From supply-chain hardening to agent-driven development, engineering workflows are being reshaped at every layer.
🎯 Featured Article
🛡️ Upcoming breaking changes for npm v12 npm v12 introduces security-first defaults that restrict dependency scripts, Git dependencies and remote package sources. Teams should validate build pipelines now to avoid surprises when the release arrives.
- Restrict dependency script execution by default
- Reduce supply-chain attack paths during installs
⏩ TL;DR (Quick Recap)
- Harden package ecosystems with stricter defaults and policies
- Adopt AI agents through workflows, skills and automation loops
- Modernize JVM and Spring applications for upcoming platform shifts
- Prioritize performance, maintainability and operational simplicity
☕ JVM Corner
📱 Kotlin Multiplatform in Production: Two Real-World Use Cases from Booking.com Booking.com shares practical examples of Kotlin Multiplatform adoption.
- Reduce duplicated platform-specific code
- Improve feature delivery across Android and iOS
⚖️ Oracle’s OpenJDK Bans Generative AI Contributions While Oracle’s GraalVM Allows Them Oracle-backed projects are taking different approaches to handling open-source contributions created with generative AI.
- Introduce contrasting governance policies
- Raise questions around contribution provenance
⚡ Performance Improvements in JDK 26 JDK 26 delivers extensive performance enhancements spanning libraries, garbage collectors, runtime components, and compilers.
🚀 The Java Roadmap for 2026 Just Changed — Are You Ready? Java’s evolution continues through virtual threads, native deployment options, AI integration, and cloud-native application architectures.
🍃 Spring Updates
🔒 Broadcom beefs up Spring security to protect against AI-enabled attacks Broadcom announced new investments focused on securing Spring and Java ecosystems against emerging AI-assisted threats.
- Strengthen application security tooling
- Address evolving AI-driven attack patterns
⚙️ How Spring Boot Application Works Internally? A walkthrough of Spring Boot’s startup lifecycle, auto-configuration mechanisms and embedded server architecture.
- Explain application bootstrap stages
- Clarify auto-configuration behavior
🧟 Spring Boot Migration and the CRA: When Good Enough Isn’t The article highlights risks of running unsupported Spring Boot versions under increasing security and compliance pressure.
- Encourage proactive migration planning
- Warn against unsupported dependencies
🧩 These 9 Spring Boot Features Made Me Question My Entire Codebase A review of lesser-known Spring Boot capabilities that can simplify application code and operational complexity.
📜 Spring Boot 4.1.0 available now This release includes a number of improvements, new features and dependency upgrades.
🔍 Extra Reads
Developer Workflows
🤖 From one-off prompts to workflows: How to use custom agents in GitHub Copilot CLI — Demonstrates reusable agent workflows tailored to team practices
🅰️ Angular’s Official Agent Skills Helps AI Coding Tools Write Modern Angular — Provides agent skills that guide coding tools toward current Angular patterns
🔄 Designing Loops That Prompt Coding Agents: The Six I Actually Run — Explores automation loops that coordinate and direct coding agents
🛠️ Pi: A coding agent for engineers who own their tools — Examines a coding agent focused on developer control and flexibility
AI Models
🧠 Claude Fable 5 and Claude Mythos 5 — Introduces Anthropic’s latest flagship models and capability advances
🏃 Claude Fable is relentlessly proactive — Early observations on highly proactive agent behavior in practice
📜 Statement on the US government directive to suspend access to Fable 5 and Mythos 5 — Details the impact of export-control restrictions on model availability
Engineering Practices
⚡ Fast is better than slow — Argues that speed compounds advantages across teams and systems
🧹 Cleaning up after AI rockstar developers — Discusses maintainability challenges created by overly aggressive AI-assisted development
📝 Stop Using Conventional Commits — Critiques conventional commit standards and their practical trade-offs
🔗 Nobody clicks your share buttons — Questions the value of traditional social sharing widgets on websites
Originally posted on marconak-matej.medium.com.