Drupal CMS News Digest
developments tricks, articles and reviews from Drupal specialists
CodeLift: Building a Drupal contrib module with AI-assisted TDD
Three complete rewrites with three AI coding tools over 14 months. Each rewrite passed the same test suite. The spec and the tests are not interchangeable. The AI tool is.
https://codelift.ai/en/article
Joachim's blog: New Module Builder documentation site
New Module Builder documentation site Module Builder now has its own documentation site.
This covers the many options it offers developers for fine-tuning their module
code, from dependency injection to plugin inheritance, entity base fields,
form elements, permissions, library asset files, and more.
Meanwhile, the latest release of Module Builder
adds a feature I've wanted to implement for a very long time: when a new
form section is added to add a new component (such as a plugin, hook class, or entity type),
the form scrolls up to the new section that's just been added with AJAX. This
makes it much clearer to understand what's just been changed, and helps with
navigating around Module Builder's forms.
joachim
Thu, 19/03/2026 - 12:45 Tags module builder
http://www.noreiko.com/blog/ne
Smartbees: Integrating Forms With an External Database
Discover how we improved form handling and submission to the client's system.
https://smartbees.co/case-stud
Darren Oh: Undocumented trick to make Composer copy a local package repository
Undocumented trick to make Composer copy a local package repository I needed to test a Drupal module I was working on in a Docker container. The code was not in a location accessible to Docker. I tried to use Composer to copy it over. This would have worked if the code contained a composer.json file. I could have used a Composer path repository with symlink set to false. But it did not contain a composer.json file, so I had to use a Composer package repository. Composer kept symlinking instead of copying. Darren Oh
Thu, 03/19/2026 - 07:17 Tags Drupal Composer Read more about Undocumented trick to make Composer copy a local package repositoryLog in or register to post comments
https://darren.oh.name/node/88
The Drop Times: Accessibility Beyond Compliance for Government and University Platforms
As accessibility deadlines approach, a DrupalCon Chicago 2026 session examines how government and university teams can move beyond compliance-driven approaches and integrate accessibility into design, development, and content workflows. Drawing on real project experience, the session positions accessibility as an ongoing practice shaped by systems, not a final checkpoint.
https://www.thedroptimes.com/6
The Drop Times: Designing for Difference: Practical Strategies for Building a Neuroinclusive Organization
Matthew Saunders will present a talk on neuro-inclusive system design at DrupalCon Chicago 2026, focusing on how organisational structures create friction for neurodivergent individuals. The presentation outlines practical changes to hiring, team operations, and leadership practices, positioning neuroinclusion as a systems-level design problem rather than a policy concern.
https://www.thedroptimes.com/6
Nonprofit Drupal posts: March 2026 Drupal for Nonprofits Chat
Join us THURSDAY, March 19 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)
We don't have anything specific on the agenda this month, so we'll have plenty of time to discuss anything that's on our minds at the intersection of Drupal and nonprofits. Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google document at https://nten.org/drupal/notes!
All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.
This free call is sponsored by NTEN.org and open to everyone.
Information on joining the meeting can be found in our collaborative Google document.
https://www.drupal.org/communi
UI Suite Initiative website: Announcement – Display Builder 1.0.0-beta4 is released
Just one week after beta 3, we are happy to announce the release of Display Builder 1.0.0-beta4! This is a focused stabilization release, shipping a solid batch of bug fixes — in particular around Entity view overrides — alongside improved API error logging and a handful of developer-facing improvements.A big thank you to the 6 contributors who made this release possible: anruether, fmb, ipumpkin, mogtofu33, nickolaj, and pdureau.
https://uisuite.net/announceme
Tag1 Insights: Preparing File Upload Secure Validator for Drupal 12 with AI
Take Away
At Tag1, we believe in proving AI within our own work before recommending it to clients. This post is part of our AI Applied content series, where team members share real stories of how they're using Artificial Intelligence and the insights and lessons they learn along the way. Here, Stefanos Petrakis, maintainer of the File Upload Secure Validator module, shows how he used AI to modernize a small but widely used Drupal security module and prepare it for Drupal 12.
