Web framework Svelte delivers ‘most significant release’ yet

Svelte logo as the team releases Svelte 5 of the web development framework that brings native TypeScript support in addition to existing languages like HTML, CSS, and JavaScript, plus a rank of new features and improvements for developers.

Svelte 5 has been released, marking what the team behind the web framework describes as the “most significant release in the project's history" and follows 18 months of intensive development.

The latest iteration of the web framework arrives as a ground-up rewrite, promising improved performance, reduced bundle sizes, and enhanced reliability. Despite these substantial changes, the framework maintains near-complete backwards compatibility with Svelte 4, ensuring a seamless...

25 October 2024 | Developer

Holistic’s open-source tools counter AI development risks

Woman punching illustrating the launch of Holistic AI open-source tools to counter artificial intelligence software development risks and algorithmic bias.

Holistic has unveiled an open-source library to help counter AI development risks and build fairer and more responsible systems.

The library – dubbed Holistic AI OSL – arrives at a crucial moment when organisations are increasingly deploying AI systems across sensitive domains including recruitment, healthcare, and financial services. Recent studies suggest that 65% of AI researchers and developers still consider bias a significant challenge in their work.

Holistic...

23 October 2024 | Artificial Intelligence

Entry points threaten multiple open-source ecosystems

Sign illustrating how vulnerabilities with entry points can be exploited by hackers to threaten open-source packages of multiple programming ecosystems.

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points.

Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for immediate system compromise – offers a subtler approach for patient attackers to...

14 October 2024 | Developer

Open Source Pledge aims to fund software maintainers

Illustration of Sentry's Open Source pledge to support software maintainers.

Sentry has launched the Open Source Pledge—a programme designed to provide direct financial support to open-source software maintainers. The initiative stems from a long-standing aspiration to give back to the open-source community on behalf of every Sentry employee.

The concept of the Open Source Pledge emerged years ago with two primary objectives: to compensate maintainers directly and to establish a sustainable model that scales with Sentry’s growth.

David...

8 October 2024 | Developer

PostgreSQL 17 delivers a leap forward for open-source databases

Person leaping illustrating the open-source database advancements in PostgreSQL 17 for developers.

The PostgreSQL Global Development Group has unveiled PostgreSQL 17, the latest iteration of what is widely-regarded as the world's most advanced open-source database. This release marks a significant milestone in the database's evolution, bringing substantial performance enhancements and new features that cater to both emerging and established data management needs.

PostgreSQL 17 builds upon its robust foundation, offering improved performance and scalability whilst adapting to...

27 September 2024 | Databases

Linux Foundation Decentralized Trust aims for web3 innovation

Chain of blocks to illustrate the launch of the Linux Foundation Decentralized Trust to advance open source web3 technologies.

The Linux Foundation Decentralized Trust aims to foster collaboration and innovation across the web3 ecosystem of blockchain, ledger, identity, interoperability, and cryptographic technologies.

With over 100 founding members, LF Decentralized Trust claims to be a neutral platform for the collaborative development of technologies powering the transition to a digital-first economy. The organisation builds upon more than eight years of work from across the Linux Foundation,...

16 September 2024 | Blockchain

Android 15: Developer productivity and UX take centre stage

Google has announced the release of Android 15, making the source code readily available through the Android Open Source Project (AOSP).

Supported Pixel devices are set to receive the update in the coming weeks, with a wider rollout to devices from manufacturers like Samsung, Honor, and OnePlus planned for the coming months.

“Android 15 continues our mission of building a private and secure platform that helps improve your productivity while giving you new capabilities...

4 September 2024 | Android

Roblox developers targeted by year-long malware campaign

A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems.

The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It particularly targets the Roblox platform, a lucrative target due to its massive...

2 September 2024 | Development Tools

North Korean hackers target developers in latest npm attack wave

A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository.

Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers.

The campaign began on 12th August and involves several distinct publication patterns and attack types, suggesting the...

29 August 2024 | Developer

GitHub’s Copilot Autofix triples vulnerability remediation speed

Shipping software quickly often comes at the cost of security, with vulnerabilities inadvertently making their way into production code. This poses a significant challenge, as many developers find security requirements complex and difficult to implement.

"Developers are shipping software faster than previously imaginable, releasing new features early and often. Yet, despite their best efforts to code securely, software vulnerabilities inadvertently make their way into production...

14 August 2024 | Artificial Intelligence