Arcjet this week released v1.0 of its JavaScript SDK, moving it from beta to a stable, production-ready API.
Arcjet’s security platform ships with an organization’s code and provides AI security embedded in every request. The Arcjet AI model performs attack detection, including bot detection, rate limiting, email validation, form spam prevention, and data redaction directly within a developer’s code. It is built to integrate directly into modern codebases to embed security into a codebase without sacrificing flexibility – easing the process of shifting left.
Arcjet took more than two years to build and test the SDK in public to maintain stability and reduce the maintenance burden for developers.
“After 2.5 years of alpha/beta versions, we’ve declared the SDK stable and production ready,” David Mytton, founder and CEO of Arcjet tells The New Stack. “We’ve treated it as ‘production’ since the beginning — reliability, redundancy, security, etc. — but this is the official label.”
Arcjet treats stability as a first-class product requirement rather than an afterthought, Mytton says, adding that adoption of security products depends on reliability, particularly in the JavaScript ecosystem.
“Security tooling only helps if it stays installed and the constant version churn that the JS ecosystem suffers from is a big reason libraries get ripped out,” Mytton tells The New Stack. “We have lots of plans for new features, but we’re aiming to avoid breaking changes.”
Throughout the alpha and beta period, Arcjet introduced only three breaking changes over two years, most of them minimal, while maintaining backward compatibility wherever possible, the company says.
“Shipping v1.0 is a clear signal to developers that Arcjet’s API is stable and fully tested with real production workloads,” Mytton notes in a statement. “Security should not introduce more work. It should quietly remove an entire class of problems so teams can focus on building features instead of maintaining tooling.”
Arcjet first released its JavaScript SDK in alpha in 2023, and the SDK graduated to beta in January 2025 once the core API design was proven in real-world usage. The company says thousands of developers have deployed its SDK to production environments.
“We have spent a lot of time talking about shift left security in the last 10 years, but it’s mostly been bullshit,” James Governor, co-founder and analyst at RedMonk, tells The New Stack. “Unless you make the right thing the absurdly easy thing nobody is going to do it. Without great developer experience security will always be an afterthought. JavaScript security is a dumpster fire and AI is only making it worse. It’s good to see Arcjet innovating in this area, really focusing on DX as the means to improve application security.”
Regarding the plans for new features that he mentioned, Mytton listed:
The company released a beta version of its Python SDK last month.
“We started with the JavaScript ecosystem, because that’s where most new applications are being built with full stack development,” Mytton told The New Stack last month. The company started with support for both JavaScript and TypeScript applications.
Arcjet’s novel approach involves embedding a WebAssembly (Wasm) module in its SDK, allowing for local analysis of incoming requests at near-native speed.
“Arcjet has helped us easily invest in the security and efficiency of our platform,” Chris Ellis, co-founder and CEO of Thatch, a beta user of Arcjet, told The New Stack in a previous interview.
“Unlike a separate security service that gives us little visibility into its impact on our system, Arcjet gives us rich application-level insights at runtime that help us build security automations in critical parts of our application, from sales to customer onboarding,” he added.
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don’t miss an episode. Subscribe to our YouTube
channel to stream all our podcasts, interviews, demos, and more.
Source: thenewstack.io…
