Podcasts about react server components

Jack Harrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStack Special Guest: Tanner Linsley.

* Notepad++ Releases Security Update to Address Traffic Hijacking Vulnerability* Google Links Additional Chinese Hacking Groups to Widespread Exploitation of Critical React2Shell Vulnerability* Scammers Abuse PayPal Subscriptions to Send Fake Purchase Notification Emails* Massive Chrome Extension Caught Harvesting Millions of Users' AI Chat Conversations* Google to Discontinue Its Dark Web Report Security Feature in 2026Notepad++ Releases Security Update to Address Traffic Hijacking Vulnerabilityhttps://notepad-plus-plus.org/news/v889-released/The popular text editor Notepad++ has released version 8.8.9 to address a critical security vulnerability affecting its updater, WinGUp. According to security experts, incidents of traffic hijacking have been reported, where the traffic between the updater client and the Notepad++ update infrastructure was being redirected to malicious servers, resulting in the download of compromised executables.The vulnerability was found to be a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. Exploiting this weakness, an attacker could intercept the network traffic and prompt the updater to download and execute an unwanted binary instead of the legitimate Notepad++ update. To mitigate this issue, the new release introduces a security enhancement that verifies the signature and certificate of the downloaded installers during the update process, and aborts the update if the verification fails.The investigation into the exact method of the traffic hijacking is ongoing, and users will be informed once tangible evidence is established. In the meantime, Notepad++ recommends that users who have previously installed the root certificate should remove it, as the binaries, including the installer, are now digitally signed using a legitimate certificate issued by GlobalSign. Google Links Additional Chinese Hacking Groups to Widespread Exploitation of Critical React2Shell Vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182/Google's threat intelligence team has identified five more Chinese cyber-espionage groups joining the ongoing attacks exploiting the critical “React2Shell” remote code execution vulnerability, tracked as CVE-2025-55182. This flaw, which affects the React open-source JavaScript library, allows unauthenticated attackers to execute arbitrary code on React and Next.js applications with a single HTTP request.The list of state-linked threat actors now includes UNC6600, UNC6586, UNC6588, UNC6603, and UNC6595, which have been deploying a variety of malware such as the MINOCAT tunneling software, the SNOWLIGHT downloader, the COMPOOD backdoor, and an updated version of the HISONIC backdoor. According to Google, the vulnerability has a significant number of exposed systems due to the widespread use of React Server Components in popular frameworks like Next.js.In addition to the Chinese hacking groups, Google's researchers have also observed Iranian threat actors and financially motivated attackers targeting the React2Shell vulnerability, with some deploying XMRig cryptocurrency mining software on unpatched systems. Internet watchdog groups have tracked over 116,000 vulnerable IP addresses, primarily located in the United States, highlighting the widespread impact of this critical flaw. Scammers Abuse PayPal Subscriptions to Send Fake Purchase Notification Emailshttps://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/Cybersecurity researchers have uncovered a new email scam that abuses PayPal's “Subscriptions” billing feature to send legitimate-looking PayPal emails containing fake purchase notifications. The emails, which appear to come from the legitimate service[at]paypal.com address, state that the recipient's “automatic payment is no longer active” and include a customer service URL field that has been modified to display a message about a large, expensive purchase.The goal of these scam emails is to trick recipients into believing their account has been used to make an expensive purchase, such as a Sony device, MacBook, or iPhone, and prompt them to call a provided phone number to “cancel or dispute the payment.” This tactic is commonly used to convince victims to engage in bank fraud or install malware on their computers.Investigations have revealed that the scammers are able to send these emails directly from PayPal's servers by exploiting the company's Subscriptions feature. When a merchant pauses a subscriber's subscription, PayPal automatically sends a notification email to the subscriber, which the scammers are then modifying to include the fake purchase information. PayPal has stated that they are actively working to mitigate this method and urge customers to be vigilant and contact their customer support directly if they suspect they have been targeted by this scam.Massive Chrome Extension Caught Harvesting Millions of Users' AI Chat Conversationshttps://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collectionA Google Chrome extension with over 6 million users has been observed silently collecting every prompt entered by users into popular AI-powered chatbots, including OpenAI's ChatGPT, Anthropic's Claude, Microsoft's Copilot, and others. The extension in question, Urban VPN Proxy, is advertised as a secure VPN service but has been updated to include a tailored script that intercepts and exfiltrates users' chat conversations to remote servers.The extension, which also has 1.3 million installations on Microsoft Edge, overrides the browser's network request APIs to capture the user's prompts, the chatbot's responses, conversation identifiers, timestamps, and session metadata. This data is then sent to two remote servers owned by Urban Cyber Security Inc., the Delaware-based company behind the extension. The company claims the data is collected for “marketing analytics purposes” and that it will be anonymised, but it also shares the raw, non-anonymised data with an affiliated ad intelligence firm, BIScience.Despite the extension's “Featured” badge on the Chrome Web Store, which implies it meets the platform's “best practices and high standards,” researchers have discovered that the data harvesting occurs regardless of whether the extension's “AI protection” feature is enabled. This feature is designed to warn users about sharing personal information, while the developers fail to disclose that the extension is simultaneously exfiltrating the entire chat conversation to its own servers. This type of data collection and sharing without user consent poses a serious risk to users' privacy and security.Google to Discontinue Its Dark Web Report Security Feature in 2026Google has announced that it will be shutting down its “dark web report” security tool, which notifies users if their email address or other personal information has been found on the dark web. The tech giant stated that it wants to focus on other tools it believes are more helpful to users in protecting their online security and privacy.According to their email notification, Google will stop monitoring for new dark web results on January 15, 2026, and the data will no longer be available from February 16, 2026. The company acknowledged that while the dark web report feature provided general information, feedback showed that it did not offer clear, actionable steps for users to protect their data.Going forward, Google will continue to invest in other security tools, such as the Google Password Manager, Password Checkup, and the “Results about you” feature, which allows users to find and request the removal of their personal information from Google Search results. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

