It helps for developers to get out of their comfort zones and look into trends that may change the way they work. This article explores the top trends likely to impact developers throughout 2022.
It's easy to dismiss Web 3.0 as all hype. It may seem like little more than a proliferation of companies raising funds without sound business plans. However, technologies such as decentralized apps (dApps) have matured to the point that they’ll significantly affect web app development.
Web 2.0 developers focus on social platforms, cloud-hosted user-generated content, and applications like YouTube, WordPress, and Google Maps. By comparison, Web 3.0 aims to take the web to the next level by creating a distributed information network resistant to censorship and shutdowns.
It's a movement born out of edge computing, artificial intelligence, cryptography, and data networking with a background in blockchain technology. Its stewards include Tim Berners-Lee, inventor of the World Wide Web.
In other words, Web3 is about concepts like decentralized data control, data sovereignty, security, peer-to-peer networking, and scalable economies where blockchain-powered transactions operate without a central intermediary or platform. Web3 includes trading between people and machine-to-machine trading for identity verification and purchases.
Web3 is a complex and growing movement that has introduced new learning and working methods like hackathons in the metaverse. It shows no signs of going away.
Most developers look down at no-code and low-code tools with disdain. Still, these tools are increasingly focused on helping developers quickly create the boring parts of applications. Then, developers can spend more time writing code that adds business value.
No-code tools enable developers to create applications quickly. These tools include web development platforms that feature drag-and-drop visual interfaces and typically come pre-configured with server-side and database applications. Popular applications include Zapier, Airtable, and Webflow. However, they offer limited customization, so they’ll never replace developers.
Low-code platforms, in contrast, still feature coding, but far less than older applications do. There's now a proliferation of open-source, free-login managers, database drivers, whole code libraries, and cloud providers offering one-click deployments.
Low-code is particularly popular in sectors such as finance and HR, which typically use an assortment of cloud-based and legacy on-premises systems such as enterprise resource planning (ERP) and customer relationship management (CRM) applications. These low-code solutions primarily focus on automation — making it easy to do routine tasks.
Templates provide faster prototyping, testing, and deployment so that developers can spend more time on design and customization. These templates make it easy to create minimum viable products (MVPs) and prototype apps for early end-user feedback. Additionally, they are easy to maintain so that developers can spend their time on more mission-critical tasks.
It's worth noting, however, that low-code can be a double-edged sword. While it reduces the need for code refactoring, it can, when done poorly, result in shadow IT, increasing an organization’s technical debt and security and compliance challenges.
AI-assisted development is another trend receiving plenty of hype. Many developers are dismissive of AI-assisted development technology. Still, many who have tried it have found it offers the opportunity to improve productivity dramatically. As is the case with no-code and low-code, this technology won't be taking away developer jobs anytime soon. It's about augmenting developer workstreams, not replacing complete tasks.
An example is the Visual Studio Code extension GitHub Copilot. It's a highly contextualized tool powered by gpt3 that can understand docstrings, function names, comments, and code. It can autocomplete code snippets and convert text into code and even whole functions.
It's also an example of a more significant trend in tools, where tools relieve developers of the bulk of tasks like code reviews, testing, and bug fixing. Amazon DevOps Guru uses machine learning to collect and analyze application metrics, logs, events, and behaviors that deviate from standard operating patterns.
The service automatically detects and sends alerts about potential problems like code and configuration changes. Undetected, these issues can cause downtime, memory leaks, under-provisioned computing capacity, and database input and output overuse.
Overall, AI-assisted development makes it possible to build better, faster software with quicker deployment times.
With edge computing providers (for example, Cloudflare and Fastly) adding new capabilities, developers can build and deploy complex applications entirely on edge infrastructure and bypass the public cloud altogether. This approach opens opportunities for developers to create new kinds of apps that weren’t feasible before.
Edge computing uses content distribution networks (CDNs) to bring Internet of things (IoT) data processing closest to where the data originates. CDNs reduce latency and improve network performance and speeds. Developers deploy CDNs in mission-critical situations where real-time data analysis is crucial, like autonomous driving software, sports broadcasting, and industrial IoT.
2022 will bring more focus on the network edge, the place where a device or local area network connects to the Internet. Developers can build and deploy serverless and API-driven applications in the same instance at the edge. Embracing serverless technology avoids managing and maintaining hosted server instances. This approach gives developers flexibility in design development and builds a better user experience, especially in scenarios focusing on local data.
