I've started a #NextJS and #nestjs side project to learn React and TS backend development. It's going great, I've set up an #NXWorkspace, ESLint, Vitest, added multi-stage Dockerfiles, docker-compose, CI pipelines, set up branch protection and pull request policies and absolutely no actual features or UI. Are those practices useful or am I too deeply entrenched in corporate software development?

**Stéphane** @sirber@jasette.facil.services · Apr 6 *

Apr 6 *

Stéphane @sirber@jasette.facil.services

Gonna finish my current project with #NextJS and #prisma on #postgrrsql.

The next one will be simple #React with #Express. And #Bun. Maybe with #Mongodb.

**Jobs for Developers** @jobsfordevelopers@mastodon.world · Apr 3

Apr 3

Jobs for Developers @jobsfordevelopers@mastodon.world

Headway is hiring Engineering Manager (Claims Platform)

#python #typescript #nextjs #react #remix #aws #kafka #postgresql #redis #awss3 #engineeringmanager
Remote; New York City, New York; San Francisco, California; Seattle, Washington
Full-time
Headway

Job details https://jobsfordevelopers.com/jobs/engineering-manager-claims-platform-at-headway-co-mar-18-2025-ec76fb?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring

**Paweł Grzybek** @pawelgrzybek@mastodon.social · Apr 2

Apr 2

Paweł Grzybek @pawelgrzybek@mastodon.social

A great post by Eduardo Bouças about the Next.js attachment to Vercel, the lack of openness and transparency with other host providers, and a mention of the recent security drama.

https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/

Build TimesYou should know this before choosing Next.jsPicking the technology stack for a project is an important and consequential decision. In the enterprise space in particular, it often involves a multi-year commitment with long-lasting implications on the roadmap of the project, the pace of its development, the quality of the deliverables, and even the ability to assemble and maintain a happy team.The open-source software model is a fundamental answer to this. By using software that is developed in the open, anyone is free to extend it or modify it in whatever way fits their use case. More crucially, the portability of open-source software gives developers and organisations the freedom to move their infrastructure between different providers without fear of getting locked in to a specific vendor.This is the expectation with Next.js, an open-source web development framework created and [governed by Vercel](https://nextjs.org/governance), a cloud provider that offers managed hosting of Next.js as a service.

#nextjs

**Frontend Dogma** @frontenddogma@mas.to · Apr 1

Apr 1

Frontend Dogma @frontenddogma@mas.to

Is Vite Faster Than Turbopack?, by @gill_kyle@x.com:

https://www.kylegill.com/essays/vite-vs-turbopack/

www.kylegill.comIs Vite faster than Turbopack?Vite comes from the French word for "quick" , but is it really? I've spent the last 3, almost 4 years building our web app at Particl…

#nextjs #webpack #vite

**jj@::1$:~** @thejtoken@hachyderm.io · Apr 1

Apr 1

jj@::1$:~ @thejtoken@hachyderm.io

Interesting reflection about OSS and the last #NextJS security issue management by #Vercel
https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/

**Captain Steph** @sirber@fosstodon.org · Apr 1

Apr 1

Captain Steph @sirber@fosstodon.org

Well... #yarn 1.22 is obsolete and 4.x is "PNP", thus incompatible with #nextjs . Gonna stick with classic #npm.

#JavaScript #Node #NodeJS

**Frontend Dogma** @frontenddogma@mas.to · Mar 31

Mar 31

Frontend Dogma @frontenddogma@mas.to

You Should Know This Before Choosing Next.js, by @eduardoboucas:

https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/

#nextjs #vercel #frameworks

**Kevin Darty** @kdarty@hachyderm.io · Mar 31

Mar 31

Kevin Darty @kdarty@hachyderm.io

Vibe Coding for web with Cursor AI

How to build a React web app in just a few minutes with AI

#AI #Code #AICodeGeneration #VibeCoding #AICodingAssistants #Cursor #WebDev #NextJS #React #Programming

https://uxplanet.org/vibe-coding-for-web-with-cursor-ai-0059aa5e5803

**N-gated Hacker News** @ngate@mastodon.social · Mar 29

Mar 29

N-gated Hacker News @ngate@mastodon.social

Oh, look! Yet another pretentious Firebase wannabe , because clearly, the world needed more lightweight database alternatives that promise to "run anywhere" like a toddler with a sugar rush. Now available in a range of flavors from Next.js to, um, Bun —because that's a real thing, apparently.
https://github.com/bknd-io/bknd #FirebaseAlternatives #LightweightDatabases #NextJS #BunTech #StartupHumor #HackerNews #ngated

**IT News** @itnewsbot@schleuss.online · Mar 28

Mar 28

IT News @itnewsbot@schleuss.online

This Week in Security: IngressNightmare, NextJS, and Leaking DNA - This week, researchers from Wiz Research released a series of vulnerabilities in t... - https://hackaday.com/2025/03/28/this-week-in-security-ingressnightmare-nextjs-and-leaking-dna/ #thisweekinsecurity #ingressnightmare #hackadaycolumns #securityhacks #23andme #nextjs #news

Hackaday · Mar 28This Week In Security: IngressNightmare, NextJS, And Leaking DNAThis week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely t…

**Captain Steph** @sirber@fosstodon.org · Mar 28

Mar 28

Captain Steph @sirber@fosstodon.org

Yay I can add basic customers in my CRM project! Trying to learn #nextjs and #prisma.