　株式会社エーアイセキュリティラボは12月10日、脆弱性診断の自動化ツール「AeyeScan」が「React Server Componentsの脆弱性（CVE-2025-55182）」に対応するスキャンルールの追加を発表した。

In this episode, Noel sits down with David Mytton, founder and CEO of Arcjet, to unpack the React2Shell vulnerability and why it became such a serious remote code execution risk for apps using React server components and Next.js. They explain how server-side features introduced in React 19 changed the attack surface, why cloud providers leaned on WAF mitigation instead of instant patching, and what this incident reveals about modern JavaScript supply chain risk. The conversation also covers dependency sprawl, rushed patches, and why security as a feature needs to start long before production. Links X: https://x.com/davidmytton Blog: https://davidmytton.blog Resources Multiple Threat Actors Exploit React2Shell: https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182 We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters

Abusing DLLs EntryPoint for the Fun DLLs will not just execute code when some of their functions are called, but also as they are loaded. https://isc.sans.edu/diary/Abusing%20DLLs%20EntryPoint%20for%20the%20Fun/32562 Apple Patches Everything: December 2025 Edition Apple released patches for all of its operating systems, fixing two already exploited vulnerabilities. ClickFix Attacks Still Using the Finger ClickFix Attacks Still Using the Finger Two examples of ClickFix attacks abusing the finger protocol to load additional malware Denial of Service and Source Code Exposure in React Server Components Denial of Service and Source Code Exposure in React Server Components After last week's critical patch, three more, but less critical, vulnerabilities were identified in React Server Components. https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

En este episodio hablamos sobre recientes problemas de seguridad detectados en React, qué significan realmente, a quiénes afectan y qué acciones deberías tomar como desarrollador para mantener tus proyectos seguros.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 06/12 a 12/12.☕ Café Código FontePrograme sua xícara para o sabor certo!https://cafe.codigofonte.com.br

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 06/12 a 12/12.☕ Café Código FontePrograme sua xícara para o sabor certo!https://cafe.codigofonte.com.br

This week gave us the gift of some more React Server Components vulnerabilities  and further exploitation of the previously disclosed bugs by a variety of threat groups. There were also a long list of vulnerabilities disclosed by Microsoft, Adobe, and others, which we discuss in the context of how difficult vulnerability management is right now. Finally, we discuss CISA's warning about continued Russian targeting of US critical infrastructure.GreyNoise report: https://info.greynoise.io/hubfs/At-The-Edge/Weekly-Intelligence-Brief-120825.pdf?_ga=2.212724369.466870115.1765553789-1325891860.1765553788Support the show

Una vulnerabilità critica in React Server Components ha scatenato il panico nel mondo della sicurezza. CVSS 10.0, 87.000 server italiani a rischio, attacchi da Cina e Nord Corea. E Cloudflare? È andato giù provando a proteggerci.00:00 Intro02:12 Contesto e React Server Components06:20 React2Shell10:27 Aftermath e attacchi19:10 Conclusioni#react #react2shell #nextjs #javascript #security

　独立行政法人情報処理推進機構（IPA）は12月9日、React Server Componentsにおける脆弱性について発表した。影響を受けるシステムは以下の通り。

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

Attackers don't take holidays off. In this December Patch Tuesday episode, the Automox security team breaks down three high-impact vulnerabilities landing at the end of 2025. Ryan, Mat, and Seth unpack the React2Shell RCE hitting React Server Components, an Azure Monitor Agent flaw that turns the syslog user into a stealthy foothold, and a Windows File Explorer bug where a single click may trigger privilege escalation.You'll hear why light patch months aren't always low-risk, how bundled dependencies can expose you even if you don't “use” React, and why log pipelines remain a prime target for attackers looking to hide their tracks. The team also covers seasonal phishing trends and what to expect as skeleton crews head into the holidays.

