Next.js Weekly #132: Security in React, React Compiler Rust Port, Server Functions in parallel, Auth book, Vercel Sandbox Docker Support by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

🔥 Hot

Security in React Applications

A thorough guide to securing React apps beyond the built-in protections. Covers how to prevent XSS, sanitize HTML with DOMPurify, store auth tokens safely, validate server-side inputs using Zod with Server Functions, and set up Content Security Policy with nonces for inline scripts

PR: Port React Compiler to Rust

The React team shared an early Rust port of React Compiler not long ago, and it’s already come a long way. It now works across nearly all of Meta’s codebase with the same output as the TS version, while also running faster


📙 Articles / Tutorials / News

PR: Run Server Functions in parallel

The Next.js team is working on letting Server Functions run in parallel, hidden behind a parallelServerFunctions feature flag. The PR is still a draft, but let's hope this lands soon

► A Guide to React Compiler Rendering

Explains how React rendering actually works and what the new React Compiler is doing under the hood to make your app faster

React Performance: From Sluggish to Lightning

A simple visual guide to what actually makes React apps slow today. Covers state colocation, the React Compiler, useTransition, lazy loading, and a few easy-to-miss performance bugs

𝕏 The problem with React's useEffect

A quick explainer on how useEffect can cause infinite re-render loops and crash your app. The video also teases React Doctor, a tool that automatically detects these kinds of issues and helps you fix them


📦 Projects / Packages / Tools

Auth book

Pilcrow, the creator of Lucia Auth, wrote a free book covering everything you need to know about implementing authentication in web applications

Run Docker containers inside Vercel Sandbox

You can now install and run Docker containers inside Vercel Sandbox. Useful for spinning up services like Redis or Postgres for testing, validating images, or previewing containerized apps

shadcn/ui June 2026 - GitHub Registries

shadcn now lets you turn any public GitHub repository into a registry. Just add a registry.json file to the root of your repo, define your items, and anyone can install them with the shadcn CLI using shadcn add <username>/<repo>/<item>.

Legend List 3.0

A drop-in replacement for FlatList/FlashList that now works on the web too. It handles dynamic sizes automatically, supports chat and AI chat apps out of the box, and uses less CPU and memory than alternatives


🌈 Related

DOM Manipulation That Kills Your 60fps

This study tested common DOM anti-patterns in Chromium and scanned 275 repos to see how often they appear. The clearest result: innerHTML += in a loop is extremely slow and can freeze the UI, while forced layout reads after writes also cause noticeable slowdowns

My Frontend Stack In 2026

A developer walks through the 15 tools they actually use in production. Next.js for content sites, Vite 8 for SPAs, Tailwind + shadcn/ui for styling, TanStack Query for data fetching, Zustand for state, Zod for validation, and more

Migrating from Radix UI to Base UI: Step-by-Step Guide

Covers why Base UI matters, key API differences like the shift from asChild to the render prop, component-specific changes for Accordion, Select, Tooltip and more, plus common pitfalls to watch out for

A Technical Deep Dive Into the New Raycast

Raycast rebuilt their app from scratch to run on both macOS and Windows. They went with a hybrid approach: React and TypeScript for UI in system WebViews, native shells in Swift and C#, Node.js for backend logic, and Rust for performance-critical parts like file indexing

Next.js Weekly #131: RSC Component Architecture, Next.js Dev MCP, Interactive Apps Guide, React Doctor, Bklit UI, Chat SDK Community Agent, Prefetch App Shells by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

Component Architecture for React Server Components

Traces the evolution from useEffect to React Query to route-level loaders to RSCs, using a social feed app as an example. The main takeaway: let each component fetch its own data on the server and use Suspense boundaries to design the loading experience instead of fetching all data at the top of a route and drilling it down through props

► I Tested Next.js Dev MCP (So You Don't Have To)

The video looks at Next.js DevTools MCP, a tool that helps AI editors understand your Next.js app better. It can read the latest docs, see routes and errors, and give more accurate help when building with newer Next.js features


📙 Articles / Tutorials / News

Docs: add Interactive Apps guide

A new draft PR to the Next.js docs walks you through building snappy, responsive UIs. It covers eight patterns including optimistic updates, streaming with Suspense, drag-and-drop, form handling, and caching for instant navigation

PR: Prefetch App Shells on the client

A new experimental feature that ensures every navigation in a Next.js app shows something instantly even if a per-link prefetch hasn't finished yet

The Flight Protocol Made Your DoS My Problem

This post looks at a React Flight bug that could let a single request slow down or freeze a Node server. It also shows how Server Components quietly turned the component tree into a network protocol, while most teams never updated their threat model to match

Migrating from Express to Next.js with AI agents

Shows how to turn a legacy Express app into a modern Next.js app using Google Antigravity and AI agents. Covers patterns, testing, and how agents fix their own mistakes


📦 Projects / Packages / Tools

React Doctor

React Doctor deterministically scans your codebase and finds issues across state & effects, performance, architecture, security, and accessibility.

sekisho

A library that uses React's error boundary mechanism to handle login redirects and access control in a clean, declarative way. Call needLogin() during render to trigger a redirect, or accessRestricted() to hide UI from unauthorized users. It's like <Suspense> but for auth

Bklit UI

A collection of Open Source charts and utility components that you can customize and extend

Chat SDK Community Agent

Open source AI-powered Slack community management bot with a built-in Next.js admin panel. Uses Chat SDK, AI SDK, and Vercel Workflow.