From "I'll Get to It" to Done: Modernizing File Upload Secure Validator
I’ve been meaning to clean up the File Upload Secure Validator project and get it ready for Drupal 12 for a while now. This small, focused module has been around for nearly a decade. Despite its simplicity, it continues to serve more than 10,000 reported sites, and adoption has only accelerated with the introduction of Drupal AI. With the help of Cline and Claude, I finally did a full overhaul of the codebase: switching to Drupal 11-only support, expanding the automated test suite, and positioning the project for Drupal 12.
Figure 1: Weekly File Upload Secure Validator usage report, that refects an increase in usage post Drupal AI release.
A Decade-Old Module Meets Drupal 12
This was the kind of maintenance work I kept putting off, the same...
https://www.tag1.com/blog/prep
Four Kitchens: When the people who run the platform aren’t the people who run the content
Dave Hansen-LangeDirector of Technical StrategyDave has been crafting websites since 2003 and has been active with Drupal communities around the world, sharing a passion for improving effectiveness, editorial experience, and long-term success.January 1, 1970A dashboard isn’t just a summary page. It’s a statement of priorities. Every item that appears, and everything that doesn’t, tells editors what the organization believes actually matters.
That’s worth thinking carefully about, because most dashboards aren’t designed that way. They’re assembled. A few shortcuts here, some default widgets there. The result is a starting screen that reflects what was easy to build rather than what editors actually need.
We help manage a Drupal platform that supports 500 editors across 130 sites. Getting a dashboard right for that kind of scale required us to ask some uncomfortable questions about what we actually valued, and what we’d been ignoring. The quarterly PDF problemBefore we built our dashboard, someone on our platform team was manually generating reports for each of the 130 sites every quarter. Accessibility problems. Broken links. Duplicate content. All compiled, formatted, and sent out as a PDF.
It was better than nothing. But it had two serious problems.
First, people were unlikely to act on it. A PDF that arrives by email,...
https://www.fourkitchens.com/b
Specbee: How to add Taxonomy term references to Canvas (experience builder) components in Drupal
If you’re struggling with taxonomy references in Drupal Canvas, you must read this! Add entity reference autocomplete fields using a simple $ref, no custom code needed.
https://www.specbee.com/blogs/
The Drop Times: Future-Proofing Accessibility for Government and University Drupal Platforms
A DrupalCon Chicago session titled “Future-Proofing Accessibility: Strategies for Government & University Platforms” will examine practical approaches to accessibility implementation as compliance requirements evolve in the United States. Speakers from Lullabot will present lessons from government and university projects, highlighting Drupal’s accessibility capabilities, common pitfalls, and strategies for building compliant digital services.
https://www.thedroptimes.com/6
Talking Drupal: Talking Drupal #544 - World Cancer Day
Today we are talking about World Cancer Day, how they use Drupal, and why Drupal was the right choice with our guests Charles Andrew Revkin & Diego Costa. We'll also cover PDFa11y as our module of the week. For show notes visit: https://www.talkingDrupal.com/544 Topics What Is World Cancer Day Why UICC Uses Drupal Diego Joins the Project Multilingual Strategy at Scale Drupal Architecture and AI Tools Vetting AI Moderation and Summaries AI Disclosure and Review Traffic Spikes and Scaling Drupal Stack and React Apps Campaign Theme United by Unique Yearly Content and Three Year Cycle Drupal Community and Open Access Custom AI Modules and Azure Future Improvements and AI Tagging Story Submission Formats Prevention PSA and Wrap Up Resources World Cancer Day Union for International Cancer Control Guests Diego Costa - 1xinternet.com diegofcosta Charles Andrew Revkin - worldcancerday.org revkin Hosts Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Steve Wirt - civicactions.com Swirt MOTW Correspondent Martin Anderson-Clutz - mandclu.com mandclu Brief description: Have you ever wanted to check PDF files for accessibility, as they're uploaded to your Drupal site? There's a module for that. Module name/project name: PDFa11y Brief history How old: created in Feb 2026 by Joshua Mitchell (joshuami), a friend of this podcast Versions...