#webdev #TypeScript

**Sergi** @sergi@floss.social · Mar 27

Mar 27

Sergi @sergi@floss.social

You should know this before choosing Next.js

https://eduardoboucas.com/posts/2025-03-25-you-should-know-this-before-choosing-nextjs/

#NextJS #Vercel

**N-gated Hacker News** @ngate@mastodon.social · Mar 27

Mar 27

N-gated Hacker News @ngate@mastodon.social

Ah yes, if only deploying Next.js sites was as exciting as Netlify's PR team makes it sound. Spoiler: it's just another episode of "Yet Another Platform Struggles with Open Source" . Meanwhile, your sites might benefit from some "Agent Experience" – whatever that means.
https://www.netlify.com/blog/how-we-run-nextjs/ #Nextjs #Netlify #OpenSource #AgentExperience #PlatformStruggles #HackerNews #ngated

www.netlify.comNext.js Deployment Challenges: Why platforms need better open source collaborationDiscover the 6 key challenges platforms face when supporting Next.js deployments, including the lack of adapter support and undocumented behaviors. Learn how Netlify is working with OpenNext to build a more collaborative future for the open source Next.js framework.

Replied in thread

**Thibaud Colas** @thibaudcolas@fosstodon.org · Mar 27

Mar 27

Thibaud Colas @thibaudcolas@fosstodon.org

@carlton @EmmaDelescolle @wsvincent bonus chart for you two. I’d love to see this compared to #Rails / #Laravel / #nextjs. I think "75% of current downloads are for a supported version" is a solid achievement but am only 75% sure of that.

Downloads of supported Django versions. Percentage of PyPI downloads of Django versions that are under mainstream or extended support. Line chart from 2016 (around 30%) to March 2025 (around 75%). In-between, the line is bumpy but stays between 55 and 80% through 2018 to now.

**Olly** @Olly42@nerdculture.de · Mar 27

Mar 27

Olly @Olly42@nerdculture.de

Critical Flaw in Next.js lets Attackers bypass Authorization.

A recent collaborative effort by researchers Rachid Allam and Yasser Allam has exposed a critical vulnerability within the Next.js framework, a widely used JavaScript framework based on React with nearly 10 million weekly downloads.

https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware

Their research, documented in a detailed publication, reveals a flaw in the Next.js middleware that allows for unauthorized access and control, impacting all versions of the framework. This flaw, designated CVE-2025-29927 and rated as critical.

<https://nvd.nist.gov/vuln/detail/CVE-2025-29927>

Reportedly, the vulnerability specifically targets the middleware function, which is a component designed to execute code before a request is completed and is frequently used for crucial security functions, including authentication and authorization. However, the discovered vulnerability allows attackers to bypass these security measures.

The core of the vulnerability lies in the handling of the “x-middleware-subrequest” header. By manipulating this header with a specific value, attackers can effectively ignore the middleware’s intended rules, gaining unauthorized access. As Allam explained, “The header and its value act as a universal key allowing rules to be overridden.”

[ImageSource: zhero-web-sec]

The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.

"Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an advisory. "It was possible to skip running middleware, which could allow requests to skip critical checks [such as authorization cookie validation] before reaching routes."

<https://nextjs.org/blog/cve-2025-29927>

The shortcoming has been addressed in versions 12.3.5, 13.5.9, 14.2.25 and 15.2.3. If patching is not an option, it's recommended that users prevent external user requests that contain the x-middleware-subrequest header from reaching the Next.js application.

⚠️The company also said any host website that utilizes middleware to authorize users without any additional authorization checks is vulnerable to CVE-2025-29927, potentially enabling attackers to access otherwise unauthorized resources (e.g., admin pages).⚠️

#nextjs #middleware #it

**Nils Hartmann** @nilshartmann@norden.social · Mar 27

Mar 27

Nils Hartmann @nilshartmann@norden.social

Vielen Dank für Orga, Teilnahme und die rege Diskussion rund um das Thema #NextJS gestern bei der #JugHH!

Hier findet ihr Links zur Beispiel-Anwendungen und zum Live-Coding-Code: https://react.schule/jughh-nextjs

Bis zum nächsten Mal

PS: Wenn euch das Thema interessiert, und ihr in der Region #Dortmund unterwegs seid: im April halte ich den Vortrag dort auf der User Group von #Codecentric: https://www.meetup.com/codecentric-dortmund-tech-talk/events/305897148

Screenshot von Webstorm, in dem eine fiktive Java- und eine NextJS-Datei geöffnet ist

Titelfolie des Vortrags mit dem Titel "Das Frontend im Backend - Webanwendungen mit Next.js"

Drag & drop to upload

Recent searches

Search options

Administered by:

Server stats:

#nextjs