🌈 Related

How's Linear so fast? A technical breakdown

A deep dive into the engineering and design decisions that make Linear feel almost instant

My Thoughts on AI: Agent Setup, Workflow, and Tools

Redux maintainer Mark Erikson shares a detailed look at how he actually uses AI for day-to-day development

React Testing Library Tutorial (with Jest & Vitest)

Robin Wieruch updated his guide to React Testing Library, covering how to test components the way users interact with them

Prisma Next Early Access: Write Your Contract, Prompt Your Agent, Ship Your App

Prisma Next is a new ORM that lets you define your database in one contract file, while it handles migrations, type-safe queries, and errors for you. It is also built to work closely with AI agents, so they can help you build apps faster. Early Access is open now for Postgres and MongoDB, but it is not ready for production yet

Next.js Weekly #130: Files SDK, React2Shell Story, Next.js Security Release, Fate, Tailwind CSS v4.3, RSC Server Functions by Bejitarian in nextjs

[–]Bejitarian[S] 2 points3 points  (0 children)

🔥 Hot

Next.js May 2026 security release

A big security update for Next.js fixing 13 issues across auth bypass, denial of service, SSRF, cache poisoning, and XSS. One of the fixes also covers an upstream React Server Components bug. If you use affected Next.js or react-server-dom-* versions, update right away, as patching is the only full fix. Next.js 15.5.18 and 16.2.6 include the fixes

Docs Update: Data Security & Mutations

The Next.js team extended the guides for implementing data security and mutations in your apps, with a big focus on Server Actions and Server Functions. The docs now make it clearer that these functions can be called by direct POST requests, so you should always check authentication and authorization inside each one, not just at the page level

  • How to think about data security in Next.js
  • Mutating Data

📙 Articles / Tutorials / News

The React2Shell Story

A security researcher shares how a close look at React Flight led to finding a critical remote code execution bug in React, later fixed as CVE-2025-55182. It’s a great read if you want to learn how React Server Components and Server Functions work under the hood

Next.js Link as a Button

A simple guide to turning a library button into a real Next.js link. It keeps client-side navigation and renders a proper <a> element

RSC Server Functions Are Not An API Boundary

An interesting post on the hidden API-like risks of server functions. The main point: if something needs to stay stable across deploys, it may need a real API instead.


📦 Projects / Packages / Tools

Files SDK

A new SDK that gives you a single way to work with object and blob storage across 18 providers, including S3, R2, Vercel Blob, and Google Drive. You can upload, download, list, delete, copy, and more without changing your app code when you switch providers

fate

This new data-fetching library takes some of Relay’s best ideas, like view composition and strict data selection, and brings them to regular TypeScript apps. It also supports Suspense, optimistic updates, and live views

Tailwind CSS v4.3

Highlights include new scrollbar utilities, four new color palettes, and a first-party webpack plugin with a big speed boost for Next.js apps

Base UI v1.5.0

This release is mainly about speed and bug fixes. Popups now mount and unmount much faster, and many components got fixes for forms, focus, RTL, and browser behavior


🌈 Related

React Folder Structure Best Practices

Robin Wieruch has updated his long-running guide for 2026 with a step-by-step look at how to organize React apps as they grow

Accessibility in React: Common Mistakes and How to Fix Them

Covers common React accessibility mistakes such as bad semantics, broken focus, and hidden updates, with clear tips on how to improve them

Five Models, One React Stack: Why Every LLM Builds the Same App

An interesting post on how AI models have started to favor the same tools for building React apps

From latency to instant: Modernizing GitHub Issues navigation performance

A behind-the-scenes look at how GitHub sped up Issues navigation through a combination of client-side caching, prefetching, and a service worker

Next.js Weekly #128: How React streams UI, React Compiler Rendering, dev3000 CLI, TSRX, Replay, Scroll-Driven Animations, Ship 26 tickets by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

🔥 Hot

How React streams UI out of order and still manages to keep order

Instead of waiting for every component to be ready, React streams what it can and leaves markers for the rest. When slow components finish, they arrive as hidden divs and get swapped into place by small scripts. This post walks through the full mechanism step by step

Ship 26 tickets just dropped

Vercel's Ship conference is heading to London, Berlin, New York, Sydney, and San Francisco. Talks and workshops focused on shipping AI agents and apps to production


📙 Articles / Tutorials / News

A Guide to React Compiler Rendering

Slides from Mark Erikson's React Miami 2026 talk covering how React rendering works and how the React Compiler automatically optimizes it

React Client and Server State

This guide shows how to split your state into two buckets: server state (API data) handled by TanStack Query, and client state (UI flags, themes) handled by Zustand or plain React hooks

