Dec 13, 2019 newsletter

Spin it up, fast

Repl from Repo

Repl.it, the creators of an instant online coding environment, launched Repl from Repo, a new tool to automatically open and run any GitHub project in its cloud-based IDE.

Developers can take any GitHub repository and visit repl.it/github/<GitHub URL> to automatically open that repository in the Repl.it IDE and spin up a development environment.

How it works: When prompted by a user, Repl.it will clone a GitHub repo and its code into an online IDE.

Repl.it tries to detect run commands, but if it is not able to then the IDE will help the user configure a .replit file. The newly created file contains instructions to create a development environment.

Developers can then automatically create a pull request to the original repository to add the Repl.it configuration file so that other users can skip the entire setup process. Maintainers can also add a badge to their repositories that lets anyone open the project on Repl.it in a single click.

It’s getting a bit crowded: Repl.it is not alone. Cloud-based IDEs and disposable development environments are gaining attention in the developer world.

Gitpod similarly lets you import any GitHub repository into its online editor by prepending https://gitpod.io/# to any GitHub URL.

Other projects are taking slightly different approaches. Tools like Coder.com and Microsoft’s Visual Studio Online mimic local instances of VS Code in the browser, which acts as a portal to a server running your code editor and development environment.

Other online IDEs, like CodeSandBox and StackBlitz, focus on specific types of development stacks, like web development.

Hybrid approaches, like Visual Studio Remote, let you use local instances of your code editor but run all code on a remote server.

Why it matters: Cloud-based and browser-based development is becoming incredibly powerful, but also increasingly fractured.

Different online IDEs focus on different technologies and workflows. Moreover, some development environments are more disposable than others; some are geared more towards rapid prototyping and others focus on the entire software life cycle.

Integrations differ, too. Certain tools integrate with GitHub and allow easy sharing, while many do not.

With so many options available, developers will need to navigate their way around a growing ecosystem of online development environments to make the most of this new wave of innovation.


API growth and its speed bumps

Postman State of the API Report

Postman, an API development platform, released its annual State of the API Report. Postman surveyed more than 10,000 developers, testers, and executives from the Postman community about API development.

The growing importance of APIs. According to the report, more than 60% of respondents spend more than 10 hours per week—about a fourth of a typical work week—working with APIs.

Developers are spending slightly less time working with APIs than in last year’s survey results. Postman notes that its community is growing because more developers are working with APIs throughout the development process. That means the average time per Postman user is falling, but its user base is expanding as more developers need better API tooling.

How much time do you spend working with APIs per week?

What does that mean for API churn? More developers working with a greater number of APIs leads to more complex API requirements and higher API churn.

Postman asked its users how often their APIs break, stop working, or change specification. While half of respondents felt their APIs did not change often enough to matter, a significant portion of users see substantial API churn and instability on a more frequent basis. About 28% of respondents said their APIs broke or changed monthly and 16% answered weekly.

Documentation could be (much) better. With more companies switching to API-focused architectures, it’s no surprise that documentation across the industry is lagging.

Roughly 55% of respondents felt that API documentation is below average or not well documented. Only 28% of respondents felt that documentation is above average or very well documented.

What's next? According to the survey, 54% of developers are excited about microservices and 44% are interested in serverless architecture. Despite today's API development challenges, many developers are hopeful for the future of API-driven technologies.


Security practices makes security perfect

Secure Code Warrior

Secure Code Warrior, a security training platform for developers, raised $47.6M in its recent Series B round of funding.

From Pieter Danhieux, co-founder and CEO of Secure Code Warrior:

Secure Code Warrior’s vision is to make developers the first line of defense by making security highly visible and providing them with the skills and tools needed to write secure code from the beginning.

Founded in 2015, Secure Code Warrior uses gamification to help developers learn security best practices.

What’s the big picture? Security is a serious issue. And developers are increasingly responsible for securing their code.

According to GitLab’s Global Developer Report, 69% of all respondents say that developers are expected to write secure code, yet a whopping 68% of security professionals feel that less than half of developers are able to spot security vulnerabilities.

