Three months of Private Packagist updates: Malware filter list support is already in place, ahead of Composer 2.10's release next week. Flagged versions show warning banners on package pages and are marked in the version list. Permissions views on package level, better background job & sync visibility, and a narrower GitLab OAuth scope (read_api).
https://blog.packagist.com/whats-new-in-private-packagist-may-2026-update/
