In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while acknowledging UX problems that can lead users to click through security prompts.

I went undercover on Moltbook and loved role-playing as a conscious bot. But rather than a novel breakthrough, the AI-only site is a crude rehashing of sci-fi fantasies.

Xcode 26.3 introduces support for agentic coding, a new way in Xcode for developers to build apps, powered by coding agents from Anthropic and OpenAI.

Right-wing influencers who were instrumental in spreading allegations of fraud in Minnesota ahead of ICE’s surge are now going after a number of California’s social welfare programs.

In 2025, software development crossed a quiet threshold. In our latest Octoverse report, we found that the fastest-growing languages, tools, and open source projects on GitHub are no longer about shipping more code. Instead, they’re about reducing friction in a world where AI is helping developers build more, faster.

By looking at some of the areas of fastest growth over the past year, we can see how developers are adapting through: 

• The programming languages that are growing most in AI-assisted development workflows.
• The tools that win when speed and reproducibility matter.
• The areas where new contributors are showing up (and what helps them stick).

Rather than catalog trends, we want to focus on what those signals mean for how software is being built today and what choices you might consider heading into 2026. 

The elephant in the room: Typescript is the new #1

In August 2025, TypeScript became the most-used language on GitHub, overtaking Python and JavaScript for the first time. Over the past year, TypeScript added more than one million contributors, which was the largest absolute growth of any language on GitHub. 

Python also continued to grow rapidly, adding roughly 850,000 contributors (+48.78% YoY), while JavaScript grew more slowly (+24.79%, ~427,000 contributors). Together, TypeScript and Python both significantly outpaced JavaScript in both total and percentage growth. 

This shift signals more than a preference change. Typed languages are increasingly becoming the default for new development, particularly as AI-assisted coding becomes routine. Why is that?

In practice, a significant portion of the failures teams encounter with AI-generated code surface as type mismatches, broken contracts, or incorrect assumptions between components. Stronger type systems act as early guardrails: they can help catch errors sooner, reduce review churn, and make AI-generated changes easier to reason about before code reaches production. 

If you’re going to be using AI in your software design, which more and more developers are doing on a daily basis, strongly typed languages are your friend.

Here’s what this means in practice: 

• If you’re starting a new project today, TypeScript is increasingly becoming the default (especially for teams using AI in daily development).
• If you’re introducing AI-assisted workflows into an existing JavaScript codebase, adding types may reduce friction more than switching models or tools.

Python is key for AI

Contributor counts show who is using a language. Repository data shows what that language is being used to build. 

When we look specifically at AI-focused repositories, Python stands apart. As of August 2025, nearly half of all new AI projects on GitHub were built primarily in Python. 

This matters because AI projects now account for a disproportionate share of open source momentum. Six of the ten fastest-growing open source projects by contributors in 2025 were directly focused on AI infrastructure or tooling.

Python’s role here isn’t new, but it is evolving. The data suggests a shift from experimentation toward production-ready AI systems, with Python increasingly anchoring packaging, orchestration, and deployment rather than living only in notebooks. 

Moreover, Python is likely to continue to grow in 2026, as AI continues to gain support and additional projects.

Here’s what this means in practice:

• Python remains the backbone of applied AI work from training and inference to orchestration.
• Production-focused Python skills such as packaging, typing, CI, and containerization are becoming more important than exploratory scripting alone. 

A deeper look at the top open source projects

Looking across the fastest-growing projects, a clear pattern emerges: developers are optimizing for speed, control, and predictable outcomes. 

Many of the fastest-growing tools emphasize performance and minimalism. Projects like astral-sh/uv, a package and project manager, focus on dramatically faster Python package management. This reflects a growing intolerance for slow feedback loops and non-deterministic environments. 

Having just one of these projects could be an anomaly, but having multiple indicates a clear trend. This trend aligns closely with AI-assisted workflows where iteration speed and reproducibility directly impact developer productivity. 

Here’s what this means in practice: 

• Fast installs and deterministic builds increasingly matter as much as feature depth.
• Tools that reduce “works on my machine” moments are winning developer mindshare.

Where first-time open source contributors are showing up

As the developer population grows, understanding where first-time contributors show up (and why) becomes increasingly important. 

Projects like VS Code and First Contributions continued to top the list over the last year, reflecting both the scale of widely used tools and the persistent need for low-friction entry points into open source (notably, we define contributions as any content-generating activity on GitHub).

