Virtually every application today relies on dozens — and sometimes hundreds — of open-source components. Many of those get updated at a rapid clip in order to introduce new features and to fix security issues (or the maintainers stop updating them, leaving security holes unfixed), but that also often means that they introduce breaking changes. Managing all of these dependencies can be a bit of a nightmare for developers. Infield, which is launching its SaaS platform today and announcing $3 million in seed funding, aims to bring open source dependency management into the future by human-assisted AI to analyze changelogs to give developers the data they need to confidently upgrade their dependencies.
The New York-based company was founded by Allison and Steve Pike, who first met at alcohol e-commerce service SevenFifty. Allison previously worked in high-frequency trading, while Steve previously worked as an analyst at BlackRock and then became the first employee of SevenFifty and later became the company’s CTO. Together, the now-husband and wife team then went through Y Combinator in 2019 to build Syndetic, a “Shopify for datasets,” as Steve described it.
But by early 2022, the team started talking about pivoting. Steve had done some personal consulting, helping other developers upgrade their software dependencies, so they decided to combine their expertise in data pipelines and dependency management to launch Infield. Trying to build the company right in the middle of the pandemic didn’t help either, the two explained.
“[Syndetic] essentially became a lifestyle business for the two of us — being married it’s easier to have those,” Allison explained. “So over the course of the first couple years, we kind of thought: okay, we have money left in the bank. We have the infrastructure here to really give it another go and so we decided to pivot based on the consulting that Steve was doing and this idea around open source upgrades.”
Infield’s third co-founder is Andrew Lenehan, who was previously a product manager at AppNexus. He then co-founded Roster (which later became Punchcard), a data exploration tool for revenue teams that received funding from Founders Fund, FJ Labs and firstminute capital (a London-based fund that clearly likes capital more than capitalization).
Infield promises that it can quickly scan all of a project’s dependencies and provide developers with a risk score based on the current version and the recommended target version. It can also help developers prioritize their upgrade backlogs. All of this is possible because the system constantly scans data from changelogs and GitHub issues to look for potential problems — which the team then augments with its own database of — often undocumented — incompatibilities. As the team noted, a lot of the work in doing these upgrades today is reading changelogs and performing risk assessments to ensure that the upgrade won’t negatively affect the production environment.
Image Credits: Infield
A lot of similar tools I’ve seen tend to focus almost exclusively on security, but Steve noted that for Infield, that’s only one aspect of what the tool can do.
“We’re intentionally not trying to be a security scanning tool or monitoring tool,” he said. “Those systems give you a backlog of things that maybe are important to upgrade — but how do you actually get that done? The best version of what we’re doing leads to a world where you keep everything up to date all the time, so when a new security vulnerability comes out, you can just take the patch. There’s no need to prioritize whether this is a critical vulnerability or a low-severity one because you can just take all the patches. If you’re on the latest version of a package, then the fix that just fixes the security vulnerabilities is trivial to take.”
Allison also noted that today, everybody is doing virtually the same work, but doing it in isolation. Thousands of companies may be updating the same packages, but they are doing so without the benefit of the information that the other teams have learned. “By consolidating the data from the community, in addition to the expert-generated data or the formal data that the maintainer has put out — there’s obviously so much efficiency to be gained in doing that,” she said.
Infield currently supports Ruby, JavaScript, TypeScript and Python, with support for Java coming soon.
The company offers a basic free plan for individual users and a pared-down set of features, with more fully featured team plans starting at $600 per month for up to 25 teams and support for up to 50 repos.
Given its origins, it’s maybe no surprise that the company also continues to offer a more white-glove upgrade service to businesses that want a bit more hands-on help.
Infield’s $3 million seed round was led by Foundation Capital. Y Combinator and Firsthand Alliance also participated, as did angel investors like Adam Gross (former CEO of Heroku), Jonathan Siddharth (founder of Turing) and Austin Ogilvie (founder of Thoropass).