fidzu : Drupal

With Oaisys 25 just days away, QED42 Engineering Manager Vidit Anjaria sits down with The DropTimes to talk about the evolution of engineering culture, the lessons that shaped his approach to architecture, and why this weekend's open-source AI practitioners' event could mark a turning point for the community.

27 Nov 2025 2:32pm GMT

Today is Thanksgiving in the US. I know it's not a global holiday, but it has me thinking about gratitude, and specifically about a team that rarely gets the recognition it deserves: the Drupal Security Team.

As Drupal's project lead, I'm barely involved in our security work. And you know what? That is a sign that things are working really well.

Our Security Team reviews reports, analyzes vulnerabilities, coordinates patches across supported Drupal versions, and publishes advisories. They work with Drupal module maintainers and reporters to protect millions of websites. They also educate our community proactively, ensuring problems are prevented, not just fixed. It can be a lot of work, and delicate work.

To get an idea of the quality of their work, check out recent advisories at drupal.org/security. I know it's maybe strange to point out security advisories, but their work meets the highest standards of maturity. For example, Drupal is authorized as a CVE Numbering Authority, which means our security processes meet international standards for vulnerability coordination.

Whether you're running a small blog or critical government infrastructure, the Security Team protects you with the same consistency and professionalism.

While I'm on our private security team mailing list, they do all this without needing me to oversee or interfere. In fact, the team handles everything so smoothly that my involvement would only slow them down. In the world of open source leadership, there is no higher compliment I can pay them.

Security work is largely invisible when done well. Nobody celebrates the absence of breaches. The researchers who report issues often get more recognition than the team members who spend hours verifying, patching, and coordinating fixes.

All software has security bugs, and fortunately for Drupal, critical security bugs are rare. What really matters is how you deal with security releases.

To our Security Team: thank you for your excellence. Thank you for protecting Drupal's reputation through consistent, professional, often invisible work, week after week.

27 Nov 2025 1:00pm GMT

AI has sped up proposal writing-but made them all sound the same. In this DrupalCon Vienna session, Monisha Navlani explores how Drupal agencies can rise above the noise with real-world context, trust, and a human voice.

27 Nov 2025 7:39am GMT

Several years ago, I built a photo stream on my Drupal-powered website. You can see it at https://dri.es/photos. This week, I gave it a small upgrade: infinite scroll.

My first implementation used vanilla JavaScript using the Intersection Observer API, and it worked fine. It took about 30 lines of custom JavaScript and 20 lines of PHP code.

But Drupal now ships with htmx support, and that had been on my mind. So a couple of hours later, I rewrote the feature with htmx to see if it could do the same job more simply.

It's something I love about Drupal: how we keep adding small, well-chosen features like htmx support. Not flashy, but they quietly make everyday work nicer. Years ago, Drupal was one of the first CMSes to adopt jQuery, and our early adoption helped contribute to its widespread use. Today, we're replacing parts of jQuery with htmx, and Drupal may well be among the first CMSes to ship htmx in core.

If, like me, you haven't used htmx before, it lets you add dynamic behavior to pages using HTML attributes instead of writing JavaScript. Want to load content when something is clicked or scrolled into view? You add an attribute like hx-get="/load-more" and htmx handles the request, then swaps the response into your page. It gives you AJAX-style interactions without having to write JavaScript.

To make the photo stream load more images as you scroll, I added an "htmx trigger". When it scrolls into view, htmx fetches more photos and appends them to the right container. The resulting HTML looks like this:

<div hx-get="/photos/load-more?offset=25"
         hx-trigger="revealed"
         hx-target="#album"
         hx-swap="beforeend">
  <figure>
   ...
  </figure>
</div>

The hx-get points to a controller that returns the next batch of photos. The hx-trigger="revealed" attribute means "fire when scrolled into view". The hx-target="#album" tells htmx where to put the new content, and hx-swap="beforeend" appends it at the end of that #album container.

I didn't want users to hit the last photo and have to wait for more to load. To keep the scrolling smooth, I added the trigger a few photos before the end. This pre-fetches the next batch before the user even realizes they are running out of photos. This is what the code in Drupal looks likes:

// Trigger 3 images before the end to prefetch the next batch.
$trigger = array_keys($images)[max(0, count($images) - 4)];

foreach ($images as $key => $image) {
  …

  if ($key === $trigger) {
    // Add htmx attributes to the <div> surrounding the image.
    $build['#attributes']['hx-get'] = '/photos/load-more?offset=' . ($offset + $limit);
    $build['#attributes']['hx-trigger'] = 'revealed';
    $build['#attributes']['hx-target'] = '#album';
    $build['#attributes']['hx-swap'] = 'beforeend';
  }
}

And the controller that returns the HTML:

public function loadMorePhotos(Request $request) {
  $offset = $request->query->getInt('offset', 0);
  $limit = 25;
  $photos = PhotoCollection::loadRecent($offset, $limit);
  if (!$photos) {
    return new Response('');
  }

  $build = $this->buildImages($photos, $offset, $limit);
  $html = \Drupal::service('renderer')->renderRoot($build);
  return new Response($html);
}

Each response includes 25 photos. It continues fetching new photos as you scroll down until there are no more photos, at which point the controller returns an empty response and the scrolling stops.