This week TanStack joins the AI wars with the alpha release of TanStack AI: an open-source AI SDK with a unified interface across multiple providers. TanStack AI is an open-source ecosystem of libraries and standards, and it is client, server, and AI provider agnostic, to make building AI-enabled apps accessible to all.In a surprise move, AI company Anthropic acquires JavaScript runtime Bun to accelerate its development of Claude Code. Apparently, Bun has been central to Claude Code reaching $1 billion in run-rate revenue in just six months, and Anthropic's brought the team in house to keep the momentum going.And it's been another rough week for security in JavaScript. First, a new self-replicating, credential stealing malware attack, dubbed Shai-Hulud 2.0, swept the npm ecosystem and compromised 800 npm packages in the process, and then a critical security vulnerability was discovered for any React projects using React Server Components. Just remember to lock down your dependencies and install those patches ASAP, folks.Timestamps:1:22 - TanStack AI9:12 - Anthropic buys Bun21:03 - Shai-Hulul 2.0 on npm and an RSC vulnerability30:23 - What's making us happyNews:Paige - Shai-Hulud 2.0 on npm and RSC vulnerabilityJack - TanStack AITJ - Anthropic buys Bun (Bun post) (Anthropic post)What Makes Us Happy this Week:Paige - The Durrells TV seriesJack - Essentialism bookTJ - Dungeon Crawler Carl book seriesThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support. 00:00 Introduction and Sponsor Message 00:48 React Vulnerability: React2Shell 03:13 Microsoft's Long-Standing Shortcut Flaw 04:50 Evilginx: Bypassing MFA in Education 06:59 Shady Panda's Malicious Extensions 09:13 Google's AI Mishap: Developer's Hard Drive Wiped 11:01 Conclusion and Final Thoughts

Shruti Kapoor comes back onto the podcast to discuss React 19.2, how it builds on React 19 and React 18, and new features like Activity, View Transitions, useEffectEvent, and React server components improvements powered by cacheSignal. They explore partial pre rendering, Suspense boundary batching, the stable React Compiler for auto memoed apps, and new Chrome dev tools performance tracks. The episode also covers Next.js 16 framework support and the updated ESL plugin react hooks. Links Website: https://shrutikapoor.dev LinkedIn: https://www.linkedin.com/in/shrutikapoor08/ YouTube: https://www.youtube.com/@shrutikapoor08 X: https://x.com/shrutikapoor08 Bluesky: https://bsky.app/profile/did:plc:2xjmzwgtmtxa4hqw7ofab4kb Resources React 19.2: https://react.dev/blog/2025/10/01/react-19-2 We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters Special Guest: Shruti Kapoor.

Follow up to our little discussion on Twitter / X. What is the advantage of using RSCs? When is it better to use loaders and actions? What are the trade-offs? In which situations would you recommend using RSC with React Router?

Scott and Wes sit down with Evan You, creator of Vue, Vite, and VoidZero, to dig into the future of frontend tooling. From the speed of Rolldown to why he chose Rust, they explore the evolution of developer experience, bundlers, and what's next for the web. Show Notes 00:00 Welcome to Syntax! 00:31 Who is Evan You? Vue.js. Vite. Void0 01:19 Making the shift from UI to Toolchains. 02:37 How aesthetics contributed to the success of Vue and Vite. 05:26 Adding Rollup plugins to the Dev Server. 07:31 Brought to you by Sentry.io. 07:56 Rollup and Rolldown explained. 09:29 NAPIRS. 10:02 Why Rust and not Go? SWC, OXC. 12:04 Rolldown's speed and performance. OXC Allocator. 15:09 Dealing with massive buildtimes. 17:42 How has the transition been? 20:34 Why do we even need a bundler? 23:25 Vite's superior developer experience. 26:01 Fullstack Vue? 31:45 Node and Vite's relationship. 35:41 Wes' wishlist. vite-dir. 37:28 Hot takes. 37:37 Would Next be better with Vite? 41:09 Thoughts on React Server Components. 43:40 Thought on Remix 3. 46:22 Tell us about Void0. 51:36 Sick Picks + Shameless Plugs. Sick Picks Evan: Laravel Lamborghini Shaped Stress Toys Shameless Plugs Evan: Viteconf, Vite, CultRepo. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Mark Dalgleish joins us to talk about the latest in React Router, including its growing support for React Server Components (RSC). He breaks down what RSC data mode, framework mode, and declarative mode mean for developers, and how features like the middleware API and route module API are simplifying work across tools like Vite and Parcel. We also dive into how React 19, static site generation with RSC, and smarter data batching are reshaping performance and the future of server-side rendering in React apps. Links X: https://x.com/markdalgleish GitHub: https://github.com/markdalgleish Website: https://markdalgleish.com LinkedIn: https://www.linkedin.com/in/markdalgleish Resources React Router and RSC: https://remix.run/blog/react-router-and-react-server-components RSC Preview: https://remix.run/blog/rsc-preview Chapters We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Mark Dalgleish.

