DevBlogs

Pagefind crawls your website making it searchable with a bit of front-end magic. I stayed up way too late coding a Levenshtein Distance algorithm in Zig before giving up and coping this Gist. My website has a vocabulary of over 12000 unique words with “and” and “the” jostling for top spot.

Cloudflare has joined the U.S. Cybersecurity and Infrastructure Security Agency’s “Secure by Design’ pledge. The pledge is aimed at promoting transparency in vulnerability reporting. Cloudflare issues CVEs for vulnerabilities discovered internally and through its Bug Bounty program.

The Email Markup Consortium (EMC) released its 2025 study on the accessibility in HTML emails. The results come from an analysis of 443,585 emails collected from the past year. Only 21 emails passed all accessibility checks.

As of May 16, proceeds from the sale of eligible apps and In‑App Purchases have been modified in Brazil to account for the Contribuições de Intervenção no Domínio Econômico (CIDE) tax introduction of 10% for developers based outside of Brazil. Beginning June 2, prices will be updated for Brazil and Kazakhstan if you haven’t selected one of these storefronts as the base storefront for your app or In-App Purchase.

Python Core Developer Brett Cannon talks about PEP 751 and the pylock.toml file format. Brett has been working on a way to move beyond the requirements.txt file for over six years. Course Spotlight: Using the Python subprocess module.

Google Summer of Code 2025 contributors. These amazing folks will be working on impactful projects that will shape Django’s future.

Michael Ryabushkin (aka Goodwill) passed away. He was a great friend and an even better person. I will miss him dearly.

No one gets fired for recommending "Transformed" by Marty Cagan, Lea Hickman, Chris Jones, Christian Idiodi, and John Moore. Themes like competence, bravery, vision, and strong leadership sound like challenges, but they're identity-affirming for executives.

Pyrefly is a new type checker and IDE experience for Python, written with Rust. It’s open-source, supports both CLI usage and IDE integration. On this episode of the Meta Tech Podcast, Pascal Hartig sits down with Maggie, Rebecca, and Neil.

Pyrefly is a static typechecker that analyzes Python code to ensure type consistency and help you catch errors. It also supports IDE integration and CLI usage to give you flexibility in how you incorporate it into your workflow. Pyrefly was created by Meta, an open source Python type checker and IDE extension.

Replit is the best place for anybody to build software. Vibe coding makes software creation accessible to everyone, entirely through natural language. Today we are doubling down on making vibe coding safe.

The Jupyter Distinguished Contributors are recognized for their substantial contributions to the project over at least two years. Contributions may include code, code review, infrastructure work, mailing list and chat participation.

Django has a new accessibility statement. According to a WebAIM Million survey, 94.6% of sites have easily-detectable accessibility issues. This statement improves transparency, and clearly states our intentions.

Fresh is a simple web framework based on the latest web standards that we built and use quite heavily here at Deno. A pre-release version of Fresh 2 is currently being used in production here at the company.

Cloudflare is introducing two proposals for bots to authenticate themselves and for customer origins to identify them. The proposals use well-established cryptography techniques. They provide a clearer signal for site owners to decide what traffic to permit.

CSS Carousels can now be used to trigger an animation while scrolling through the items in a CSS carousel. The demo also slaps CSS Scroll Snapping in there with smooth scrolling, which is effectively wiped out.

Pamelafox gave a three hour workshop at PyCon US on building software on top of Large Language Models. Most of the workshop was interactive: I created a detailed handout with six different exercises, then worked through them with the participants. The full handout for the workshop parts of this talk can be found at building-with-llms-pycon-2025.

The internet is being ruined by ‘Artificial ‘Intelligence’ and half of you are practically suckling at the exhaust end of slop factories. The web is where most internet discourse happens and evidently you’re doing it wrong. On the web there’s a better place to express yourself than in a comments section.

LangChain held its first-ever industry conference in San Francisco. 800 people from across the globe gathered to hear stories of teams building agents. Cisco, Uber, Replit, LinkedIn, Blackrock, JPMorgan, Harvey, and more shared lessons.

