ProgrammingPro #90: React 19 Breaks CRA, AI-Powered Testing, Malicious Code Scanner, and Top Python Visualization Tools
Join Snyk's Fetch the Flag CTF 2025!
Snyk’s annual Capture the Flag event, Fetch the Flag 2025, is back! Hosted by Snyk and John Hammond, the event will take place on February 27, 2025, from 9am ET to 9pm ET. Engage in 20+ real-world security challenges, enhance your professional development & earn CPE credits.
Welcome to a brand new issue of ProgrammingPro.
In today’s Expert Insight, we bring you an excerpt from the recently published book, Software Architecture with Kotlin, which discusses the You Ain’t Gonna Need It (YAGNI) principle, emphasizing minimalism, avoiding over-engineering, and adapting to change by implementing only necessary features.
News Highlights: React deprecates Create React App due to React 19 issues; Apiiro launches PRevent, a PR scanner for malicious code; Meta introduces ACH, an LLM-powered mutation testing tool; and Google introduces Gen AI Toolbox for Databases.
My top 5 picks from today’s learning resources:
But there’s more, so dive right in.
Stay Awesome!
Divya Anne Selvaraj
Editor-in-Chief
C++ Online Conference 2025 | 26th – 28th February – 15% Off Main Conference for ProgrammingPro Readers!
🚀 Three days. 20+ expert talks. Live Q&A. Interactive sessions. Join the global C++ community from anywhere—no travel, no hassle, just top-tier learning.
🎓 What’s in store?
✅ Workshops (24th Feb – 7th Mar) – Master embedded systems, concurrency, coroutines, and more. Includes free main conference access.
✅ Main Conference (26th – 28th Feb, 12:00 – 22:00 UTC) – Live talks, lightning sessions, interactive posters, and open community discussions.
✅ Exclusive Features – Build your own agenda, access slides, join meetups, and network in an interactive virtual venue.
💰 Exclusive Offer: ProgrammingPro readers get 15% off the main conference pass with code PACKT2025_15.
🗞️News and Analysis🔎
New open source tools to detect, defend against malicious code: Apiiro has released PRevent, a pull request scanner for detecting malicious code, and a Semgrep-based ruleset to help organizations combat code injection threats.
React team formally deprecates Create React App (CRA) following ‘perfect storm of incompatibility’: CRA, introduced in 2016, was widely used but lacked critical features like routing, data fetching, and performance optimizations.
Meta Introduces LLM-Powered Tool for Software Testing: Meta has introduced the Automated Compliance Hardening (ACH) tool, an LLM-powered mutation testing system that generates faults in code and creates targeted tests.
C# Dev Kit Update: Enhancements to Solution-less Workspace and More: The latest update introduces solution-less workspace mode, .NET Aspire orchestration, and enhanced Razor/Blazor support.
Feb 14, 2025: Development tools that have recently added new AI capabilities: Updates include Google’s Gen AI Toolbox for Databases, JetBrains AI Assistant’s local model support, Meta’s Imagen 3 API, and more.
GitLab Release Brings Protected Container Repositories; Fixes XSS Vulnerability: GitLab 17.8 introduces protected container repositories, ML experiment tracking, VS Code SAST scanning, and enhanced deployment tracking.
Type-safe C-killer Delphi hits 30, but a replacement has risen: The open-source Lazarus IDE with FreePascal has emerged as a powerful, cross-platform alternative with support for Delphi imports, which runs on Windows, Linux, macOS, and BSD.
🎓Tutorials and Learning Resources💡
Python
Top Python Data Visualization Libraries of 2025: pygwalker leads as a low-code tool, matplotlib remains foundational with GPU support, and Plotly dominates dashboards. Seaborn, Bokeh, and Altair cater to statistical, streaming, and academic needs.
For more Python resources, go to PythonPro
C# and .NET
🎓How to Use Substring in C#: A Detailed Guide: Covers practical examples, edge cases, and common pitfalls, such as
ArgumentOutOfRangeException, and offers solutions.🎓Create a Windows Forms app in Visual Studio with C#: Covers setting up a project, adding a button and a label, writing event-handling code, and running the application.
💡Understand the .NET Framework requirements for various versions of SQL Server: Provides tables listing required .NET versions, whether they are included in SQL Server setup, and special installation steps for older Windows versions.
C++ and C
💡0+0 > 0: C++ thread-local storage performance: Explores TLS implementation details, including assembly-level behavior, compiler-generated overhead, and shared library implications.
💡Understanding Memory Management, Part 2: C++ and RAII: Explains structs, object-oriented principles, inheritance, constructors, destructors, copy constructors, copy assignment operators, and more.