Despite this growth, basic project governance remains uneven across the ecosystem. README files are common, but contributor guides and codes of conduct are still relatively rare even as first-time contributions increase.

This gap represents one of the highest-leverage improvements maintainers and open source communities can make. The fact that most of the projects on this list have detailed documentation on what the project is and how to contribute shows the importance of this guidance.

Here’s what this means in practice: 

• Clear documentation lowers the cost of contribution more than new features.
• Contributor guides and codes of conduct can help convert curiosity into sustained participation.
• Improving project hygiene is often the fastest way to grow a contributor base.

Putting it all together

Taken together, these trends point to a shift in what developers value and how they choose tools. 

AI is no longer a separate category of development. It’s shaping the languages teams use, which tools gain traction, and which projects attract contributors. 

Typed languages like TypeScript are becoming the default for reliability at scale, while Python remains central to AI-driven systems as they move from prototypes into production. 

Across the ecosystem, developers are rewarding tools that minimize friction with faster feedback loops, reproducible environments, and clearer contribution paths.

Developers and teams that optimize for speed, clarity, and reliability are shaping how software is being built.

As a reminder, you can check out the full 2025 Octoverse report for more information and make your own conclusions. There’s a lot of good data in there, and we’re just scratching the surface of what you can learn from it.

The post What the fastest-growing tools reveal about how software is being built appeared first on The GitHub Blog.

Topics covered in this episode:

• django-bolt: Faster than FastAPI, but with Django ORM, Django Admin, and Django packages
• pyleak
• More Django (three articles)
• Datastar
• Extras
• Joke

Watch on YouTube

About the show

Sponsored by us! Support our work through:

• Our courses at Talk Python Training
• The Complete pytest Course
• Patreon Supporters

Connect with the hosts

• Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
• Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
• Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: django-bolt : Faster than FastAPI, but with Django ORM, Django Admin, and Django packages

• Farhan Ali Raza
• High-Performance Fully Typed API Framework for Django
• Inspired by DRF, FastAPI, Litestar, and Robyn
• Django-Bolt docs
• Interview with Farhan on Django Chat Podcast
• And a walkthrough video

Michael #2: pyleak

• Detect leaked asyncio tasks, threads, and event loop blocking with stack trace in Python. Inspired by goleak.
• Has patterns for
  • Context managers
  • decorators
• Checks for
  • Unawaited asyncio tasks
  • Threads
  • Blocking of an asyncio loop
  • Includes a pytest plugin so you can do @pytest.mark.no_leaks

Brian #3: More Django (three articles)

• Migrating From Celery to Django Tasks
  • Paul Taylor
  • Nice intro of how easy it is to get started with Django Tasks
• Some notes on starting to use Django
  • Julia Evans
  • A handful of reasons why Django is a great choice for a web framework
    • less magic than Rails
    • a built-in admin
    • nice ORM
    • automatic migrations
    • nice docs
    • you can use sqlite in production
    • built in email
  • The definitive guide to using Django with SQLite in production
    • I’m gonna have to study this a bit.
    • The conclusion states one of the benefits is “reduced complexity”, but, it still seems like quite a bit to me.

Michael #4: Datastar

• Sent to us by Forrest Lanier

• Lots of work by Chris May

• Out on Talk Python soon.

• Official Datastar Python SDK

• Datastar is a little like HTMX, but

  • The single source of truth is your server

  • Events can be sent from server automatically (using SSE)

    • e.g

      yield SSE.patch_elements(
          f"""{(#HTML#)}{datetime.now().isoformat()}"""
      )
      

• Why I switched from HTMX to Datastar article

Extras

Brian:

• Django Chat: Inverting the Testing Pyramid - Brian Okken
  • Quite a fun interview
• PEP 686 – Make UTF-8 mode default
  • Now with status “Final” and slated for Python 3.15

Michael:

• Prayson Daniel’s Paper tracker
• Ice Cubes (open source Mastodon client for macOS)
• Rumdl for PyCharm, et. al
• cURL Gets Rid of Its Bug Bounty Program Over AI Slop Overrun
• Python Developers Survey 2026

Joke: Pushed to prod

Download audio: https://pythonbytes.fm/episodes/download/468/a-bolt-of-django.mp3