and each platform has their own API definition.
Microfrontends can be great as well, but ecommerce has a particularly special problem of requiring extremely performant SSR, so that's always a critical and complex piece to get correct.