Aurora Scharff, Senior Consultant at Crayon, joins to break down how modern React development is evolving with features from React 18 and React 19. She explores real-world use cases for useTransition and useOptimistic, highlights improvements in async UI rendering and performance, and shares insights on building responsive interfaces with concurrent rendering patterns. The conversation also touches on server components, Next.js, and tools like Aria Kit and Redwood SDK, all shaping the next era of React development. Links Website: https://aurorascharff.no Github: https://github.com/aurorascharff X: https://x.com/aurorascharff Bluesky: https://bsky.app/profile/aurorascharff.no LinkedIn: https://www.linkedin.com/in/aurora-scharff-a86b88188 Resources Building Reusable Components with React19 Actions: https://aurorascharff.no/posts/building-reusable-components-with-react19-actions Chapters 00:00 Intro 00:18 Modern React concurrent rendering patterns explained 03:38 useTransition real-world examples 08:22 useOptimistic for faster UI feedback 30:10 React Server Components and Next.js integration 30:57 Building modern UIs with Aria Kit 34:07 Using Redwood SDK in the React ecosystem 39:00 Key takeaways and what's next for React development We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr)

Brooks Lybrand, Developer relations manager for Remix and React Router, joins the pod to discuss the latest developments in React Router v7, its evolving community, and the migration path from Remix. We also explore the router's new open governance model, framework mode, and how server-side rendering and data handling are being reimagined for modern web apps. Links Twitter: https://x.com/brookslybrand LinkedIn: https://www.linkedin.com/in/brooks-lybrand Github: https://github.com/brookslybrand YouTube: https://www.youtube.com/channel/UCd93bPmP8vplnkr9Jel_osA Resources React Miami 2025: https://www.youtube.com/watch?v=DPSRGLk6DDQ We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Brooks Lybrand.

In this episode of PodRocket, Michael Shilman, product lead at Storybook, joins us to explore the major updates in Storybook 9. We dive into component testing, browser mode in Vitest, AI workflows, React Server Components, accessibility audits, and Storybook's growing support for frameworks like Next.js, Svelte, and React Native. Michael also shares behind-the-scenes insights on Storybook's evolution from a documentation tool to a full-fledged UI development and testing suite. Links LinkedIn: https://www.linkedin.com/in/shilman Github: https://github.com/shilman X: https://x.com/mshilman Bluesky: https://bsky.app/profile/shilman.net Resources Storybook 9 (https://storybook.js.org/blog/storybook-9/) We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Michael Shilman.

In this week's episode, we explore a handful of exciting tools and tutorials for React Native developers - plus a personal milestone:

Wes rebuilt his personal site from Gatsby to a modern stack using Waku, React Server Components, and Cloudflare Workers — all while keeping the same design. Scott and Wes break down the pain points with Next.js, MDX, image handling, caching, and the custom setup that now powers a blazing-fast blog. Show Notes 00:00 Welcome to Syntax! 01:03 Barcelona Conference. 04:09 Brought to you by Sentry.io. 04:33 Existing stack, goodbye to Gatsby. 06:11 New stack, the goals for moving. 06:56 So what is the new stack? 08:32 Challenges with NextJS. 08:58 Problems with plugins. 09:30 Problems with dynamic imports. 10:21 Problems with Cloudflare deployment. 12:37 Landing on Waku. 13:59 Hot Tips functionality updates. 16:30 Blog Posts + JavaScript Notes. 17:09 Moving from Gatsby. 19:03 Page speeds. 19:29 Removing nav resizing process. 21:03 Writing custom MDX plugins. 23:28 Hosting. 24:08 Why is the build so fast? 28:01 Pricing. 32:25 Caching. 34:49 Migration errors. 36:37 CSS. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

This week we talk to Peter Pistorius, the man currently at the helm of Redwood. Redwood has undergone a lot of changes since it was first announced, pivoting to a serverless framework that leans into React Server Components. Peter has a grand vision for Redwood and the advent of personal software, and we're excited to hear about it.https://rwsdk.com/Episode sponsored By WorkOS (https://workos.com)Become a paid subscriber our patreon, spotify, or apple podcasts for the full episode.https://www.patreon.com/devtoolsfmhttps://podcasters.spotify.com/pod/show/devtoolsfm/subscribehttps://podcasts.apple.com/us/podcast/devtools-fm/id1566647758https://www.youtube.com/@devtoolsfm/membership

No big news besides the RC of React Native 0.80, which gives us time to talk about the current version hell for React Native developers, and a great new Expo DevTool for everyone using TanStack Query!Also in this episode:- RSCs are underrated- Preview of Dead Simple Invoice App- Apple doesn't like my app- Open Water Swimming & Cold Water Shock

¿Vale la pena usar Server Components?En este episodio hablamos sobre qué son los React Server Components, cómo funcionan y en qué casos realmente aportan valor. Exploramos sus ventajas, las limitaciones actuales y situaciones donde quizás no conviene usarlos. Ideal si estás considerando usarlos en tu próximo proyecto con Next.js.

