Is Vite Faster Than Turbopack?, by @gill_kyle@x.com:
www.kylegill.comIs Vite faster than Turbopack?Vite comes from the French word for "quick" , but is it really? I've spent the last 3, almost 4 years building our web app at Particl…
Recent searches
Search options
#nextjs
10 posts10 participants0 posts today
DrupalCon was inspiring, exciting, and overwhelming, as usual! I hoped to come away with a new focus, and I did but maybe not what I imagined. Here is my relatively hot take:
https://medium.com/@troyderego/drupalcon-atlanta-2025-the-view-from-the-lunch-table-2931b042d675
Medium · DrupalCon Atlanta 2025: The view from the lunch table
You Should Know This Before Choosing Next.js, by @eduardoboucas:
https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/
Build TimesYou should know this before choosing Next.jsPicking the technology stack for a project is an important and consequential decision. In the enterprise space in particular, it often involves a multi-year commitment with long-lasting implications on the roadmap of the project, the pace of its development, the quality of the deliverables, and even the ability to assemble and maintain a happy team.The open-source software model is a fundamental answer to this. By using software that is developed in the open, anyone is free to extend it or modify it in whatever way fits their use case. More crucially, the portability of open-source software gives developers and organisations the freedom to move their infrastructure between different providers without fear of getting locked in to a specific vendor.This is the expectation with Next.js, an open-source web development framework created and [governed by Vercel](https://nextjs.org/governance), a cloud provider that offers managed hosting of Next.js as a service.
This Week in Security: IngressNightmare, NextJS, and Leaking DNA - This week, researchers from Wiz Research released a series of vulnerabilities in t... - https://hackaday.com/2025/03/28/this-week-in-security-ingressnightmare-nextjs-and-leaking-dna/ #thisweekinsecurity #ingressnightmare #hackadaycolumns #securityhacks #23andme #nextjs #news
Hackaday · This Week In Security: IngressNightmare, NextJS, And Leaking DNAThis week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely t…
You should know this before choosing Next.js
https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/
Build TimesYou should know this before choosing Next.jsPicking the technology stack for a project is an important and consequential decision. In the enterprise space in particular, it often involves a multi-year commitment with long-lasting implications on the roadmap of the project, the pace of its development, the quality of the deliverables, and even the ability to assemble and maintain a happy team.The open-source software model is a fundamental answer to this. By using software that is developed in the open, anyone is free to extend it or modify it in whatever way fits their use case. More crucially, the portability of open-source software gives developers and organisations the freedom to move their infrastructure between different providers without fear of getting locked in to a specific vendor.This is the expectation with Next.js, an open-source web development framework created and [governed by Vercel](https://nextjs.org/governance), a cloud provider that offers managed hosting of Next.js as a service.
Replied in thread
@carlton @EmmaDelescolle @wsvincent bonus chart for you two. I’d love to see this compared to #Rails / #Laravel / #nextjs. I think "75% of current downloads are for a supported version" is a solid achievement but am only 75% sure of that.
Critical Flaw in Next.js lets Attackers bypass Authorization.
A recent collaborative effort by researchers Rachid Allam and Yasser Allam has exposed a critical vulnerability within the Next.js framework, a widely used JavaScript framework based on React with nearly 10 million weekly downloads.
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
![[ImageSource: zhero-web-sec]
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
"Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an advisory. "It was possible to skip running middleware, which could allow requests to skip critical checks [such as authorization cookie validation] before reaching routes."
<https://nextjs.org/blog/cve-2025-29927>
The shortcoming has been addressed in versions 12.3.5, 13.5.9, 14.2.25 and 15.2.3. If patching is not an option, it's recommended that users prevent external user requests that contain the x-middleware-subrequest header from reaching the Next.js application.
⚠️The company also said any host website that utilizes middleware to authorize users without any additional authorization checks is vulnerable to CVE-2025-29927, potentially enabling attackers to access otherwise unauthorized resources (e.g., admin pages).⚠️](https://nerdculture.de/system/media_attachments/files/114/234/341/495/174/533/original/d2d061af71c4a9f2.jpeg "[ImageSource: zhero-web-sec]
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
\"Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,\" Next.js said in an advisory. \"It was possible to skip running middleware, which could allow requests to skip critical checks [such as authorization cookie validation] before reaching routes.\"
<https://nextjs.org/blog/cve-2025-29927>
The shortcoming has been addressed in versions 12.3.5, 13.5.9, 14.2.25 and 15.2.3. If patching is not an option, it's recommended that users prevent external user requests that contain the x-middleware-subrequest header from reaching the Next.js application.