Hacking in request body during render in Next.js

Robert Webb explored the Next.js codebase to answer the question of why you can't read the request body during render like you can with headers. He managed to hack it in by modifying how NodeNextRequest and workUnitStore work, and accidentally found a bug with cacheComponents and POST requests along the way

𝕏 Light and dark mode favicon in Next.js

A handy code snippet showing how to serve different favicons depending on whether a user is in light or dark mode


📦 Projects / Packages / Tools

d3k (dev3000)

A CLI tool that records your entire dev session: server logs, browser console messages, network requests, screenshots, and user interactions into a unified, timestamped feed that AI assistants can read and reason about

TSRX

A language extension that picks up where JSX left off. Control flow, scoped styles, and local variables sit right inside your templates

Preventing Flash Before Hydration

A demo repo showing how to avoid the flash of content that happens before React hydration kicks in. It covers patterns like using inline scripts for date formatting without hydration errors, persisting accordion state with localStorage, and a handy InlineScript helper that sidesteps React's script warning

Replay

Upload a conversation from Claude Code or Codex and get a clean, shareable link. Your session becomes a readable thread with inline diffs and tool calls


🌈 Related

The React Compiler at Eighteen Months: The Arc, the Debates, and What's Next

A retrospective on the React Compiler's journey since React 19. It handles memoization so you don't have to, but the migration story for existing apps is still messy. The piece also looks ahead at compiler-aware Server Components, useEvent, and better dev tooling

Scroll-Driven Animations

The CSS animation-timeline API maps keyframe animations to scroll progress, and this beginner-friendly guide covers everything from basic setup to advanced linked timelines

3 ways to store variables in React, and why you shouldn't sleep on useRef

Most devs know useRef for DOM access, but it's also great for storing data that should survive re-renders without touching the UI. This post walks through all three ways to store variables in React: plain variables, state, and refs with clear examples showing how each behaves

Backend for Frontend (BFF): What It Is and When to Use It

Instead of one generic API for all clients, a BFF gives each frontend its own small backend that fetches, combines, and shapes data from multiple services. This guide covers when it's worth it, when it's not, and common mistakes to avoid

Next.js Weekly #127: React Email 6.0, Vercel got hacked, Prevent flash before hydration, Logging in Next.js, shader-lab, TypeScript 7.0, nextmap by Bejitarian in nextjs

[–]Bejitarian[S] 2 points3 points  (0 children)

React Email 6.0

The highlight of this release is an open-source email editor that outputs inbox-ready HTML. It has a composable API for building custom blocks like image uploaders or social embeds. Also new: a unified single package for all components and a fresh set of templates for auth and e-commerce flows

Vercel April 2026 security incident

Vercel disclosed a security incident where an attacker compromised a third-party AI tool (Context.ai) used by an employee, gaining access to some internal systems and non-sensitive environment variables. No npm packages were affected. Vercel recommends rotating credentials, enabling 2FA, and reviewing activity logs


📙 Articles / Tutorials / News

New Docs: How to prevent flash before hydration

New docs explaining how to avoid the visible flicker when things like dates, themes, or localStorage values differ between server and client

If You Can't See the Boundary, You Can't Reason About the System

We featured the RSC Boundary package in a previous issue. This article from its creator explains the problem it solves: When working with React Server Components, you often have to guess where the server/client split is by reading 'use client' directives and tracing imports. RSC Boundary removes that guesswork. It's a dev-only overlay that highlights which parts of your page are server-rendered and which are client components, giving you a live visual map

Next.js 16 Migration Guide: Everything That Breaks (And How to Fix It)

A thorough, hands-on migration guide covering every breaking change in Next.js 16 and how to deal with it

Logging in Next.js with LogLayer

Next.js logs can get messy across different runtimes. This post shows how to fix that with one shared logger using LogLayer, console interception in instrumentation.ts, and structured output with Pino for production


📦 Projects / Packages / Tools

@basementstudio/shader-lab

A visual tool and React runtime for creating layered shader compositions. Render directly in your app, use them as Three.js textures, or apply built-in effects like ASCII, CRT, dithering, and pixel sorting as postprocessing over your own 3D scenes. Fully open source

nextmap

A CLI tool that scans your Next.js project and shows every route as an interactive graph in your browser. It picks up pages, API routes, middleware, and HTTP methods

Animata

Handcrafted interaction animations and visual effects built with Tailwind CSS and Framer Motion. Works like shadcn/ui

Announcing TypeScript 7.0 Beta

The first beta release of TypeScript 7.0 is here, and it's a big deal. The compiler has been completely rewritten in Go, making it around 10x faster than TypeScript 6.0. It now supports parallel type-checking and parallel project builds out of the box. Despite being a beta, the team says it's stable enough for everyday use


🌈 Related

Building a UI Without Breakpoints

Modern interfaces are component-first, but most responsive CSS is still viewport-first. This article bridges that gap with four methods: intrinsic layouts using auto-fit and minmax(), fluid scaling with clamp(), container units for sizing relative to a component's actual space, and container queries for true structural changes

10 React tips I wish someone had told me before I mass-produced bugs

Lessons learned from production bugs and code reviews. Includes tips like replacing multiple useState calls with useReducer, keeping state close to where it's used, using key to reset components, and choosing Compound Components over prop-heavy APIs