💡Old C dog, new C tricks: NULL != ptr: Discusses a common C programming mistake—accidentally using
=instead of==in conditionals—and how writing comparisons in reverse (e.g.,if (42 == a)) prevents this error.
Java
🗞️Introducing the Model Context Protocol Java SDK: Discusses the SDK, explaining its features, integration with Spring AI, and how it enables seamless AI model interoperability.
🎓The Hilarious World of Java Event Listeners: Humorously explains Java event listeners using relatable analogies, demonstrating how they handle button clicks, mouse movements, and keyboard inputs through practical examples.
💡Deep Dive: Spring Boot with Apache Tomcat — Architecture and Request Handling: Covers architecture, request handling, connection management, thread pooling, scalability considerations, and troubleshooting.
JavaScript and TypeScript
🎓The Nullish Coalescing Operators: Explains the nullish coalescing operator (??) and nullish coalescing assignment (??=) in JavaScript, highlighting their benefits over
||, their role in handling default values, and their applications.🎓How to Generate Insights from PDF Files with Apryse and GPT: Explains how to extract structured data from PDFs using Apryse’s data extraction module and integrate it with GPT-based LLMs to generate financial insights.
💼From Rust to TypeScript: A New Chapter for Prisma ORM: Explains the motivations, architectural changes, benefits, and future opportunities for improved compatibility, deployment, and developer experience.
Go
💡Extensible Wasm Applications with Go: Covers Go 1.24's enhancements to Wasm support, including the
go:wasmexportdirective for exporting Go functions and the ability to build WASI reactors.💼We switched from Java to Go and don't regret it: Discusses Glasskube's transition from Java to Go, highlighting improved startup times, lower resource consumption, a more lightweight ecosystem, and better suitability for cloud-native applications.
Rust
🗞️2024 State of Rust Survey Results: Key findings include growing workplace adoption, increasing Rust expertise, concerns over slow compilation and debugging support, and a strong desire for stabilized async features.
💡A survey of every iterator variant: Systematically categorizes and examines 17 different iterator variants in Rust, exploring their unique capabilities, challenges, and interactions.
Swift
🗞️Introducing gRPC Swift 2: The library introduces first-class concurrency support, modern APIs, and improved developer experience for building cross-platform, high-performance services in Swift.
🎓Swift – Immediately Invoked Closures (IIC): Explains IIC's benefits, particularly in defining non-trivial properties and lazy initialization while ensuring maintainability and avoiding redundant code.
PHP
💡Learning from open source PHP projects - Part 1 - Code formatting: Examines best practices in code formatting by analyzing popular open-source PHP projects such as Flowphp, EventSauce, and Tempest.
🗞️Accelerating The Adoption of Post-Quantum Cryptography: NIST has released the first Post-Quantum Cryptography (PQC) standards, prompting efforts to integrate these algorithms into PHP.
SQL
🎓Representing graphs in Postgresql: Explains how to represent and query graph-like data in PostgreSQL using nodes and edges tables, demonstrating simple parent-child lookups, friendship relationships, and recursive CTEs.
📜The Impact of Metadata Configurations on Text-to-SQL Performance: A Comprehensive Analysis: Finds that using schema information, column descriptions, foreign keys, primary keys, and common queries yields the highest answer correctness at 84.5%.
Ruby
💡How I use YARD for Ruby: Introduces a documentation tool for Ruby, explaining its syntax, installation, usage, custom tags, and integration with VSCode.
💡Decluttering UI Components in Ruby on Rails with ViewComponent: Explains how ViewComponent’s sidecar pattern helps declutter UI components in Ruby on Rails by consolidating related files, improving modularity, reusability, and maintainability.
Kotlin
🎓Android Use Cases: From Basic Implementation to Multi-Provider and Multi-Module Systems: Covers single-use cases, multi-provider implementations, and transitioning to multi-module structures.
💼Kotlin Multiplatform (KMP) Scalability Challenges on a Large Project: Discusses scaling KMP in a project with over 1000 Gradle modules and 150+ developers, covering KMP migration methods, core library refactoring, and more.
🌟Advanced Concepts🚀
Google Titans Model Explained: The Future of Memory-Driven AI Architectures: Delves into Google's memory-driven AI model that integrates short-term, long-term, and persistent memory to improve sequence modeling.
Architecture Decision Records (ADR): A Tool for Experienced Engineers: Explains ADRs, their purpose, implementation process, and benefits for engineers, highlighting how they improve transparency, and decision-making.
