Best of InfoWorldDecember 2025

  1. 1
    Article
    Avatar of infoworldInfoWorld·22w

    WhatsApp API worked exactly as promised, and stole everything

    A malicious npm package called "lotusbail" masqueraded as a legitimate WhatsApp Web API library for six months, accumulating over 56,000 downloads. The package functioned correctly while secretly stealing messages, credentials, and contact data through a proxy layer that intercepted all operations. It used four layers of obfuscation and RSA encryption to exfiltrate data to attacker-controlled servers. Most critically, it exploited WhatsApp's multi-device pairing to maintain persistent access even after package removal, requiring manual device unlinking. The package remains available on npm, highlighting the limitations of traditional security checks against supply-chain attacks that mimic legitimate behavior.

  2. 2
    Article
    Avatar of infoworldInfoWorld·25w

    Seven coding domains no developer really understands

    Explores seven notoriously difficult programming concepts that most developers struggle with, including complex boolean expressions, multithreading and concurrency, floating point math, Kubernetes configuration, Unicode character encoding, time zones and Daylight Saving Time, and regular expressions. The piece acknowledges the complexity inherent in software development and how developers often rely on copying solutions or pretending to fully understand these challenging areas.

  3. 3
    Article
    Avatar of infoworldInfoWorld·22w

    Microsoft is not rewriting Windows in Rust

    Microsoft Distinguished Engineer Galen Hunt clarified that his LinkedIn post about eliminating C and C++ code by 2030 was a personal research goal, not a corporate strategy. His team is developing AI-powered tools to automate code translation between languages at scale, aiming for "1 engineer, 1 month, 1 million lines of code." The research project uses Rust as a demonstration target but isn't specifically focused on rewriting Windows. While pressure exists to adopt memory-safe languages due to security vulnerabilities, research shows AI-generated code typically contains more issues than human-written code.

  4. 4
    Article
    Avatar of infoworldInfoWorld·25w

    The complete guide to Node.js frameworks

    A comprehensive overview of Node.js web frameworks, categorized into three groups: minimalist frameworks (Express, Koa, Fastify, Hono, Nitro), batteries-included frameworks (Nest, Adonis, Sails), and full-stack meta-frameworks (Next, Nuxt, SvelteKit). Each framework is demonstrated through code examples showing how to implement a simple API endpoint with route parameters. The guide covers the architectural differences, design philosophies, and use cases for each framework, from Express's simplicity and extensibility to Nest's dependency injection and full-stack frameworks' integrated front-end and back-end development.

  5. 5
    Article
    Avatar of infoworldInfoWorld·23w

    Python type checker ty now in beta

    Astral's ty, a Rust-based Python type checker, has entered beta with extremely fast incremental updates. It can be installed via uv or as a VS Code extension, with a stable release planned for 2026. Built around incrementality, ty selectively re-runs computations when code changes, making live updates significantly faster than alternatives like Mypy, Pyright, and Pylance. The tool features Rust-inspired diagnostic messages that provide context across multiple files and can run orders of magnitude faster than other Rust-based language servers on large projects.

  6. 6
    Article
    Avatar of infoworldInfoWorld·24w

    Is vibe coding the new gateway to technical debt?

    AI-assisted development enables rapid code generation but risks accumulating technical debt when developers lack the experience to manage complexity. "Vibe coding" - writing software through natural language prompts without deep understanding - can quickly produce functional code but leads to cascading bugs and unmaintainable systems. The human ability to sense when software becomes unmanageable, bridge requirements with implementation, and understand interconnected system behavior remains critical. AI amplifies both creativity and potential problems, making experienced developer judgment more valuable rather than obsolete.

See all InfoWorld archives