InfoWorld

Software supply chain security provider Chainguard has unveiled Chainguard Libraries for JavaScript , described as a collection of trusted builds of thousands of common malware-resistant JavaScript dependencies. The libraries, which are built from source on SLSA L2 (Supply-chain Levels for Software Artifacts) infrastructure, were introduced on September 25. By securely building each library and i…

Follow the usual AI suspects on X—Andrew Ng, Paige Bailey, Demis Hassabis, Thom Wolf, Santiago Valdarrama, etc.—and you start to discern patterns in emerging AI challenges and how developers are solving them. Right now, these prominent practitioners expose at least two forces confronting developers: amazing capability gains beset by the all-too-familiar (and stubborn) software problems. Models ke…

Microsoft Azure is now so big it’s hard to keep on top of all its features, let alone drill down into its ever-growing line of developer tools. That’s not surprising. In the past two decades, Azure has become the place where Microsoft builds all of its products, both the tools for its own use and those for its customers. That internal developer focus eventually brings tools to the rest of us, as …

In the rapidly evolving landscape of artificial intelligence and machine learning , organizations continue to seek cost-effective solutions to reduce reliance on expensive third-party tools—not only for development but also for deployment. Recently I was tasked with deploying a predictive machine learning (ML) model at my organization. Our original goal was to bring the ML model in-house to reduc…

Apache Iceberg is a mature open table format that’s been battle-tested in the broader analytics world for years. Now it’s time to apply the benefits of an open and scalable standard to an observability field that badly needs to break out of its siloed heritage. It isn’t that observability has entirely resisted standards. OpenTelemetry is a well-adopted model for collecting metrics, logs, and trac…

Anthropic has released Claude Sonnet 4.5, an update of the company’s coding model that features extended autonomous operation, greater context awareness, and enhanced tool usage. Claude Sonnet 4.5 shows significant improvements on real-world computer tasks, agentic coding, agentic terminal coding, and agentic tools use, as well as reasoning and math, according to Anthropic. Claude Sonnet 4.5 can …

Microsoft has released .NET Aspire 9.5, an update of the company’s framework for building distributed apps that previews support for .NET 10 file-based apps. An AI-based visualizer also is featured. Introduced September 25, Aspire 9.5 previews file-based AppHost support, which introduces backing for .NET 10’s new file-based applications. Developers can create an Aspire AppHost with a single file …

Download the October 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World. Spotlight report: Securing the Cloud Download

Modern Python developers use virtual environments (venvs) , to keep their projects and dependencies separate. Managing project dependencies gets more complex as the number of dependencies grows. Luckily, a variety of third-party tools provide sophisticated package management behaviors that aren’t found in core tools like pip . This article introduces PDM , the Python Development Master. PDM is a …

Nitro.js is a JavaScript -based HTTP server. It builds on state-of-the-art components, focusing on performance, convention, and deployment. As a JavaScript developer, you want to know about Nitro because it’s built from the ground up for modern, full-stack web development. It brings together a wealth of good ideas and is becoming a go-to server option. Nitro is deployment-aware, designed to make …

Until I see Arnold Schwarzenegger showing up at my door in a leather jacket looking for Sarah Connor, I’m not going to worry about AI trying to destroy humankind. What I am worried about? This unusual movement to eliminate the role of the junior developer role. There is a lot of ink being spilled these days about how companies are not hiring junior developers and using AI to do the “grunt work” t…

Work on the Safe C++ extensions proposal , forged a year ago to address memory safety in the language, has ceased, according to Harry Bott, the CEO of the C++ Alliance , which oversaw the proposal. The plan lost out to safety profiles from C++ founder Bjarne Stroustrup . “Yes, work on Safe C++ within ISO has been discontinued,” Bott said September 29 in response to an InfoWorld email inquiry. The…

The Model Context Protocol (MCP) was rolled out by Anthropic in November of 2024 and has rapidly become a hot topic among developers and enterprises alike. MCP is now a leading standard for connecting large language models (LLMs) with tools and data—and demand for developers who can work with it has skyrocketed. Nevertheless, there’s still no formal certification of MCP skills offered by Anthropi…

In the corporate world, blaming the intern is a time-honored, if absurd, tradition. It is a public relations reflex that often emerges after a catastrophic failure, when leaders who are paid millions to exercise oversight deflect responsibility downward to the least powerful person in the organization. In 2021, for example, the former SolarWinds CEO attributed a disastrous password leak to “a mis…

Cloud computing forms the backbone of our increasingly digital world, enabling businesses to operate more efficiently, grow faster, and innovate with flexibility. Despite its advantages, the cloud is not immune to data breaches caused by weak security practices. Alarmingly, some of the biggest risks do not stem from technical errors or malicious hackers but from the very people responsible for pr…