https://sacstudio.libsyn.com/t
The Drop Times: When “Free Beer” Meets Infrastructure Reality
The modern web runs on Open Source. The software itself remains freely available, but the infrastructure that sustains the ecosystem operates under fragile funding models. In a recent blog post, Drupal founder Dries Buytaert draws attention to a structural imbalance familiar across many open-source projects: the registries, repositories, CI systems, and update services developers rely on are widely treated as public goods, yet their costs are rarely shared proportionally by the organisations that depend on them.In Drupal’s case, maintaining the ecosystem’s infrastructure costs roughly $3 million each year, covering servers, bandwidth, content delivery networks, software systems, and operational staff. When distributed across the installed base, that amounts to roughly $10 per active Drupal site annually. The Drupal Association currently operates with about $7.50 per site, leaving a modest but persistent gap. The shortfall does not immediately break systems, but it accumulates as technical debt: upgrades are postponed, legacy infrastructure remains in service longer than intended, and improvements move more slowly than the community might expect.The deeper issue is structural rather than financial. Hundreds of thousands of sites rely on Drupal.org services, yet the cost of operating those systems remains largely disconnected from the organisations that benefit from them. Much...
https://www.thedroptimes.com/n
Dries Buytaert: Never submit code you don't understand
Years ago, in the early Drupal days, you would see a mantra everywhere: "Don't hack core".
It showed up in issue queues, conference talks, support channels, stickers, and even on T-shirts. It was short and memorable, and it solved a real problem: too many people were modifying Drupal Core instead of extending it properly.
Over time the mantra worked. The ecosystem matured. Not just the software itself, but also the habits and expectations around it. Today you rarely hear people say "Don't hack core".
With AI changing how code gets written, we may need a new mantra.
In Open Source, all code needs to be understood and reviewed before it can be merged. That responsibility belongs to both contributors and maintainers. AI is changing how code gets written, but it does not change that responsibility. In fact, it may make it easier to forget.
Code you don't understand becomes someone else's problem. In Open Source, that someone is often the maintainer reviewing your patch.
Offloading bad code onto maintainers slows down reviews for everyone. Plus, you miss the chance to learn from the code and grow as a developer.
It shouldn't matter what tools you use. But if you submit code, you should be able to explain what it does, why it works, and how it interacts with the rest of the code.
Everyone starts somewhere. Even today's top contributors submitted imperfect...
https://dri.es/never-submit-co
Never submit code you don't understand
Years ago, in the early Drupal days, you would see a mantra everywhere: "Don't hack core".
It showed up in issue queues, conference talks, support channels, stickers, and even on T-shirts. It was short and memorable, and it solved a real problem: too many people were modifying Drupal Core instead of extending it properly.
Over time the mantra worked. The ecosystem matured. Not just the software itself, but also the habits and expectations around it. Today you rarely hear people say "Don't hack core".
With AI changing how code gets written, we may need a new mantra.
In Open Source, all code needs to be understood and reviewed before it can be merged. That responsibility belongs to both contributors and maintainers. AI is changing how code gets written, but it does not change that responsibility. In fact, it may make it easier to forget.
Code you don't understand becomes someone else's problem. In Open Source, that someone is often the maintainer reviewing your patch.
Offloading bad code onto maintainers slows down reviews for everyone. Plus, you miss the chance to learn from the code and grow as a developer.
It shouldn't matter what tools you use. But if you submit code, you should be able to explain what it does, why it works, and how it interacts with the rest of the code.
Everyone starts somewhere. Even today's top contributors submitted imperfect...
https://dri.es/never-submit-co