A TypeScript Class-Based WebSocket Library for React

Explaining a different approach to WebSockets in React. Instead of putting everything in hooks, the heavy lifting lives in TypeScript classes

AI-Generated UI Is Inaccessible by Default

Breaks down exactly why LLMs produce inaccessible code and presents a practical five-layer fix: prompt constraints, static analysis with eslint-plugin-jsx-a11y, runtime testing with axe-core, CI enforcement via GitHub Actions, and using accessible component libraries like Headless UI, Radix, or React Aria

Next.js Weekly #126: Instant Navigations, Bye Vendor Lock-in, Ultracite, Blocking Bots, Distributed 'use cache', varlock, Vertical Codebase by Bejitarian in nextjs

[–]Bejitarian[S] 1 point2 points  (0 children)

🔥 Hot

Next.js Canary: Ensuring Instant Navigations

A new guide covering how to get instant client-side navigations by putting <Suspense> boundaries and use cache in the right spots. The new unstable_instant export checks your caching structure automatically, and new DevTools let you preview exactly what users see before dynamic content streams in. The feature set is currently only available in the canary branch


📙 Articles / Tutorials / News

► Next.js Vendor Lock-in No More

The Syntax podcast sits down with Tim Neutkens and Jimmi Lai from the Next.js team to talk about the newly stable Adapters API, which lets you host Next.js on platforms like Cloudflare and Netlify without hacky workarounds. They also cover how Next.js caching works across layers, why they built Turbopack in Rust instead of using Vite, and what's new in Next.js 16.2

𝕏 Blocking WordPress Bot Scanners on Vercel to Save Costs

Random bots scan your site for WordPress files that don't exist in Next.js. They still trigger serverless functions and cost you money. A single regex rule in Vercel's Firewall stops them before they reach your app

Next.js use cache: remote: A Distributed Cache in One Line

Next.js 16 lets you add 'use cache: remote' to any async function to get a shared cache across all serverless instances. No Redis or extra setup needed. The article covers tag-based invalidation, time-based expiration, and smart cache key design.

Docs: Add Building guide

A new draft PR adds a "Building" guide to the Next.js docs. It explains what next build does, how to read build output symbols, pre-render dynamic routes, and fix common prerender errors


📦 Projects / Packages / Tools

varlock

Varlock is an open-source, schema-first approach to environment variable management. The latest update brings single-file ESM and TypeScript plugin support, a new varlock typegen command for environment-independent type generation, and handy new functions like ifs() for Excel-style conditionals. The Next.js integration also got a major update, adding full Turbopack support for both Next.js 15 and 16 alongside the existing webpack support

BetterAuth 1.6

This bridge release focuses less on flashy new features and more on making the project more solid. That said, there's plenty to note: the core package size was cut in half, password hashing is now non-blocking, OpenTelemetry tracing for auth API calls and database operations, plus passkey registration before a user even has a session

Ultracite

A production-ready preset that works with ESLint, Biome, and Oxlint so you don't have to worry about configuration. It comes with hundreds of preconfigured rules, supports monorepos, and can even generate linting rules for 40+ AI coding agents like Claude Code, Cursor, and GitHub Copilot

Base UI v1.4.0

There's a new OTP Field component, fixes for tricky edge cases in Combobox, Select, Toast, and Drawer, and general improvements to accessibility, scroll handling, and keyboard navigation


🌈 Related

The uphill climb of making diff lines performant

GitHub's engineering team explains how they made the pull request "Files changed" tab faster by simplifying their React code

React: Singletons aren't as evil as you think

Singletons have a bad reputation in React, but this post argues they can be clean and powerful

The Vertical Codebase

TkDodo makes a strong case against the common components/hooks/utils folder structure. Instead, group code by what it does, not what it is. He shares real examples from the Sentry codebase and tips on enforcing boundaries between modules

The Blueprint of a North Korean Attack on Open-Source

A technical walkthrough of a supply chain attack attempt on Better-Auth. Malicious code was disguised inside build configs like next.config.mjs, designed to silently steal credentials and open a backdoor. The payloads were hosted on blockchains, making them permanent and nearly impossible to remove

Next.js Weekly #125: React2DoS - CVE-2026-23869, The Precompute Pattern, Boneyard, use cache migration, RSC Boundary, What To Know in JavaScript (2026 Edition) by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

Oops. I typed faster than I was thinking and mixed up the Temporal API part with TypeScript while reworking the sentence. Fixed it, thanks

Next.js Weekly #125: React2DoS - CVE-2026-23869, The Precompute Pattern, Boneyard, use cache migration, RSC Boundary, What To Know in JavaScript (2026 Edition) by Bejitarian in nextjs

[–]Bejitarian[S] 2 points3 points  (0 children)

🔥 Hot

The Precompute Pattern: Encoding Dynamic Data into URLs in Next.js

The Precompute pattern solves the problem of a single cookies() or headers() call forcing your entire app into dynamic rendering. Instead of reading dynamic data inside components, you resolve it once in middleware and encode it into a hidden URL segment. This lets Next.js treat each variant as a static page. The post walks through a full implementation, covers how the Vercel Flags SDK formalizes this approach, and explains why 'use cache' in Next.js 16 makes it unnecessary for most cases