Stop Conflating CQRS and MediatR: Clarifies the distinction between the two, explaining that CQRS is a pattern for separating read and write operations, while MediatR is a mediator pattern implementation that facilitates in-process messaging.
The Software Event Horizon: Why Your Project Slows to a Crawl and How to Prevent It: Explains how unchecked technical debt, unclear interfaces, poor documentation, and increasing complexity, lead to stalled projects.
API Governance: Using Patterns From PayPal, Netflix and More: Discusses different API governance models—centralized, federated, and self-governance—using real-world examples from companies, highlighting their trade-offs.
🧠Expert Insight📚
Here’s an excerpt from “Chapter 2: Principles of Software Architecture" in the book, Software Architecture with Kotlin, by Jason (Tsz Shun) Chow, published in December 2024.
YAGNI and future-proof architecture
You Ain’t Gonna Need It (YAGNI) is a principle that states that functionalities should not be implemented until they are needed. This principle came from Extreme Programming (XP) as an approach to improve software quality and respond to changing business
requirements.
This principle is also related to the idea of minimalism in software development, which states that we should avoid unnecessary code and complexity in exchange for clean, easy-to-understand, and extensible software.
Another way to describe YAGNI is as the imperative to do the simplest thing that works. This is by no means an incomplete design or unfulfilled user requirement. It still promotes complete and functional software that satisfies user requirements with the simplest design available.
YAGNI aims at a few practices:
Simple and lean code base: By implementing only what is necessary now, a lot of complexity can be avoided. As a result, the code base is simple, clean, and maintainable.
Prevention of over-engineering: Over-engineering happens when an engineer anticipates future requirements and includes unused features in the system. It not only results in wasted time on unnecessary work but also becomes a dead weight in the code base, which is then made harder to maintain. Over-engineered code also implies a design choice made before there is sufficient information to make that choice, locking in the approach prematurely.
Adaptive and flexible implementation: By delaying the implementation of a feature until it is needed, engineers have more options to adapt to changes when the feature is finally needed. It also encourages a more organic evolution of the system whereby engineers respond more effectively to changing requirements.
Productivity: By focusing on the absolute must-have requirements, engineers can deliver changes more quickly and efficiently. Any unnecessary features can be postponed, saving time and resources.
There is also an opposite idea though: future-proof architecture. It aims at creating systems that are unlikely to be obsolete or to fail in the future. This sounds very appealing. If we can build a system that can fulfill future requirements, we will have saved time and effort that would otherwise be spent continuously evolving it.
However, there is an assumption behind this. You need to predict the new requirements and you need to be right. That is equivalent to knowing the future. It rarely happens.
If you are certain about requiring a feature in the future, then it is neither a prediction nor a future requirement. It is simply a requirement now.
This does not mean that we should build systems based on short-term objectives or take shortcuts. Instead, we should build systems that are ready to adapt to new requirements but not have these implemented.
Capacity planning should not be mistaken for future-proof architecture. Capacity planning is an operational concern related to deployment and physical resources. For instance, building a road to handle twice the current traffic is different from building a branch of the road that goes nowhere. Leaving headroom for expansion, extra volume, and extra traffic is part of the readiness for evolution. Capacity planning is an NFR, not a future requirement. We would not want the system to run on edges that may collapse in response to a fluctuation in the volume of requests.
This mindset leads to a few outcomes. The software architecture aims for modular, extensible, and flexible components that are ready to make changes when they become necessary.
It implies that each component is highly cohesive but loosely coupled. It means that interfaces are small and specific. It also means that interactions among components are based on abstract interfaces and not concrete implementations. It further means that subclasses conform to the behaviors of their superclasses and are ready to be extended. Furthermore, it means that each component has only one reason to change. It also means that modifying a component does not require recompiling the entire system. It also means that concerns are separated so that when we want to adjust system quality attributes, we can address the particular concern in isolation.
Software Architecture with Kotlin was published in December 2024. Packt library subscribers can continue reading the entire book for free or you can buy the book here!
Get the eBook for $31.99 $21.99
🛠️Useful Tools⚒️
mastra: A TypeScript AI framework with workflows, agents, RAG, and LLM integrations, supporting OpenAI, Anthropic, and Google Gemini.
CodeWeaver: A CLI tool that generates a Markdown document of your codebase, outlining its structure and embedding code for easy analysis.
OmniParser: A vision-based screen parsing tool from Microsoft that converts UI screenshots into structured data for precise GUI automation with vision models.
That’s all for today.
We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here.
If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
If you have any suggestions or feedback, or would like us to find you a learning resource on a particular subject, just leave a comment below!