Optis' Java and JavaScript Insights

From our #OptisFamily to yours 💚

At Optis, we specialize in long-term Java & JavaScript consultancy and support project-based work through our Optis Factory. Each month, we’ll bring you our own insights, the latest industry news, and updates from the #OptisFamily to keep you informed and inspired.

September was all about expanding our knowledge to help you build better software:

Is AI the future of front-end, or just a flashy shortcut? 🤖

Dive into the impact of AI on UI development, through the eyes of Kenneth and Keshia while they explore tools like http://Cursor.ai and v0.dev for everything from code snippets to rapid prototyping.

Curious how to integrate AI into your workflow without losing control? Read our blog on AI for UI.

Shift-Left Security: a practical guide for Java & JavaScript developers

A practical guide for developers on application security. Learn about common OWASP risks in Java & JavaScript, proactive tooling, and how to build more secure software in our latest blog.

Missed these updates? Be sure to follow our page for more Optis-news and read along for this months' industry updates. 👇🏻

Industry News & Updates

Java 25 LTS Released 

Oracle officially released JDK 25 (Long-Term Support), marking the first LTS release since JDK 21. This version introduces 18 new JEP features (with 7 finalized) focusing heavily on performance and runtime improvements. Highlights include easier Java startup and development (e.g. compact source files & instance main methods, module import declarations) and better performance via compact object headers and ahead-of-time profiling for faster JVM warmup.  

Spring Boot 4.0 on the Horizon 

News description  The Spring team has begun a “Road to GA” blog series previewing features of Spring Boot 4.0 and Spring Framework 7, due in November 2025. Notably, the Spring 4.x generation will keep Java 17 as the baseline while upgrading the ecosystem to Jakarta EE 11. We can also expect new capabilities that the community has asked for: built-in API versioning, resilience annotations (@Retryable, etc.), a new Spring gRPC module, improved modularization of Spring Boot, and more.  

Major npm Supply-Chain Attack on Popular Packages 

In early September, the JavaScript ecosystem was shaken by one of the most sophisticated supply chain attacks in npm’s history. Between September 8–9, 2025, attackers compromised maintainers’ accounts and pushed malicious updates to 25 widely-used packages, including extremely popular ones like debug (357 million downloads), chalk, ansi-styles, strip-ansi, supports-color, wrap-ansi, and even the database library duckdb and its plugins. The malicious code was obfuscated and specifically targeted cryptocurrency wallets. The breadth of this attack meant millions of developers were potentially impacted until the packages were reverted. Teams are advised to audit dependency versions from that timeframe, pin critical deps, and enable 2FA for package maintainers.  

GitHub Announces Plan for a More Secure npm Supply Chain 

In response to the recent "Shai-Hulud" attack, GitHub is implementing significant security enhancements for the npm ecosystem. Soon, npm will limit publishing to three methods: local publishing with mandatory two-factor authentication (2FA), short-lived granular tokens, and trusted publishing. To support this, GitHub will deprecate legacy tokens and time-based (TOTP) 2FA in favor of FIDO-based methods, and remove the option to bypass 2FA. The company is strongly encouraging projects to adopt trusted publishing, a system that eliminates the need to manage API tokens in build pipelines. Maintainers are urged to switch to trusted publishing, enforce 2FA, and use WebAuthn to help secure the software supply chain. 

jQuery 4.0 Nears Final Release 

The legendary jQuery library is on the cusp of its 4.0.0 release. jQuery 4 drops support for IE11 and old deprecated APIs, significantly slimming down the codebase. Other modernizations in v4 include better support for binary data, removal of automatic JSONP conversions, support for Trusted Types to enhance security, and the entire codebase migrating from AMD to ES modules. While many projects have moved on from jQuery, it remains in third place among web frameworks in Stack Overflow’s 2025 survey. For those maintaining legacy jQuery-dependent apps, version 4.0 will be a welcome update to reduce tech debt. Just be prepared to run the jQuery Migrate plugin, as it includes breaking changes that have been held off for major versions. 

See you next time?

Stay tuned for our next edition at the beginning of November, where we’ll continue to bring you the latest insights, industry trends, and updates from Optis.

Have feedback or suggestions? Drop us a comment, we’d love to hear from you! 📢

XOXO

The Optis Family