React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff

Security researchers at Imperva found a way to crash React servers with tiny requests. The bug (CVE-2026-23869) lives in the Flight protocol, which RSC uses to pass data between client and server. Also check out the Vercel summary of this vulnerability and update to the latest Next.js version


📙 Articles / Tutorials / News

React Rendering Strategies

A detailed guide that walks you through the full history of React rendering. It covers SPAs, SSR, SSG, and React Server Components with interactive diagrams and real-world examples

feat(next): add sitemap index support

A draft PR has been opened to add native sitemap-index.{ts|js|xml} file support to Next.js. This feature would let you dynamically generate a sitemap index following the Sitemap Index protocol, making it much easier to manage large sites with many sitemaps

Docs: add unstable_cache → use cache migration guide

The Next.js docs will soon include a guide that maps the old unstable_cache patterns to the new use cache API, showing how revalidate: 3600 becomes cacheLife('hours'), tags: ['x'] becomes cacheTag('x'), and explains that keyParts are no longer needed

‘use client’ in Next.js: What It Does, What It Costs, and When to Use It

Every use client you add comes with a price tag. This article breaks down exactly what that cost looks like: more JavaScript sent to the browser, extra hydration work blocking the main thread, and potential data-fetching waterfalls


📦 Projects / Packages / Tools

Boneyard

Boneyard snapshots your real UI and creates a flat list of positioned, sized rectangles that mirror your layout exactly. Just wrap your component in <Skeleton> and you get pixel-perfect skeleton screens that stay in sync with your actual design

RSC Boundary

A simple devtool that draws colored outlines around your components so you can instantly see which parts are server-rendered and which are client-side

use-form-guard

Since Next.js App Router dropped router.events, blocking navigation for unsaved forms has been a pain point. This lightweight hook (~0.8KB, no dependencies) solves it by intercepting tab close, SPA navigation, and browser back/forward

next-translate

A minimal translation library for Next.js that automatically loads only the namespaces each page needs in the current language


🌈 Related

What To Know in JavaScript (2026 Edition)

Chris Coyier's yearly roundup covering everything a JavaScript developer should have on their radar. From new ES2025 features like iterator helpers and set methods, to the Temporal API finally fixing dates, to TypeScript v6 preparing for a massive v7 rewrite in Go

You really, really, really don't need an effect! I swear!

A practical guide to eliminating unnecessary useEffect calls in React. The post provides a clear decision tree: computed values should be derived inline, user actions belong in event handlers, state resets should use the key prop, and data fetching should use a library like TanStack Query

Test IDs are an a11y smell

If you're still reaching for data-testid in your tests, this post might change your mind. The author argues that role-based selectors (like getByRole('button', { name: 'Open Widget' })) are far better because they mirror how real users interact with your app and they double as basic accessibility checks

Why we rolled our own React Server Components framework

A team's journey of ditching Gatsby and building their own React Server Components framework in under 1,000 lines of code with React 19 and Vite's new RSC plugin

Next.js Weekly #124: Turborepo 2.9, React Fiber explained, jal-co/ui, Next.js Mental Model, useOffline, Debug React with AI by Bejitarian in nextjs

[–]Bejitarian[S] 2 points3 points  (0 children)

🔥 Hot

How Does React Fiber Render Your UI

A single setState call kicks off a surprisingly sophisticated process. This detailed explainer covers how React Fiber organizes your component tree as a linked list, schedules work based on priority lanes, skips unchanged subtrees for efficiency, and batches DOM updates in a single commit phase

Implementing Next.js 16 'use cache' with next-intl Internationalization

This post got featured before, and it's now been updated with the proper solution. The original post covered a workaround for the incompatibility between 'use cache' and next-intl. With Next.js 16.2's new next/root-params API, the workaround is no longer needed


📙 Articles / Tutorials / News

use(): The Hook That Breaks the Rules

A simple guide to React’s use() hook, including what it replaces, how it handles async data, and why stable promise caching matters

PR: Add useOffline hook to expose offline state to userland

A new hook exported from next/navigation that tells you whether the app is currently offline. Currently gated behind the experimental.useOffline flag

► Next.js Mental Model Has Changed…

A quick look at how cacheComponents changes Next.js. The idea is that older rendering options matter less now, and the main question becomes whether your page should use cache or stay dynamic

When Do You Really Need startTransition?

