Do you have better things to do than to do maintenance and security updates on your Drupal site? Of course you do. This is a tale about how will help you save money, frustration and possibly sleep.


This article is going to assume a couple of things:

  • You have a website based on Drupal
  • Your project is built using composer
  • You are using a version control system provider to store your code (for example Github, Bitbucket or Gitlab)

It’s also an advantage to have a pipeline for continuous integration and continuous deployment. …

Composer 2 is coming to PHP dependency managed projects all over the internet, finally! Among many things it can provide your project is memory and time savings, repository priorities, faster download times, partial offline support and run-time platform requirements check. To check all of the changes, have a look at the Composer changelog.

Today, however, we are going to talk about what that means for

  • If you started using Composer 2 for your project, you can now start using the same version for your updates.
  • If you start using Composer 2 your project will update faster
  • For the tireless…

If you have reviewed a couple of code changes (in a merge request / pull request) you know that changes to a file like composer.lock can be a bit of a hassle to review. It can be long, it can be hard to parse, and it can be hard to spot what packages are updated. For example, updating a dependency that depend on symfony components could end up updating a whole range of packages, even if you expect such a merge request to contain more or less just updating the main package.

For example, if you want to update the… was started as a need for a more automated workflow for composer based Drupal projects. We maintain several modules on and our website is a Drupal website. Needless to say, we are grateful for having Drupal around, and we want to do our part in having Drupal around in the foreseeable future.

This year, times are different for everyone. The Drupal Association is no exception. As the main Drupal conference is cancelled due to the ongoing covid-19 pandemic, the association is running a funding campaign to (partly) make up for losses and loss of income from this event.

PHP 7.4 was released yesterday. 🥳 As a project built for and by PHP, this is something to celebrate for

A key feature of is to be able to run the updates of your projects in the same environment as you use on your live site. While there are several ways to run trick composer to run on the wrong version, we have found that making sure that is the case makes for the by far best result. Which is why we are proud to announce that by today (only hours after the release of PHP 7.4) you…

After a period of private testing, we are now very glad to say we consider our brand new Bitbucket integration stable!

Automatically created pull requests from

If you are already using with other version control providers, the image above probably looks familiar to what you are used to. If you are not familiar with the service, here is a very brief explanation:

1. Create an account on

This can be done by clicking on the login link from the front page, an exercise most readers would be comfortable with.

2. Create a project on

After logging in, simply add your Bitbucket repo as a project on

In PHP land there is one advisory database that rules them all. It is This database contains Security Advisories from all kinds of composer based projects, including Drupal, Symfony, Magento, Typo3 and many others.

Wouldn’t it be nice if this database also contained all of the security advisories that are being published about Drupal contrib modules? We think so too! Which is why we tried to add this to the advisory database back in February. Unfortunately this had some unexpected consequences.

Drupal modules in the composer world have a “fake” semantic versioning. So the package drupal/metatag:1.0.0 refers to the…

If you are planning to move your project to php 7.3 and subsequently would need your continuous update friend to run the same version, fear not! now supports php 7.3 for your monitored projects.

Happy updating!

Today marks a huge milestone for After a successful round of private beta testing, we are finally announcing full support for Gitlab as hosting provider on the Violinist platform.

As supporters and evangelists of open source it is with a certain amount of pride we can say we finally also support a platform that is itself open source. Even though we acknowledge the role of Github in the open source ecosystem, it feels good to provide open source alternatives.

With just a few clicks, you can start keeping your dependencies up to date automatically.

For users using Github as a provider, your repositories will continue being monitored.

For those wanting to start keeping their…

Updating your composer dependencies for you!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store