Djangonauts celebrated Django’s 20th birthday at DjangoCon Europe 2025. The conference was a great occasion for the community to celebrate this, and work on the sustainability of the project together.

Rafael Gonzaga This is a security release. Windows 64-bit Installer: https://nodejs.org/dist/v24.0.2-x64.msi. Windows ARM 64- bit Installer. MacOS Intel 64- Bit Binary: https:nodejs-v24-0.0-x32.tar.gz. Mac OS X 64-Bit Binary: http://www.apple.com/news/features/features-top-stories/2013/01/29/news-top stories-2013-01-29.html.

This is a security release. Use the following tools to test your software.

Rafael Gonzaga This is a security release. Windows 32-bit and 64-bit versions are available.

Rafael Gonzaga This is a security release. Windows 32-bit and 64-bit versions are available.

John Rhea recently rebuilt his portfolio on Cloudways. The site was having problems showing up on the server. He tried to fix the problem by writing his own custom code. But it still wouldn't work.

LangGraph Platform is the easiest way to develop, deploy, and manage long-running, stateful agents. It can be used independently from LangChain’s other products – LangChain (integrations), LangGraph (agent orchestration), and LangSmith (Evals and Observability), or stack together to provide an easy transition from the build phase to production.

Simon Charette is a longtime Django contributor and community member. He served on the Django 5.x Steering Council and is part of the Security team and the Triage and Review team. Simon is a principal backend engineer at Zapier where we use Python and Django to power many of our backend services.

The Node.js Project Updates are now available for the 24.X, 23.x, 22.x and 20.x release lines. Releases will be available on, or shortly after, Wednesday, May 14, 2025.

Python is a free, open-source Python programming language. It is used to create interactive, interactive, and interactive web content. It can be used to help people understand and express their ideas.

Learn how to handle missing data in Polars. Polars provides powerful tools to identify, replace, and remove null values, ensuring seamless data processing.

This episode of Talk Python features a discussion of t-strings. T-strings are a major shift in how Python can handle string interpolation. They make it easier to thwart injection attacks, build dynamic HTML components, log structured data, and create domain-specific languages.

Spring gRPC has been promoted from experimental to a full member of the Spring Portfolio. The latest release is 0.8.0, and it has been available for a couple of weeks in Maven Central. The biggest change since Josh's blog is probably the support for automatically creating gRpc client stubs.

Spring Boot 3.5 and Spring AI will be released this week. Spring Boot is a big release, but we've already got plenty of exciting GA versions of Spring Boot. Spring AI, on the other hand? Not so much. This is abig deal—years in the making!

velocity is a measurement of effort expended by developers, usually as story points completed in a sprint. It's not actually business impact, says Ben Matthews, Senior Director of Engineering at Stack Overflow. velocity oversimplifies the complex and creative work that engineering teams are doing, pigeon-holing the collaborative process.

Python 3.14 alpha release and PEPs have been accepted or proposed. Django released version 5.2, adding several developer-facing improvements. PyCon US and EuroPython set for early summer 2025.

Pages CMS is an open source content management system for static sites. It works with Astro and Eleventy site generators, and is free to use. Pages CMS includes lots of options for customization, and can create entire collections.

Aims to build a fast static site generator using a mix of scripts and code. Uses Hono, a new version of LAMP and a new build tool called Zig. Has written his own Zig and WebAssembly search index and is working on a Zig-based search.

The author of "The Power of Mindset" takes a look at how people think about change and improvement in their companies. He challenges himself to look at his own views on change and the potential for change in his career. Here are his loose notes on what he sees as the strengths and weaknesses of different perspectives.

The llama.cpp project adds full support for vision models to the excellent llama project. llama models are usually distributed as .gguf files, but this project introduces a new variant of those called mmproj. libmtmd is the new library for handling these.