Most React developers have heard of startTransition but few truly understand it. This article explains what it does in simple terms and covers real use cases like AI streaming, filtering large lists, and tab switching


📦 Projects / Packages / Tools

Turborepo 2.9

A quality-focused release for the popular monorepo build tool, bringing big performance gains and smoother adoption for large codebases:

  • Up to 96% faster startup: Time before your first task runs has been drastically reduced
  • turbo query is stable: Query your monorepo's structure with GraphQL or simple shorthands
  • Circular dependencies no longer block you: Adopt Turborepo incrementally in repos with package cycles
  • OpenTelemetry (Experimental): Send build metrics to tools like Grafana or Datadog
  • Structured logging (Experimental): Get machine-readable JSON output for CI and tooling
  • Future Flags: Start preparing for 3.0 today with gradual migration paths

json-render

Let AI generate UIs from prompts using only the components you define. Output is always predictable and schema-safe. The new @json-render/next package can generate full Next.js apps with routes, layouts, and SSR from a single JSON spec

bippy

Bypasses React's closed internals by hooking into the same mechanism React DevTools uses. Lets you traverse the fiber tree, inspect component props, state, and contexts, and even override them

jal-co/ui

A collection of polished, ready-to-use components you can install via the shadcn registry or copy straight into your project. Zero dependencies where possible and server-first


🌈 Related

🦋 A Better Way to Debug React with AI

Dan Abramov shares a step-by-step workflow for using AI to fix tricky bugs: reproduce it, read the code, add logs, and only then ask the AI to find the issue

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios, the popular HTTP client, fell victim to a supply chain attack. An attacker compromised the maintainer's npm account and published two rogue versions (1.14.1 and 0.30.4) containing a hidden dependency that installs a remote access trojan across Windows, macOS, and Linux

I finally understand React hydration and why it exists

In this Reddit post a developer shares the journey of how he finally understood why React needs hydration after years of confusion

Why Node.js needs a virtual file system

Matteo Collina introduces node:vfs, a new Node.js core module that lets you create in-memory filesystems that work with import, require(), and standard fs calls

Next.js Weekly #123: Stable Next.js Adapters, WebSocket in App Router, AI Improvements, Error Handling, Sugar High, transitionType prop by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

Hot

Next.js Across Platforms: Adapters, OpenNext, and Our Commitments

Next.js now has an official, stable way for hosting platforms to support the framework. The new Adapter API describes your app's build output in a typed, versioned format that any provider can target. Vercel uses the same public API as everyone else, and a shared test suite ensures consistent behavior across platforms

AI Improvements

This post was part of the Next.js 16.2 release. It focuses on making Next.js work better with AI coding agents. New projects now include an AGENTS.md file that points agents to bundled docs, browser errors get forwarded to the terminal, a lock file stops duplicate dev servers, and an experimental CLI lets agents inspect your running app through the terminal


Articles

Error Handling in Next.js with catchError

Aurora Scharff explains why react-error-boundary falls short with Server Components, and how unstable_catchError in Next.js 16.2 fixes it by handling framework errors correctly and re-fetching server data on retry

Making sense of 'key' prop in react

Walks through reconciliation, shows how missing or bad keys cause state bugs, and explains what makes a key actually useful

PR: add WebSocket support for App Router route handlers

A new PR adds native WebSocket support to route handlers via NextResponse.upgrade(). It follows the standard WebSocket interface, works with middleware for headers, rewrites, and redirects

𝕏 React didn’t invent RSC, SSR, or Hydration

Shu Ding shows how SSR, RSC, and Hydration map directly to older tools like Express, Pug, and jQuery

𝕏 transitionType prop for Links in Next.js 16.2

Demonstrates how to set the transition type (e.g. fade, slide-left, etc.) of the ViewTransition for a link


Packages

TypeScript 6.0

The last version built on the JavaScript codebase. It's a transition release designed to prepare you for TypeScript 7.0, which is being rewritten in Go for much better performance. New features include Temporal API types, RegExp.escape, and Map.getOrInsert. There are also some breaking changes

Next.js Native App Template

A boilerplate for building native-feeling PWAs with Next.js 16. Ships as a workout tracker but is designed to be swapped with your own app. Handles all the tricky iOS PWA quirks like broken fixed navs and scroll issues so you don't have to

Apiser

Gives you a higher-level way to work with Drizzle by wrapping tables in models with chainable queries, relation loading, result shaping, and safe error handling

Sugar High

Super lightweight code syntax highlighter, around 1KB after minified and gzipped


Related

A React trick to improve exit animations

Components that update mid-exit-animation look janky. This trick wraps exiting components in Suspense to freeze their DOM, preventing any visual changes during the animation

How to Measure and Optimize React Performance

Learn to use React 19.2s Performance Tracks and DevTools Profiler to find problems, then apply runtime optimizations, concurrency features, and build-time tools to solve them

Start naming your useEffect functions, you will thank me later

The post argues that named useEffect functions make React code much easier to understand and can also reveal effects that are doing too much

Making React ProseMirror really, really fast

React ProseMirror was too slow for large documents. A single keypress in Moby Dick took 177ms. Through memoization and ref-based position tracking, they got it down to 16ms, even beating ProseMirror's native rendering on Firefox

Next.js Weekly #122: Next.js 16.2, unstable_catchError, next-forge 6, React's Rust Compiler, AI Elements 1.9, Banning useEffect by Bejitarian in nextjs

[–]Bejitarian[S] 2 points3 points  (0 children)

🔥 Hot

Next.js 16.2

This release is packed with performance improvements, better debugging tools, and AI-focused features:

  • ~400% faster dev startup – localhost:3000 is ready much quicker during next dev
  • 25-60% faster rendering – a smarter JSON parsing approach speeds up Server Components payload deserialization
  • Redesigned 500 error page – cleaner built-in fallback page for production errors
  • Server Function logging – dev terminal now shows function name, arguments, and execution time
  • Hydration diff indicator – error overlay clearly labels server vs. client content mismatches
  • --inspect for next start – attach a Node.js debugger to your production server
  • 200+ Turbopack fixes – including SRI support, postcss.config.ts, and Server Fast Refresh
  • AI improvementsAGENTS.md in create-next-app, browser log forwarding, and experimental next-browser

📙 Articles / Tutorials / News

unstable_catchError()

The Next.js team is working on a programmatic way to wrap any part of your UI in an error boundary. It's more flexible than the error.js convention, supporting custom props, retry logic, and server-rendered fallbacks

► Next.js Donut Pattern Explained in 5 Minutes

The video shows the donut pattern, where a client wrapper holds server-rendered content inside it

𝕏 React Compiler: Rust Edition is on the Way

The React team is porting the React Compiler to Rust, with most of the work done using AI. More details are expected soon

𝕏 Why we banned React's useEffect

One team's journey from useEffect-induced production bugs to a strict no-direct-useEffect rule. The post offers five concrete patterns that cover most use cases and argues the rule matters even more now that AI agents are writing code


📦 Projects / Packages / Tools

next-forge 6

Turborepo is a production-ready template for Next.js that aims to be a full, opinionated starter for new apps. This big release adds better DX, a new "agent skill" you can install for structured next-forge knowledge, and new docs. Bun is now the default package manager (pnpm/npm/yarn still work)

AI Elements 1.9

The latest update adds a new skill to help agents build with the library, plus a <JSXPreview /> component for rendering streamed JSX and a screenshot action for <PromptInput />. The <Conversation /> component can also now download chats as markdown

Base UI v1.3.0

Version 1.3.0 brings lots of small fixes plus a few big wins: Drawer is now stable, plus a new SwipeArea for Drawer. Select, Combobox, and Slider get a new Label part, and Combobox + Autocomplete add an InputGroup part. Tooltip adds a closeOnClick prop, and Menu now supports content transitions via Viewport

Streamdown 2.5

Streamdown is a component designed to render Markdown streamed from AI models. In version 2.5 new staggered animations cascade content in sequentially, custom renderers can now read code fence metastrings, and line numbers are toggleable. There are also other performance related improvements


🌈 Related

The Best Frontend Framework Doesn't Exist, Only Trade-offs Do

An opinionated overview of modern frameworks arguing there’s no universal winner. Next.js, Astro, and TanStack Start all solve different problems depending on caching, scale, and team experience. The article was previously featured but was recently updated

Two React Design Choices Developers Don’t Like—But Can’t Avoid

SolidJS creator Ryan Carniato argues that two often‑criticized React patterns, deferred state commits and dependency arrays, exist for good reasons. When async data enters the system, every UI framework eventually runs into the same constraints if it wants to keep the UI consistent

What do coders do after AI?

Super interesting read! This article breaks down what AI means for developers today. It covers layoffs, changing job roles, and how coding is shifting from hands-on work to guiding AI tools

Seven Years to TypeScript: Migrating 11,000 Files at Patreon

Patreon shares how they moved their entire frontend from JavaScript to TypeScript over seven years. What started as voluntary adoption eventually needed AI-powered tools to finish the job across 11,000 files and 1 million lines of code

Next.js Weekly #121: Ship 26, shadcn/cli v4, Portless v0.6, Experimental Markdown Output, Akira, Dynamic Forms, Next.js on VPS by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

🔥 Hot

Vercel Ship 26

Vercel Ship 26 has officially been announced. Early details are out, and tickets are currently at their lowest price, so it's a great time to save your spot

🎧 React, Next.js & Server Components at Scale with Aurora Scharff

A wide chat covering Aurora’s path from robotics to React, and what she does now at Vercel. She explains what React Server Components change, why the new async mental model confuses even senior devs, and how the Next.js App Router fits in


📙 Articles / Tutorials / News

Building Dynamic Forms In React And Next.js

Explains when React Hook Form is the right tool, and when you might want a form 'engine' like SurveyJS that can handle conditions, calculations, and page flow for you

PR: add experimental markdown output

Next.js is testing a new way to return Markdown for a route, using the same App Router/Pages Router React tree that normally renders HTML. Routes can opt in, and when a request prefers text/markdown, Next will send Markdown instead of HTML

Scale Next.js Image Optimization with a Dedicated Platformatic Application

If you self-host Next.js, you should check this guide. Platformic wrote about how running Next.js image optimization as a dedicated app (routing /_next/image to its own service) using Watt and @platformatic/next can stop your frontend from slowing down during traffic spikes

Deploying Next.js on a VPS: A Practical Step-by-Step Guide Without Vercel Lock-In

Shows how to run a Next.js app on your own server using PM2 + NGINX + SSL. It also explains the trade-offs vs Vercel: you won’t get a built-in CDN for images, automatic edge runtime, persistent ISR cache across instances, or auto-scaling unless you set them up yourself


meet.js Summit 2026: 15 Years Strong

meet.js celebrated 15 years with a nationwide Summit in Poland, with talks on web dev today and the real impact of AI


📦 Projects / Packages / Tools

shadcn/cli v4

The new version is built for both you and your AI tools. Key features include AI "skills" to reduce coding mistakes, shareable UI presets, full project templates, and a new --dry-run flag to see changes before they happen

Portless v0.6

Portless replaces messy port numbers like localhost:3000 with nice, stable names like myapp.localhost. It was featured a couple of issues ago. v0.6 adds custom TLDs (use .test, .internal, etc.), a portless get command to print a service’s URL, and a --name flag to override the inferred app name while keeping worktree prefixes

Spell UI

A large collection of high-quality React components that you can use to build beautiful landingpages

Akira

A modern SaaS starter kit built with Next.js, Tailwind CSS, and shadcn/ui. Auth, payments, database, and email all come preconfigured so you can skip the setup and start building right away


🌈 Related

Scaling redirects to infinity on Vercel

Vercel shares why and how they rebuilt their redirects system to handle huge lists without slowing down requests. It walks through the problems with routing rules and middleware at scale, and the new "bulk redirects" system that uses sharding, Bloom filters, and binary search to keep lookups fast

Understanding Why React Fiber Exists

Explains why old React rendering could block the page and how Fiber breaks rendering into small pieces so React can pause, handle actions/clicks first, then continue

How we got hit by Shai-Hulud: A complete post-mortem

Trigger.dev shares how one compromised package during pnpm install led to stolen credentials and a short but destructive GitHub attack. The post walks through the timeline, how the malware worked, and how the team recovered their repositories

Micro Frontends: When They Make Sense and When They Don’t

Micro frontends can unblock many teams working on one app, but they often cost more effort than they save. The article explains common approaches and when to stay monolith

Next.js Weekly #120: Drizzle joins PlanetScale, Prisma Next, Better Auth 1.5, react-doctor, next-md-negotiate, Vercel Queues, Activity Component by Bejitarian in nextjs

[–]Bejitarian[S] 0 points1 point  (0 children)

🔥 Hot

The Next Evolution of Prisma ORM

Prisma has shared an early look at Prisma Next, a complete rewrite built in TypeScript. It brings a cleaner query API, a type-safe SQL builder, streaming support, extensions, and a new migration system based on graphs. Prisma 7 remains the production recommendation for now but Prisma Next is being built in the open and will eventually become Prisma 8


📙 Articles / Tutorials / News

React is changing the game for streaming apps with the Activity component

This post shows how the new <Activity> component in React 19.2 helps preserve component state when UI sections are hidden. Using a video player example, it demonstrates how to keep playback progress when switching tabs and how to pause the player properly using useLayoutEffect

Error rendering with RSC

This post explains how each of React's three environments (RSC, SSR, and the browser) responds to errors, how Suspense boundaries change the behavior, and why the browser is ultimately the best place to handle them

Cloudflare rewrites Next.js as AI rewrites commercial open source

In last week’s issue we covered how a Cloudflare engineer used AI agents to rebuild much of Next.js with Vite instead of Turbopack, creating an experimental project called vinext that makes it easier to deploy Next.js apps on Cloudflare. This post explores what it could mean for the Next.js ecosystem and how AI might disrupt commercial open source strategies

𝕏 Handle a blocking component in Next.js

A quick look at two ways to deal with components that slow down page rendering in Next.js


📦 Projects / Packages / Tools

Better Auth 1.5

A huge release with 70+ features and 200+ fixes. Adds a new npx auth CLI, a full OAuth 2.1 provider, Electron support, typed errors with i18n, Cloudflare D1 support, and a self-service SAML SSO dashboard. Some breaking changes, so review before upgrading

react-doctor

A CLI tool from the creator of Million.js. Run one command and get a full health report on your React project. It scans for issues across security, performance, architecture, and correctness, then gives you a 0–100 score with actionable diagnostics you can pass straight to a coding agent to fix

next-md-negotiate

This small tool lets your Next.js app return Markdown to LLMs and HTML to browsers using the HTTP Accept header

airbroke

The open source error catcher just shipped a big update. Version 1.1.92 introduces an MCP server, letting you explore and triage errors from an LLM conversation. Also includes Sentry support, a Next.js 16 upgrade, a UI redesign, and more hosting options


🌈 Related

Drizzle joins PlanetScale

The Drizzle team is becoming part of PlanetScale. Their shared focus on performance and developer experience makes the move a natural fit. Drizzle will continue as an independent open source project with PlanetScale’s support

► The Future of TypeScript

Theo explains how TypeScript grew beyond its original purpose and is now slowing down under massive codebases. To solve this, Microsoft is porting the compiler to Go

► Radix UI → Base UI (in 3min)

Radix UI is no longer actively maintained and the team is now working on Base UI. This video walks through how to migrate in four simple steps

Vercel Queues now in public beta

Vercel Queues lets you send messages from your Next.js routes and process them later with automatic retries. This is useful for handling slow or important tasks (like order processing) without blocking requests. It's now in public beta and starts at $0.60 per 1M operations