Edge computing can’t be mentioned without using the term 5G. When deployments kicked off in 2018, 5G promised faster connectivity, especially for resource-intensive platforms like streaming, gaming, and video calls. While 5G mobile phones are readily available, and many telcos offer 5G, the rollout is still in the early stages, with access mainly limited to zoned areas in larger cities. Developers may be keen to make low-latency apps for video and 5G gaming consoles. However, the lack of telco infrastructure will continue to be a barrier to adoption.
Continuous delivery isn't new, but more companies are adopting it, focusing on progressive delivery. Progressive delivery emphasizes using techniques like canary deploys and blue/green deploys to move fast without breaking anything.
Overall, continuous delivery and integration are about automating software development to deploy features and software updates in real-time. This technique has gone mainstream with services like GitHub + Slack, and it is becoming an integral tool in a company's effort to maintain a competitive advantage.
Continuous delivery makes development more manageable and benefits sales, marketing, and end-users. These latter aren't left waiting for a finished product when incremental updates through frequent deployment are perfectly adequate for their needs.
Progressive delivery or canary releasing is a massive shift from traditional software delivery. Standard software delivery would deliver everything in a single release, inevitably including a slew of bugs and a world of pain for the development team. Instead, progressive delivery is about pushing changes first to a small audience to maintain quality control, only expanding the audience size when any problems are under control.
This approach creates the opportunity to increase resilience and gain valuable feedback in every deployment through A/B testing and blue-green deployments. Tools like Flagger incrementally issue releases for applications running on Kubernetes, gradually shifting traffic to a new version while also running conformance tests.
Progressive delivery can, however, result in technical debt. Using tools like feature flags creates various potential code versions for all an organization’s customers all at once. So, progressive delivery requires careful attention.
Vulnerabilities in the open-source libraries that many developers depend on have become a highly accessible attack vector and an increasing source of risk. Malicious code inserted into packages in repositories (for example, npm and PyPI) is rising, and developers must maintain vigilance against these risks and take appropriate mitigation steps.
Such attacks occur through installers like npm-register and Python Package Index (PyPI), which link to public code repositories. Researcher Alex Birsan notes this in his article Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies. He states, “When downloading and using a package from any of these sources, you are essentially trusting its publisher to run code on your machine.”
While attacks on an organization’s software supply chain have been occurring as far back as 2016, their frequency has escalated, with open-source repositories struggling to prevent future intrusions.
In February, Birsan demonstrated a supply-chain attack capable of executing counterfeit code on various high-level company networks by creating a dependency confusion (also called a namespace confusion attack). Using the same package naming conventions as dependencies already used in companies like Tesla, Microsoft, Shopify, and Apple, he placed malicious code in official public repositories such as npm, PyPI, and RubyGems.
He claims, "Squatting valid internal package names was a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds."
Unfortunately, it wasn't an isolated incident. In December 2021, researchers from JFrog Security shared their discovery of 17 malicious packages their automated scanning tools detected in the npm (Node.js package manager) repository. Many intentionally seek to steal a user's Discord token. A Discord token is an authorization code comprising a set of letters and numbers for access to Discord's servers. Stealing a Discord token is equivalent to stealing a user's credentials. In other words, a Discord token gives the attacker complete access to a Discord account.
JFrog previously found that the open-source PyPI repository hosted 11 malicious packages developers downloaded more than 41,000 times.
Developers must be vigilant in using open-source code repositories. They can achieve this using package vulnerability scanning. This technique identifies known vulnerabilities within the packages used to deploy applications. It reduces the risk of releasing insecure software into production.
As developers enter 2022, they will continue to experience shifts in how they work, especially as more organizations embrace newer technologies.
Web3 is set to decentralize the Internet. Low-code and AI-assisted development techniques will help developers work faster, freeing time to focus on driving innovation. Edge computing and serverless technology will enable faster data processing and accelerated growth.
Meanwhile, continuous and progressive delivery techniques will help deploy new features faster with less risk. And, finally, risks inherent in open-source libraries will force developers to focus more on their software supply chain security.
Knowing what to expect in the coming year, developers can expand their knowledge and toolkits to protect themselves from risks and take advantage of the opportunities 2022 will offer.