⚠️The company also said any host website that utilizes middleware to authorize users without any additional authorization checks is vulnerable to CVE-2025-29927, potentially enabling attackers to access otherwise unauthorized resources (e.g., admin pages).⚠️")
Vielen Dank für Orga, Teilnahme und die rege Diskussion rund um das Thema #NextJS gestern bei der #JugHH!
Hier findet ihr Links zur Beispiel-Anwendungen und zum Live-Coding-Code: https://react.schule/jughh-nextjs
Bis zum nächsten Mal 
PS: Wenn euch das Thema interessiert, und ihr in der Region #Dortmund unterwegs seid: im April halte ich den Vortrag dort auf der User Group von #Codecentric: https://www.meetup.com/codecentric-dortmund-tech-talk/events/305897148
#Development #Insights
Before choosing Next.js · What to know about the web development framework https://ilo.im/162zgl
_____
#OpenSource #Vercel #NextJS #React #JavaScript #Framework #Hosting #WebDev #Frontend #Backend
Build TimesYou should know this before choosing Next.jsPicking the technology stack for a project is an important and consequential decision. In the enterprise space in particular, it often involves a multi-year commitment with long-lasting implications on the roadmap of the project, the pace of its development, the quality of the deliverables, and even the ability to assemble and maintain a happy team.The open-source software model is a fundamental answer to this. By using software that is developed in the open, anyone is free to extend it or modify it in whatever way fits their use case. More crucially, the portability of open-source software gives developers and organisations the freedom to move their infrastructure between different providers without fear of getting locked in to a specific vendor.This is the expectation with Next.js, an open-source web development framework created and [governed by Vercel](https://nextjs.org/governance), a cloud provider that offers managed hosting of Next.js as a service.
https://astro.build/ and https://vanilla-extract.style/ are a great fit.
I'm migrating from NextJS to Astro and all my complex styles are ported over with no changes. This makes my job so much easier.
AstroAstroAstro builds fast content sites, powerful web applications, dynamic server APIs, and everything in-between.
What are your thoughts on Vercel and Next JS? It seems like a walked garden to me...
[Tutorial 
] Trying to modernize your Symfony setup? This new guide shows how to decouple your frontend using Next.js—for better performance, faster deploys, and dev workflow wins.
It’s practical, detailed, and designed to help you iterate faster without breaking your architecture.
Critical flaw in #Nextjs lets hackers bypass authorization
HEUTE (Mittwoch, 26.3.) ist "Fremdsprachen-Tag" bei der #JUG Hamburg: Ich möchte euch das #React-Framework #NextJS vorstellen und mit klassischen #Java-Architekturen vergleichen (mal sehen, ob das klappt...)
Freue mich, euch ab 19 Uhr zu sehen: https://www.meetup.com/jug-hamburg/events/306742794
MeetupDas Frontend im Backend: Webanwendungen mit Next.js, Wed, Mar 26, 2025, 7:00 PM | MeetupEinmal mehr möchte ich die JUG HH mit einem “Fremdsprachen”-Vortrag kapern und mit euch in die JavaScript-Frontend-Welt eintauchen. Wobei sich diese Frontend-Welt zum große
Exploring SSR Patterns: Next.js, Nuxt.js, and Alternatives https://chat-to.dev/post?id=TVRpYklqejFjdnlZQXlHR3JHU0Jkdz09 #nextjs #nuxtjs #javascript #programming
#NextJS: Critical #vulnerability in NextJS (CVE-2025-29927) impacts all NextJS versions before 15.2.3, 14.2.25, 13.5.9, 12.3.5 allowing attackers to bypass authorisation checks.
Great explanation and a Proof-of-Concept demonstration by @_JohnHammond 
https://www.youtube.com/watch?v=dL1a0KcAW3Y
Looking for freelance #NextJS devs. Potential to earn upto ₹20K a week.
Reject modernity (Next.js); embrace tradition (PHP).