Peter Pistorius, co-creator of RedwoodJS, talks about the evolution from RedwoodJS GraphQL to the new Redwood SDK, a React framework built for Cloudflare. They dive deep into serverless architecture, React Server Components, durable objects, AI-assisted development, and the challenges of modern deployment and hosting. Learn how Redwood SDK is empowering developers to focus on building and shipping, instead of managing infrastructure. Links https://rw-sdk.com http://peterp.org https://github.com/peterp https://bsky.app/profile/p4p8.bsky.social https://x.com/appfactory https://cursor.sh https://neon.tech Resources https://rwsdk.com We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket's Galileo AI watches user sessions for you and surfaces the technical and usability issues holding back your web and mobile apps. Understand where your users are struggling by trying it for free at LogRocket.com (https://logrocket.com/signup/?pdr).

Wes talks with Peter Pistorius about RedwoodSDK, a new React framework built natively for Cloudflare. They dive into real-time React, server components, zero-cost infrastructure, and why RedwoodSDK empowers developers to ship faster with fewer tradeoffs and more control. Show Notes 00:00 Welcome to Syntax! 00:52 What is RedwoodSDK? 04:49 Choosing openness over abstraction 08:46 More setup, more control 12:20 Why RedwoodSDK only runs on Cloudflare 14:25 What the database setup looks like 16:15 Durable Objects explained – Ep 879: Fullstack Cloudflare 18:14 Middleware and request flow 23:14 No built-in client-side router? 24:07 Integrating routers with defineApp 26:04 React Server Components and real-time updates 29:53 What happened to RedwoodJS? 31:14 Why do opinionated frameworks struggle to catch on? 34:35 The problem with Lambdas 36:16 Cloudflare's JavaScript runtime compatibility 40:04 Brought to you by Sentry.io 41:44 The vision behind RedwoodSDK Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

React Core team member Dan Abramov joins us to explore "JSX over the wire" and the evolving architecture of React Server Components. We dive into the shift from traditional REST APIs to screen-specific data shaping, the concept of Backend for Frontend (BFF), and why centering UI around the user experience—not server/client boundaries—matters more than ever. Links https://danabra.mov https://github.com/gaearon https://bsky.app/profile/danabra.mov https://overreacted.io https://www.youtube.com/@danabramov Resources JSX Over The Wire: https://overreacted.io/jsx-over-the-wire/ Impossible Components: https://overreacted.io/impossible-components/ What Does "use client" Do?: https://overreacted.io/what-does-use-client-do/ Our Journey With Caching: https://nextjs.org/blog/our-journey-with-caching https://parceljs.org https://nextjs.org/docs/app We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Dan Abramov.

Scott and Wes break down the current state of React Server Components — what they are, how they work, and why they're so controversial. From framework support to bundling complexity, it's everything you need to know about RSC in 2025. Show Notes 00:00 Welcome to Syntax! 01:01 Brought to you by Sentry.io. 01:55 What exactly are React Server Components? 02:18 Server components rendering. 03:17 Server components are async. 03:45 Server components can be suspended. 05:05 Server components send RSC payloads to the browser. 06:08 This feels like HTMX? 06:54 Client components are still server rendered. 07:58 Server Functions. 08:52 useActionState. 09:12 Frameworks and React Platforms. 09:16 NextJS. 09:42 Waku. 12:26 candycode.com Daishi Kato 14:23 React Router. Michael Jackson Tweet. 19:29 Vite. vite-plugin-react-server 20:54 Tanstack. Syntax Ep 833. 22:39 Bun. 23:01 DIY. 23:39 Why so much hate? 25:28 I want it my way. 27:46 React Server Components lock-in. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Tanner Linsley joins React Universe On Air to unpack the evolution of the TanStack ecosystem—from React Table and React Query to TanStack Router and the newest addition to the family, TanStack Start ✨ What started as internal tooling for Nozzle became a suite of libraries that shaped how developers think about server state, routing, and full-stack React apps. In this episode, Tanner shares the technical decisions behind building framework-agnostic, headless tools—and explains why client-side architecture still matters in a server-first world. You'll also hear why TanStack Start isn't just another full-stack framework, how React Server Components could be treated like server state, and what's coming next for TanStack Router. If you're building React apps at scale or deciding how to modernize your frontend stack, don't skip this one! Check out episode resources on our website