Kinesh Satiya: A robust feedback system is essential for the lifecycle and success of an ad campaign. He says Netflix embarked on a journey to build a robust event processing platform that not only meets the current demands but also scales for future needs. Satiya says the system comprises of diverse sub-systems designed to monitor, measure, and optimize ad campaigns.

This week on the show, we speak with Raymond Camden about his journey into Python. Raymond is a developer evangelist and advocate who works with APIs, AI, and the web. He’s been expanding his developer knowledge by learning Python and documenting his journey.

An exploration of using flexicache for caching in Python.

Product teams don’t function like widget factories. Different types of work “drain” capacity differently. Imagine if you’re on a Quest and you're putting out a lot of Fires. That could be your whole week, done. But maybe you're in a mode with one person Spellcasting.

The Python Environments extension (preview) has added support for Quick Create. Pylance can now display an interactive color swatch directly in the editor for recognized color values in Python files. There’s a new experimental AI Code Action for converting string concatenations to f-string.

Antoine du Hamel Windows 64-bit Installer: https://nodejs.org/dist/v24.0.1-x64.msi.

Google Tag Manager is the most used tag management solution. Cloudflare acts as an intermediary for these requests. It first securely fetches the necessary Google tag JavaScript files from Google's servers.

Faiss is an open source library, developed by Meta FAIR, for efficient vector search. Faiss pioneered vector search on GPUs, as well as the ability to seamlessly switch between GPUs and CPUs.

Replit Auth is a new way to add user authentication to your app. The entire authentication flow is automatically configured by Replit Agent, making the process completely seamless for both you and users.

John Rhea recently updated his portfolio at johnrhea.com. He reused an animation he'd built circa 2019, where a moon orbited around the planet. The original animation for the moon ran for 60 seconds. Rhea: I could drop the duration to 12 seconds (one-fifth of sixty)

The Node.js project will release new versions of the 24.x, 23.x,. 22.x. and 20.xreleases lines on or shortly after, Wednesday, May 14, 2025 in order to address: The 24.X release line of Node.JS is vulnerable to 1 high severity issues. The 22.X. release line is vulnerable. to 1 low severity issues, 1 high. severity issues and 1 medium severity issues; and the 20.X line is. vulnerable to one low severity issue and one high severity issue.

Netflix is working with Fraunhofer to improve dialogue intelligibility in its content. The company has teamed up with Nugen Audio to develop a plugin to help improve dialogue. The Dialogue Integrity Pipeline is the journey from on-set capture to final playback.

V Körbes is a senior security engineer at Broadcom. He works on security above and below the application. Stay connected with the Spring newsletter.

US LangSmith API experienced an elevated error rate for 28 minutes on May 1, 2025. During the incident window, approximately 55% of all API requests failed with a connection error. A conflicting DNS record was accidentally left over during a migration between certificate renewal automation technologies at the end of January.

Python 3.14.0b1 is the first of four planned beta releases. Beta release previews are intended to give the wider community the chance to test new features and bug fixes. The next pre-release of Python 3.13 will be released on May 25.

Logging is a vital programming practice that helps you track, understand, and debug your application’s behavior. Loguru is a Python library that provides simpler, more intuitive logging compared to Python's built-in logging module. This tutorial will guide you through everything you need to know to get started with Loguru and implement effective logging.

Django 5.2.1, 5.1.9, and 4.21.21 are now available. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

UDPgrm is a lightweight daemon that helps us to upgrade UDP servers without dropping a single packet. It uses Linux’s SO_REUSEPORT API. By placing old and new sockets into the same group, we can route packets to the correct instance.

hwb() is supposed to be more intuitive and easier to work with than hsl() hsl() was implemented by browsers as far back as 2008, Safari being the first and other browsers following suit. hwb() accepts three values: hue, whiteness, and blackness.

A secret glossary is added to the blog. You can find it by hovering over special links. The popover is activated by either hover or keyboard focus. For unsupported browsers there is still an accessible link inside.

How to mark a comparison of booleans as True or False using bitwise XOR.

