In March, Metadrop continued its contributions to the Drupal ecosystem with a particular focus on privacy and content editorial experience. The team released new modules, updated existing ones, added integrations, and assisted clients with some internal issues not directly related to Drupal, while still having time do research on AI.
New modules and releases
Iframe Consent
We developed a new module to manage IFrame consent, ensuring GDPR-compliant handling of embedded iframes by loading third-party content only after obtaining user consent. This effort enhances privacy in addition to existing modules like EXIF Removal and Youtube Cookies.
Watchdog Statistics 1.0.6
The release of version 1.0.6 added date filters, enabling users to generate reports from previous months and display log statistics for the last month — an essential feature for detecting and correcting potential errors.
Voiceflow 1.1.0
Voiceflow was updated to version 1.1.0 , improving its integration script with the latest version. This module allows simple integration of Voiceflow chatbots in any Drupal site in a simple and direct way.
This chatbot provide, for example, responses based on the content of the site, allowing an easy way for visitors to found the information the want quick and efficiently.
VLSuite 3.x
The first alpha release of VLSuite 3.x marked progress towards its next iteration. VLSuite enables visual content editing and has been functional for quite some time, allowing you modern content edition while waiting for Experience Builder to be completed. Built on top of Layout Builder, it includes numerous ready-to-use components, a library of reusable sections and components, and permissions to limit what editors can modify (and potentially break!), among other functionalities.
Artisan 2.0
Metadrop explored the capabilities of TailwindCSS 4 and Bootstrap 5 through a comparative article, providing insights for developers to make informed framework choices.
The alpha1 release of Artisan 2.0 introduced a new frontend stack featuring Vite, Tailwind CSS v4 and DaisyUI 5, alongside more SDC than its predecessor. The ongoing development focuses on future compatibility with various page builders.
Contributions
Contributions to open-source projects included improvements to Log Entity Operation:
- Patch to save logs for entities in draft status.
- Patch to alter diff of entities, again thinking on privacy: this opens the door to sanitizing or redact content being logged or add project-specific alterations.
We found this module particularly useful when it comes to do forensic analysis on issues with content, whether changes were automated or done manually by a sloppy editor.
Research
Research into using generative AI for GraphQL API development was successful, significantly reducing error margins and accelerating endpoint production.
We are also testing various AI code assistants like Aider, Roo Code, and Cursor, while simultaneously integrating AI capabilities into Drupal for editors.
Working with clients
Here are some notes on our work with our direct clients.
Drupal 11 migrations
Although Drupal 10 will be supported for about another year (June 2026), our clients are upgrading now to Drupal 11. Drupal 11 brings enhanced performance, security, and new features that help you future-proof your website. If you need assistance migrating your Drupal site to Drupal 11, refer to our page about our migration plans.
SMS integration
We developed a custom integration for one of our maintained sites to send security codes via SMS, enhancing the site's security. While using SMS as part of a multi-factor authentication approach has its own security challenges, it often strikes a good balance between security, cost, and convenience.
Helping clients with services
Sometimes, clients use services that provide certain functionalities or information but lack enhancements that could improve the service. In one instance, a client's host provider did not offer an effective way to analyse traffic patterns or perform forensic analysis post-incident. To address this gap, we introduced a wrapper for GoAccess to simplify parsing HTTP logs in the hosting provider's custom format. This solution helped in tackling the surge of bot traffic, making it easier to distinguish legitimate bots from malicious ones, block unwanted traffic, and ultimately reduce backend hits and hosting costs.
In another case, we assisted a client in configuring the external cache layer to resolve specific update issues tied to platform limitations.