In this episode, Amy and Brad dive into the ongoing debate between Laravel and full stack JavaScript frameworks. They explore both ecosystems from their unique perspectives. Amy shares her real-world experience building a project in Laravel after working extensively with JavaScript frameworks, highlighting where each approach shines and struggles. From Laravel's backend prowess to the cognitive load of context switching between languages, this episode offers practical insights for developers weighing these technology choices.Show Notes00:00 - Intro01:00 - Sponsorship: Sanity01:59 - Origins of the Laravel vs JavaScript Discussion03:59 - Amy's Experience Building a Project in Laravel06:59 - PHP Development and Linting Experience11:59 - Understanding MVC Architecture15:00 - Challenges with JavaScript Backend Services18:00 - Backend Strengths of Laravel20:00 - Frontend Challenges in Laravel23:00 - Comparing Laravel and JavaScript Ecosystem Solutions26:59 - JavaScript Full Stack Frameworks Discussion30:00 - Architectural Differences Between Frameworks33:00 - Framework Choice Considerations38:59 - Picks and Plugs: Newsletter and Cameras42:00 - Picks and Plugs: Games and YouTube Links and ResourcesSanity.io (sponsor)LaravelSam's podcast: Frontend FirstRedwoodJSRemixNext.jsAstroSupabaseInngestResend (email service)Postmark (email service)OpenAIPrismaPHP StormLaravel Blade (templating language)Laravel LivewireAlpine.jsLaravel BreezeLaravel Eloquent ORMAdonis/AdonisJSEpisode 54: Why RedwoodJS is the App Framework for Startups, with David PriceViteStorybookAmy's newsletter: Broken CombInsta360 X2 cameraInsta360 Go 3 cameraStardew Valley (game)Brad's YouTube channelCloudinary channel and Dev Hints series

Next.js had a security vulnerability scare last week due to an internal header in its middleware that allowed for skipping middleware (like auth validation) before reaching routes. The Next.js team responded quickly and patched the security holes, but this serves as a reminder to stay vigilant, keep dependencies updated, and implement multiple layers of security.Michael Jackson, co-founder of Remix and React Router, is calling it quits for Remix support React Server Components. Lots of React-based frameworks built prior to RSCs have been struggling to support the new paradigm shift - and lots of devs have bemoaned the fact because of the added complexity it introduces, and MJ is over it. This isn't the first time framework authors have made bold claims to not support new breaking changes, so we'll have to wait and see if he sticks to it.Rsdoctor, a build analyzer tool by ByteDance, has hit v1.0. Rsdoctor goes beyond other build analysis tools offering a visual view of the build process and smart analysis to help dev teams identify bottlenecks, optimize performance, and improve overall engineering quality.News:Paige - Rsdoctor 1.0 is available nowJack - Remix bailing on RSC?TJ - Next.js's security vulnerabilityBonus News:Redwood JS enters maintenance modeBrowser Use Raises $17MFire Starters:CSS interpolate-size: allow-keywordsWhat Makes Us Happy this Week:Paige - Mythic Quest TV seriesJack - Relearning guitar and the Katana Go headphone ampTJ - Open AI image generation and Studio GhibliThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

React version 19 has been released! Carl and Richard talk to Aurora Scharff about the long-awaited version of React that incorporates React Server Components and many other features. Aurora talks about the rethink involved in switching to a server-first implementation of a React website, which is best suited for greenfield implementations. For existing React apps, you'll want to look at React Router, which has V7, incorporates Remix features, and provides a bridge between React 18 and 19. Lots of progress from the library that runs Facebook!

Join us as Tanner Linsley, the creator and founder of TanStack Start talks about its transition from Vinci to a more streamlined architecture built on Nitro. Learn about the framework's innovative approach to server functions, its isomorphic design philosophy, and how it differs from other frameworks like Remix. Tanner also shares insights into TanStack's sustainable open-source business model and his journey to building developer tools that prioritize user experience over rapid growth.Show Notes0:00 - Intro0:38 - Welcome Tanner Linsley3:43 - React Server Components and TanStack Evolution6:04 - TanStack Start Overview and Vinci Transition11:26 - Nitro Integration and Framework Architecture15:19 - Server Functions and Framework Comparisons20:58 - API Design Philosophy24:19 - Testing and Development Process30:58 - Team and Collaboration Discussion33:38 - Open Source Sponsorship Strategy36:32 - Netlify Partnership Announcement38:37 - Open Source Sustainability Discussion41:03 - Picks and Plugs LinksProducts & Tools:TanStackVinxi by Nikhil SarafNitroReact RouterTRPCRemixH3 (web request library)XPro (Tweet Deck)Deck.blue (BlueSky client)MOTU M4 audio interfaceBamboo Lab A1 3D printerLashbrook Designs (Brad's wedding band)Companies & Sponsors:ConvexClerkAG GridSentryNetlifyGames & Entertainment:Blockus (board game)Severance (TV Show on Apple TV+)"First Lie Wins" (book)Personal Projects & Links:buildtwelve.com (Amy's project)Brad on BlueSky (@bradgaropy.com)Nozzle (Tanner's startup)Technical Resources:Babel Dead Code Elimination (by Pedro Katori)GitHub 3D Contribution Graph GeneratorReact Server Components documentationOther Projects Mentioned:Solid StartAstro