A few solutions. There has been an uptick in the number of new tools in recent years to help developers write more secure code. Much of this growth is driven by new workflow automations, like dependency analysis and code scanning.

Big tech companies are adapting to this new world, too. GitHub can automatically open pull requests to update vulnerable packages. GitLab recently upgraded its platform to focus more on DevSecOps by adding security dashboards, auto remediation tools, and security approvals.

Secure Code Warrior hopes to eliminate security issues before they even reach GitHub and GitLab by focusing on developer training.

With better training and stronger toolsets, developers can fix security issues earlier in the development process—or avoid them altogether.

The result? Developers can save time and resources by ensuring that expensive and complex bugs don’t bog down development later in the software development life cycle.


A Space launch from JetBrains

Space from JetBrains

JetBrains launched Space, its new integrated team environment that centralizes and organizes team collaboration and development workflows.

Space includes chats, logs, wikis, issues, code reviews, and other project management tools. Developers can also connect any JetBrains IDE to manage repositories, merges, and notifications.

What’s different about Space? It’s for everyone, even non-technical team members.

JetBrains has built a few other tools for collaboration; Upsource manages code reviews and project analytics for teams and YouTrack helps agile software development teams manage their projects.

With Space, however, JetBrains hopes to hook every member of an organization.

According to JetBrains, Space’s two main selling points are that it's:

  • Powerful — for your technical excellence and innovation.
  • Friendly — for all the people in your organization to use.

A shifting focus. Even if you don’t use any of JetBrains’ other products, it’s push into tools that can be used across an organization signals a greater shift toward developer-centric thinking.

Slack, one of the most popular communication tools, is often a sore spot for developers, sacrificing rich development features so that it can be more widely accessible. Slack relies heavily on a marketplace of third-party extensions to add much-needed development integrations. Microsoft Teams, a Slack competitor, also lacks many developer-friendly features, despite operating under the same company as GitHub and Visual Studio Code.

On the other end of the spectrum, Atlassian tries to capture many different developer workflows, but is difficult for non-technical users to navigate and understand.

Goldilocks? Space sits somewhere in between. It is decidedly developer-first, but makes a strong effort to pull non-technical users onto its platform.

As developers continue to be the main drivers of innovation around the world, you can expect to find more companies organizing teams around tools that make developers happier and more productive.


Small bytes

  • npm, Inc released npm pro, a new tool for individual developers to maintain their own private packages. While open source software has fueled the rise of a rich package ecosystem, many developers now want a more private solution [NPM]
  • W3C announced that the WebAssembly Core Specification is now an official web standard. With official backing, WebAssembly will continue to drive innovation in web technology [W3C]
  • IBM revealed Browser Functions, a new serverless platform that uses web browser execution engines. While still in its early stages, the new tool bridges the gap between backend and frontend code by allowing developers to use the Web API on a server [IBM]
  • A new report reveals that the US will likely outspend China on military AI, even though China is probably outspending the US in overall AI research [MIT TECHNOLOGY REVIEW]
  • Synack released its 2020 State of Compliance and Security Testing Report. The report reveals that compliance and security pose massive challenges for technology companies [SYNACK]

Tools

  • Pixela is an API-based habit tracker to make GitHub-like activity charts for anything [PIXELA]
  • Fronty is an AI service that creates HTML and CSS code based on an uploaded image [FRONTY]
  • Home Assistant is open source home automation that puts local control and privacy first [HOME ASSISTANT]
  • Authpack offers complete user management in just eight lines of code [AUTHPACK]
  • DockerSlim minifies and secures your docker containers [DOCKERSLIM]
  • The Orbital Widget Toolkit is a multi platform (G)UI toolkit for building scalable user interfaces with the programming language Rust [GITHUB]
Never miss the big news

Every week, our team will send you three of the most important stories for developers, including our analysis of why they matter. Software development changes fast, but src is your secret weapon to stay up to date in the developer world.

Featured articles
Made with by Software. Read more about our mission.