Microsoft has released three new models for its Phi language model. They’re available through Ollama as phi4-reasoning (which includes the plus model) and pho4-mini-reasoned. The new models appear to have a tendency to overthink.

Learn how to make your apps more accessible to everyone. Check out our new and refreshed Pathways. Uncover the time-traveling secrets of the Apple Design Award-winning game The Wreck.

A "reverse square knot," also known as a right square knot or reverse reef knot, is essentially a square knot tied in the opposite order. Instead of the first working cord going over the other cords, it goes under them.

The Wreck is a visual novel, an interactive experience, and a playable movie. The story is anchored by the accident that lends the game its name. Players navigate through seemingly disconnected scenes that can be viewed multiple times.

The V8 engine is updated to version 13.6. URLPattern is available globally. ClangCL is now required to compile Node.js on Windows.

Python’s subprocess module allows you to run shell commands and manage external processes directly from your Python code. By using subprocess, you can execute shell commands like ls or dir, launch applications, and handle both input and output streams.

The PSF is pleased to announce its first batch of PSF Fellows for 2025. The above members help support the Python ecosystem by being phenomenal leaders. We are accepting nominations for Quarter 2 of 2025 through May 20th, 2025.

I generate a lot of CSVs for my jobs, mostly as a temporary storage mechanism for data. For a long time I've done this in Excel/LibreOffice, which totally works. But I recently sat down with the pandas library and I had no idea how easy it is use for this particular use case.

Spring Boot 3.5 is coming out on May 20th, and Spring AI is coming soon after. Spring Boot is a big release, but we've already got plenty of exciting GA versions of Spring Boot. Spring I/O is coming up in Barcelona, Spain, and I'll be there with Spring legends Rod Johnson and Juergen Hoeller.

Lm-video-frames plugin can turn a video file into a sequence of JPEG frames and feed them directly into a long context vision LLM such as GPT-4.1. It depends on a plugin feature I added to LLM 0.25, which I released last night.

Meta and Quansight have improved key libraries in the Python Ecosystem. Type hints, introduced in Python 3.5 with PEP-484, allow developers to specify variable types. We’ve added free-threading support to many of the most popular packages used for scientific computing.

Health Mediated Deployments (HMD) is Cloudflare’s data-driven solution to automating software updates across our global network. HMD works by querying Thanos, a system for storing and scaling Prometheus metrics. Each backtest run is made up of multiple SLOs to evaluate a service's health.

Python has a built-in data type called sets. Sets are an unordered collection of unique elements. They can be used to group objects in a set. This tutorial explains how to use sets in Python.

Using scroll shadows, especially for mobile devices, is a subtle bit of UX that Chris has covered before. Instead of using shadows, let’s use a CSS mask to fade out the edges of the scrollable element. This approach still uses pseudo-elements, but we’ll use custom properties instead.

Python's success in 2025 rests on a growing and enthusiastic developer community. The panelists highlighted a bedrock truth: A strong foundation in core Python skills and an ability to collaborate remains key.

Bun's full-stack & frontend dev servers now use significantly less memory. Bun now supports the cachedData and produceCachedData options in the Node.jsvmScript API. Bun starts 30μs faster. In the next version of Bun98.4% of Node's test suite for the "timers" module pass in Bun.

Amit Gupta writes about how to install PHP on your system. He says that the process of installing PHP is now a breeze. He also explains how to get started with Laravel development.

Spring AI's Model Context Protocol (MCP) allows AI models to access external tools and resources through a standardized interface. MCP can be used to dynamically update available tools at runtime. Spring AI's handling of dynamic tool updates in MCP provides a mechanism for extending AI capabilities. This feature enables more flexible, extensible, and resource-efficient applications.

Postgres 18 Beta 1 should be released soon. The final Postgres 18 release is planned for September/October. PgLife allows monitoring of all Postgres community activity.

