InfoQ Homepage Development Content on InfoQ
-
Github Integrates AI to Improve Accessibility Issue Management and Automate Feedback Triage
GitHub has launched a continuous AI-powered workflow to manage accessibility feedback at scale. Using GitHub Actions, Copilot, and Models APIs, the system centralizes reports, analyzes WCAG compliance, and automates triage while maintaining human validation. Teams now resolve feedback faster, improving inclusion and cross-functional collaboration.
-
Axios npm Package Compromised in Supply Chain Attack
On March 31, 2026, two versions of the Axios library were compromised and found to contain a Remote Access Trojan. The malicious packages were published through a hijacked maintainer account. The Axios team is investigating how the breach occurred and has deprecated the affected versions. Security experts emphasize the need for better dependency management.
-
Helidon 4.4.0 Introduces Alignment with OpenJDK Cadence and Support via Java Verified Portfolio
Oracle has released version 4.4.0 of Helidon, their microservices framework, featuring alignment with the OpenJDK release cadence, support via the new Java Verified Portfolio, new core capabilities, and agentic AI support for LangChain4j.
-
GitHub Will Use Copilot Interaction Data from Free, Pro, and Pro+ Users to Train AI Models
GitHub will use Copilot interaction data from Free, Pro, and Pro+ users to train AI models starting April 24, opting in by default. Collected data includes code snippets, inputs, outputs, and navigation patterns from active sessions, including private repos. Business and Enterprise tiers are excluded. Community concerns include dark patterns, IP exposure, and GDPR compliance.
-
ESLint v10: Flat Config Completion and JSX Tracking
ESLint version 10 has removed the legacy eslintrc configuration system, finalizing a long transition to flat config. The update enhances developer experience, especially for plugin authors and monorepo teams, by changing configuration file location and improving JSX reference tracking. Node.js support has been tightened, and new assertion options have been added to the RuleTester API.
-
Pinterest Deploys Production-Scale Model Context Protocol Ecosystem for AI Agent Workflows
Pinterest engineering teams have deployed a production-ready Model Context Protocol (MCP) ecosystem that allows AI agents to automate complex engineering tasks and integrate diverse internal tools. Domain-specific MCP servers, a central registry, and human-in-the-loop approval improve security, governance, and developer productivity while saving thousands of hours per month.
-
Cloudflare Launches Dynamic Workers Open Beta: Isolate-Based Sandboxing for AI Agent Code Execution
Cloudflare has released Dynamic Worker Loader into open beta, offering V8 isolate-based sandboxing for AI-generated code execution. The company claims isolates start in milliseconds, using megabytes of memory, making them roughly 100x faster and up to 100x more memory-efficient than containers. The feature builds on Cloudflare's Code Mode approach.
-
PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information
Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3 million times per day.
-
Agentic AI Patterns Reinforce Engineering Discipline
Paul Duvall recently discussed his library of engineering patterns for AI assisted development and practices that ground high quality delivery. Related discussions from Paul Stack and Gergely Orosz highlight a shift toward remixing and specification driven development.
-
TanStack Start Introduces Import Protection to Enforce Server and Client Boundaries
TanStack Start has introduced a import protection, which aims to prevent server and client code from being mixed in full-stack React applications. This Vite plugin automatically checks imports during development and build processes. It blocks harmful imports by file naming conventions or explicit markers, enhancing security and reducing bugs without requiring additional developer input.
-
QCon London 2026: Team Topologies as the ‘Infrastructure for Agency’ with AI
At QCon London 2026, Matthew Skelton argued that AI success depends on organisational maturity. He highlighted bounded agency, security, and stewardship as key to managing AI agents. By using Innovation and Practices Enabling Teams, companies can drive knowledge diffusion and optimise internal processes to see real-world returns on their AI investments.
-
Discord Open Sources Osprey Safety Rules Engine Processing 2.3 Million Rules per Second
Discord open-sourced Osprey, a safety rules engine processing 400 million daily actions and 2.3 million rules per second. Osprey uses a polyglot architecture: a Rust coordinator manages traffic, while stateless Python workers execute logic using a Python-based domain-specific language called SML. This design allows trust and safety teams to deploy real-time threat mitigations at high scale.
-
Java News Roundup: GraalVM Build Tools, EclipseLink, Spring Milestones, Open Liberty, Quarkus
This week's Java roundup for March 23rd, 2026, features news highlighting: GA releases of GraalVM Native Build Tools 1.0 and EclipseLink 5.0; the March 2026 edition of Open Liberty; fourth milestone releases of Spring Boot, Spring Modulith and Spring AI; a point release of Quarkus; the first development release of Infinispan; and a maintenance release of GlassFish.
-
FOSDEM 2026: Intro to WebTransport - the Next WebSocket?!
Max Inden recently explored in a talk at FOSDEM 2026 how the upcoming WebTransport protocol and Web API enhance WebSocket capabilities. WebTransport seeks to provide, among other things, lower latency and transparent network switching for key use cases such as high-frequency financial data streaming, cloud gaming, live streaming, and collaborative editing.
-
Google Unveils AppFunctions to Connect AI Agents and Android Apps
In a move to transform Android into an "agent-first" OS, Google has introduced new early beta features to support a task-centric model in which apps provide functional building blocks users leverage through AI agents or assistants to fulfill their goals.