Investing in Infield: Dependency Management on Autopilot 

Today, we are excited to announce Infield’s $3M seed funding, and the general availability of its dependency management platform across Javascript, Python, Typescript, and Ruby (with Java coming soon)! Infield is solving a complex and growing (but often overlooked) problem for software engineers — and we’re thrilled to lead its seed round and share Infield with the world today.

“Dependency Hell”

While dependency management may be something you have never thought about – and most software engineers you know would probably rather not have to think about – dependencies form the backbone of nearly all modern software. OS Software comprises 70-90% of any software solution today and each component requires regular updating for security, performance, and reliability.  Yet 85% of codebases contain components that are more than four years out of date. Moreover, many dependencies rely on additional packages, resulting in transitive or chained dependencies. Updating one dependency can sometimes break the whole chain if not managed carefully. The technical term for this complex network of interconnections is “dependency hell.” 

Faced with this problem, companies today must either invest in resources dedicated to research and update implementation or risk falling behind, exposing themselves to vulnerabilities and performance degradation. As a result, many large enterprises have entire teams dedicated to monitoring the company’s OS dependencies for updates. These teams research change-logs and scour Reddit and Stack Overflow threads to hopefully learn from the experience of developers who bravely upgraded before them. Only after validating safety – a work queue that can take weeks or even months – do these teams authorize upgrades. At the same time, engineers prefer to work on the latest OS versions and can grow frustrated by these cautious gatekeepers and slowed development velocity. It’s no wonder that some of the worst exploits in recent years have taken advantage of vulnerabilities in OS dependencies.

The first LLM-Driven Research and Automation for Dependencies 

The idea for a better-way took root while Steve Pike, co-founder and CEO of Infield, was working as a consultant, helping to dig a handful of clients out of dependency management holes, while bootstrapping another startup with Infield co-founder and COO Allison Pike.  Steve and Allison – who bring data company experience from their prior roles as CTO and COO at SevenFifty (acq. 2022), respectively – quickly observed some unexpectedly strong benefits of undertaking dependency management horizontally. Even across just a few clients, 80%+ of the OS dependency research to inform upgrade path design was overlapping. The intense pull from this side hustle made it clear to Allison and Steve that it warranted their full attention. Andrew Lenehan, with experience as a product leader at AppNexus and co-founder at Roster, rounds out the Infield founding team. 

When we met Steve, Allison and Andrew, they saw the opportunity to offer support for this critical, but much maligned, task at scale and achieve even greater leverage via LLMs to analyze changelogs and identify potential issues in updates automatically. This approach, combined with the opportunity to build a robust and unique database of OS package metadata – through changelog ingestion & processing to synthesis of self-reported user experiences around updates and upgrades – enables Infield to support comprehensive and efficient dependency management across most any enterprise and with compounding benefits to scale. 

Today, Infield’s platform supports large customers like HealthSherpa and Alice Financial, who understand how important it is to maintain their dependencies and also want to foster a best in class engineering culture. Infield already covers 6,000+ breaking changes from 1,000 of the most popular Javascript, Python, and Ruby packages and is adding more all the time. 

What makes Infield plug-and-play is that it both identifies and manages the sequence and remediation of updates in concert with a company’s policies and code. This process transforms the daunting task of updating dependencies into a streamlined, and increasingly automated, workflow. The moment a company integrates with Infield, it gains the ability to swiftly navigate through a backlog of updates, a task that could otherwise consume months or even years of engineering hours.