As you can tell, there is no custom JavaScript in my code. It's all abstracted away by htmx. The htmx version took less than 10 lines of PHP code (shown above) instead of 30+ lines of custom JavaScript. The loadMorePhotos controller I needed either way.

The savings are negligible. Replacing a couple dozen lines of JavaScript won't change the world. And at 16KB gzipped, htmx is much larger than the custom JavaScript I wrote by hand. But it still feels reasonable. My photo stream is image-heavy, and htmx adds less than 0.5% to the initial page weight.

Overall, I'd say that htmx grew on me. There is something satisfying about declarative code. You describe what should happen, and the implementation disappears. I may try it in a few more places to improve the user experience of my site.

26 Nov 2025 10:55pm GMT

Florida DrupalCamp voted best DrupalCamp on the planet (and sessions are now open)! mherchel Wed, 11/26/2025 - 16:24

26 Nov 2025 9:24pm GMT

"Where did I put the key?" - you might ask yourself this when searching for your house or car keys, and the same can happen on a Drupal site. Almost all modern websites rely on keys for integrations with other services, secure authentication, and sensitive data protection. They can be used by anyone - a developer wiring up a complex integration or a marketer adding credentials from a user-friendly service like Mailchimp.

26 Nov 2025 3:45pm GMT

26 Nov 2025 2:09pm GMT

Since 2019, DevBranch hasn't attended DrupalCon in person due to war and pandemic disruptions. Yet from their Lutsk office, the Ukrainian team continues to gather for every Driesnote-sharing insights, staying connected, and embodying the Drupal community spirit through challenging times.

26 Nov 2025 11:49am GMT

Email testing isn't broken - the method often is. Katherine Pay outlines the five most common mistakes marketers make with A/B testing and introduces the Holistic Testing Methodology to fix them. From missing hypotheses to shallow metrics and isolated tests, this guide explains how to run smarter experiments that drive real insight and long-term results.

25 Nov 2025 5:45pm GMT

How the Irish Government's "Build to Share" Vision Comes to Life: A New Public Consultations Module for All

markconroy 25th Nov 2025

25 Nov 2025 12:29pm GMT

SEO today is all about intent and clarity, not keyword counts. Read this blog to find out how relevance optimization can strengthen your Drupal site's discoverability.

25 Nov 2025 10:58am GMT

24 Nov 2025 11:34pm GMT

Search engine optimization (SEO) is a rich and multi-dimensional craft, with numerous best practices and techniques to apply on your Drupal site. Optimizing your content, configuring an XML sitemap, and creating well-structured URLs are just a few examples of what should be done for SEO success.

24 Nov 2025 8:19pm GMT

Today we are talking about the community working group, What they do, and how you can help with guests AmyJune Hineline, Mark Casias, and Matthew Saunders. We'll also cover Drupal CMS Geo Images as our module of the week.

For show notes visit: https://www.talkingDrupal.com/530

Topics

• Exploring the Community Working Group (CWG)
• Roles and Responsibilities within the CWG
• Conflict Resolution and Community Health
• Matthew's Journey and Joining the CWG
• Qualities and Experiences for CWG Members
• Identifying the Need for Cultural Sensitivity
• The Importance of Patience and Grace in Conflict Resolution
• Onboarding and the Role of the Community Health Team
• Time Commitment and Responsibilities of CWG Members
• Supporting the CWG Without Formal Membership
• Maintaining Confidentiality and Promoting Transparency
• Addressing Credit Abuse and Community Health
• Parting Words of Wisdom for Aspiring Community Members

Resources

• Recipe application

Guests

AmyJune Hineline - volkswagenchick Matthew Saunders - jamesmatthewsaunders.ai MatthewS Mark Casias - omibee.com markie

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi

MOTW Correspondent

Mike Anello - drupaleasy.com ultimike

• Brief description:
  • Drupal CMS Geo Images - a Drupal CMS recipe that automatically displays uploaded geotagged images on a map.
• Module name/project name:
  • Drupal CMS Geo Images
• Brief history
  • How old: created in February 2025 by Italo Mairo (https://www.drupal.org/u/itamair). He is also one of the maintainers of the GeoField module as well as many of the other geo-spatial related contrib modules.
• Versions available: 1.1.4, released Nov 9 2025.
• Maintainership
  • Actively maintained
  • Security coverage
  • Documentation - yes, on the project page (README is the same)
  • Number of open issues: 1 open issues, 0 of which are bugs against the current branch (2 total issues)
• Module features and usage
  • Creates new "Geo image" media type
  • Displays image and map
  • Bulk import via Media Library Importer module
  • Includes preconfigured map view (filterable by date)
  • Each mapped photo displayed with image thumbnail on map

24 Nov 2025 7:00pm GMT

24 Nov 2025 4:38pm GMT

The DropTimes has launched the Discover page to spotlight Drupal's real-world adoption and ongoing relevance. Featuring over 3,000 top ranked websites and detailed case studies, it reveals how Drupal continues to power critical digital platforms in government, media, education and enterprise. This page is not just a list; it is a living record of trust, resilience and the impact of open source.

24 Nov 2025 12:16pm GMT