Plaid is a world-class financial services platform. The Storage Team needed a migration process that was safe,auditable, fast, and repeatable. By centralizing migration logic into Deno-powered notebooks, the Storage Team was able to safely migrate 100 services in under two years.

The CSS shape() function recently gained support in both Chromium and WebKit browsers. It’s a way of drawing complex shapes when clipping elements with the clip-path property. We get new commands that tell the browser where to draw lines, arcs, and curves.

Progressive enhancement is the act of building for the web, with the web. It is a tried, tested, and true practice. But developers still clown around with new ideas like FOUN (Flash of Unbroken Next.js)

Two new array methods are coming in PHP 8.5. They make it easier to get the first and last elements of an array without affecting the internal pointer and without using the keys. For empty arrays, both functions return null instead of throwing an error.

The Meta Tech Podcast is a podcast, brought to you by Meta, where we highlight the work Meta’s engineers are doing at every level – from low-level frameworks to end-user features. This episode dives deeper into the engineering nuances of large-scale subsea cable projects like the recently announced Project Waterworth.

The Python Software Foundation has had infrastructure hosted with the Oregon State University Open Source Lab (OSUOSL) since 2012. For many years our core infrastructure was hosted there, and to this day the host our x86 benchmark server for CPython.

App Review Guidelines have been updated for compliance with a United States court decision regarding buttons, external links, and other calls to action in apps. Translations of the guidelines will be available on Apple Developer website within one month.

Vibe coding was only coined by Andrej Karpathy on February 6th, 84 days ago. Vibe coding is when you forget that the code even exists, as a fun way to build throwaway projects. It’s not the same thing as using LLM tools as part of your process for responsibly building production code.

News from the Python Software Foundation.

Cloudflare has launched a new suite of remote Model Context Protocol (MCP) servers. MCP clients can now connect to Cloudflare's MCP servers from Claude.ai, Cursor, Windsurf, or our own AI Playground.

Cloudflare has collaborated with Anthropic, Asana, Atlassian, Block, Intercom, Linear, PayPal, Sentry, Stripe, and Webflow to bring a whole new set of remote MCP servers to Claude users. Users can manage projects, generate invoices, query databases, and even deploy full stack applications without ever leaving the chat interface.

The State of Devs survey is now open to participation. Unlike previous surveys it covers everything except code. The survey also tries to go beyond work and daily life to address broader questions.

GitHub Copilot is an AI tool that suggests code snippets for developers. The tool is based on large language models (LLMs) and works with Vim. The author has used the tool extensively for over a decade and is a Vim user. Copilot can be used to "vibe code" inside of Vim.

Deno 2.3 adds new features for useful subcommands like deno compile and deno fmt. It also adds support for using local npm packages and several performanceimprovements with deno install.

A supposedly small update to ChatGPT 4o, OpenAI’s standard model, brought what had been a steady trend to wider attention. GPT-4o had been becoming more sycophantic, eager to agree with, and flatter, its users.

Some product leaders and product managers could care less about how their company works. This is a feature, not a bug, even at a leadership level. Some facets of the job push people towards more myopia and less patience.

The Leaderboard Illusion is a 68-page paper on the Chatbot Arena. The arena is a leaderboard for LLMs that ranks models based on their vibes. The paper claims that the arena's private testing practices benefit a handful of vendors.

Cloudflare is making it easier for developers to bring their services into the AI ecosystem with the Model Context Protocol (MCP) The Agents SDK now supports the new Streamable HTTP transport, allowing you to future-proof your MCP server. Deploy MCP servers written in Python.

Learn how to use Selenium with Python to build a music player that interacts with Bandcamp’s Discover page. You’ll control the player from the command line while a headless Firefox browser runs in the background. Selenium allows you to automate direct interactions with the Bandcamp web interface.

In the ’90s, websites often included graphics that combined branding, content, and navigation. Image maps date all the way back to HTML 3.2, where server-side maps defined clickable regions over an image. Despite their age, image maps still offer plenty of benefits. They’re lightweight and need (almost) no JavaScript.