Brooks Lybrand discusses the transformation of React Router from a simple routing library to a powerful framework option for React applications. Learn about React Router 7's new framework mode, upcoming middleware support, and the team's innovative approach to React Server Components. Brooks explains how the Remix team is working to bring proven patterns and web standards to the broader React community while building a foundation for future web development that leverages native web APIs.Chapter Marks0:00 - Intro0:37 - Guest Introduction & SNL Jacket Discussion1:12 - The Remix "Nap" Announcement3:25 - Understanding React Router's Evolution7:51 - React Router Framework Mode10:21 - Middleware Support Plans15:42 - React Server Components Integration19:14 - Server-Side Capabilities & RSC Benefits24:17 - Team Size and Structure25:13 - Remix Brand & Future Direction30:19 - Future of Web APIs32:03 - Austin Remix Meetup Discussion34:54 - Community Engagement and Open Source36:19 - Picks and Plugs LinksPeople & Profiles:Brooks Lybrand's social profilesTwitterBlueSkyMichael ChanJames PerkinsRyan FlorenceEvan Bacon (mentioned for RSC mobile demo)Tools & Projects:React Router 7Remix RunRemix DiscordVite 6Cursor AI (mentioned in Amy's pick)The dev.to article about Cursor settings that Amy referencedElgato XLR Deck (Brad's pick)OXO Silicon Measuring Cup (Amy's pick)Events & Communities:Epic Web Conf (March 2024, where Brooks will be speaking)React Miami (April 2024, where Brooks will be speaking)Remix Austin MeetupTechnical Resources:React Server Components documentationRemix Project RoadmapVite's Environment API documentationBooks:The Three-Body Problem book series (Brooks' pick)Additional Resources:Netflix's Three-Body Problem show (mentioned in relation to Brooks' pick)

Scott and Wes look into their crystal ball to predict what's coming in web development next year. From the rise of on-device AI to the vanilla CSS comeback, Bun's big moves, and React's evolution, this episode is packed with bold predictions and hot takes! Show Notes 00:00 Welcome to Syntax! 02:00 Brought to you by Sentry.io. 03:09 The agenda. 03:40 Temporal Javascript api will ship in Safari and Chrome. Temporal Proposal. 06:23 On device AI. WebGPU API Dawn Native WebGPU 10:26 Models will plateau. Bolt.new, v0, Lovable.dev. 13:40 Web Awesome will become the most used web components library. Web Awesome. 15:57 We will be using more web components. 16:59 A push towards the ‘standard stack'. 19:38 We can really use relative color. 21:39 Vanilla CSS comeback. 23:35 A complete Mixins / Functions API for CSS. 24:27 Conditionals will ship in all browsers. 25:50 People will still make vertical centering jokes. 27:08 VSCode will be feature parity with Cursor. 28:22 Framework choice will matter less with AI tools. 29:12 OpenAI will launch a browser. Dupe.com. Buy Now! The Shopping Conspiracy. Krazy Binz. 37:18 React will drop Babel. BabelJS. 38:05 React Server Components will pop. 39:46 Remix will relaunch as something entirely different. 41:11 React Native will have it's time. 42:06 Svelte will get component-based islands or data loading. 44:19 Server Runtimes, Bun will continue to do non-standard, lovable things. 44:44 Bun will release a PAS to compete with NPM, Vercel, and Vite. 46:06 Laravel will release a CMS. 47:57 Vite will stay king. 48:03 Rolldown ships in the next version of Vite. Rolldown. Statamic. 49:35 Sick Picks & Shameless Plugs. Sick Picks Scott: PHILIPS A19 Ultra Definition Dimmable Light Bulb. Wes: Stats App. Shameless Plugs Scott: Syntax on YouTube. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

In this episode of Compressed FM, Dustin Goodman shares insights from his journey from IC to engineering manager at companies like ClickUp and This Dot. The conversation explores the nuances of technical leadership, team dynamics, and the importance of understanding personal values in management. The discussion then shifts to a deep dive into React Server Components, examining their implementation challenges and potential impact on the framework ecosystem. SponsorsWix Studio combines the best of both worlds—intuitive design tools for clients and full-stack flexibility for developers. Customize every detail with your own code and take control of your projects.Chapter Marks00:00:00 - Intro00:00:42 - Sponsor: Wix Studio00:01:33 - Engineering Management Journey00:05:11 - Managing Different Experience Levels00:07:14 - Technical Skills in Management00:09:27 - Should Managers Code?00:12:19 - Managing Up vs Managing Down00:17:27 - Team Values Discussion00:20:11 - Strengths and Management Styles00:26:07 - React Server Components Introduction00:29:27 - RSC Implementation Challenges00:34:34 - GraphQL and Server Components00:39:13 - Future of React Frameworks00:43:10 - Vite 6 Discussion00:47:52 - React Community Evolution00:51:21 - Picks and PlugsAmy Dutton:Pick: Browse AI (web scraping tool with AI capabilities)Plug: Advent of CSS and Advent of JavaScript (24 coding challenges in December)Dustin Goodman:Pick: Cursor (AI-powered code editor)Plug: "Engineering Management for the Rest of Us" by Sarah DrasnerBrad Garropy:Pick: Helldivers 2 (video game)Plug: Raycast extension for Stripe (automatically fills checkouts with test cards)01:00:14 - Show Wrap-upLinksBooks Mentioned:"The Manager's Path" by Camille Fournier"Engineering Management for the Rest of Us" by Sarah DrasnerTools & Software:Wix StudioBrowse AICursor (code editor)RaycastRaycast Stripe extensionVite 6Next.jsSocial/Community:BlueSky (Brad and Amy)Bytes NewsletterConnectTech conferencePeople Referenced:Ryan BurgessGergely OroszTracy LeeDan AbramovTanner LindsleyJohn LindquistDavid KhourshidAssessment Tools:Clifton StrengthsFinderAPIs/Documentation:Stripe test cards documentationReact Server Components documentationVite documentationProjects:Advent of CSS (adventofcss.com)Advent of JavaScript (adventofjs.com) 

Michael Chan discusses the latest updates in React 19. He talks new features like React server components, the shift towards TypeScript, deprecations of older APIs, and the adoption of Testing Library as the preferred testing tool. Links https://www.linkedin.com/in/chantastic https://chan.dev https://www.youtube.com/@chantastic https://x.com/chantastic https://github.com/chantastic https://react.dev The Web and Design Systems with Michael Chan (https://www.youtube.com/watch?v=liHmU3iII0Q) Moving Tech Forward Through Kindness with Michael Chan, Developer Experience Engineer at Chromatic (https://www.youtube.com/watch?v=y2Y_o0RZwDo) We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Michael Chan.

Daniel Roe, Nuxt core team leader, talks about the wide-ranging topic of meta-frameworks. Discover the benefits, use cases, and how these frameworks can transform the productivity of your development team, and delve into the rise of server-side rendering, React server components, and the role of AI in web development. Links https://roe.dev https://github.com/danielroe https://x.com/danielcroe https://bsky.app/profile/danielroe.dev https://www.twitch.tv/danielroe https://www.youtube.com/@danielroe We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Daniel Roe.

Scott and Wes serve up their reaction to the “State of React 2023” survey results, discussing the main API pain points like forwardRef and memo. They also explore the latest on state management, hooks pain points, and exciting new libraries in the React ecosystem. Show Notes 00:00 Welcome to Syntax! 01:41 Brought to you by Sentry.io. 02:28 The State of React 2023. 03:11 The Main API Painpoints. 04:31 forwardRef. 05:27 memo. 06:39 Context API. 07:18 StrictMode. 08:45 Double rendering. 09:36 State management. 11:58 Hooks Pain Points. 12:11 useEffect. 12:33 Dependency arrays. 13:11 New API Pain Points. 13:19 React Server Components. 14:40 Taint API. 15:19 Libraries. 17:02 Jotai. 17:45 Apollo Client. 19:05 Redux. 20:57 Redwood. 21:26 React Aria. 21:55 Astro. 22:04 The most negative. 23:35 Component Libraries. 25:50 Other Component Libraries. 25:53 Mantine. 27:47 Details element. Tolin.ski/demos. 28:59 Honorable mentions. 29:07 Animations. 29:28 Data Visualization. 31:26 CSS Tools and Libraries. 33:14 Styled Components. 34:16 Meta Frameworks. 38:50 Hosting. 40:08 Other Services. 40:45 Back-end language trivia. 43:00 State management. 43:40 Data Loading. 44:08 Other Tools. 44:09 Testing Libraries. 44:45 React Renderers. 47:58 Podcasts, thank you! 48:14 Sick Picks & Shameless Plugs. Sick Picks Scott: Thermacell. Wes: Nerf Guns Shameless Plugs Wes: Syntax.fm. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Scott and Wes dive into the world of Next.js with special guest Tim Neutkens from Vercel. They explore the latest updates, including the React Compiler and React Server Components, discussing their impact on developer workflows and the future of Next.js development. Show Notes 00:00 Welcome to Syntax! 00:30 What does the React Compiler do? 05:04 Will React Compiler help with managing Context? 06:39 What happens if you're not using a React Compiler? react.dev Playground. 09:30 Will this work on any NextJS version? 12:18 What are React Server Components? 16:28 Shipping all the data inside an encapsulated component. 20:17 Clearing up the frustrations around retrofitting server components. 23:13 Handing migration. 28:30 Is this just a fetch request with props? 36:41 How closely are the NextJS and React teams working? 41:53 Will we ever get Async Client Components? 43:52 Async Local Storage API. 45:31 Turbopack. 57:51 Sick Picks & Shameless Plugs. Sick Picks Tim: Apple TV Sci-Fi. Shameless Plugs Tim: Turbopack, Next.js 15 RC, Sentry NextJS. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads