This Week In React

7 days ago

This Week In React 283 ⚛️ - TanStack Query / Router / Virtual - RSC + composition - Perf: GitHub & Linear - Liquid DOM - Apollo - i18n 📱 - Expo SDK 56 - Reanimated - Worklets - NativeScript - Strict DOM - Standard Nav 🍿 Read: https://t.co/1TB0sNT7Uz ✍️ @jaworek3211 & I

sebastienlorber's tweet photo. This Week In React 283

⚛️
- TanStack Query / Router / Virtual
- RSC + composition
- Perf: GitHub & Linear
- Liquid DOM
- Apollo
- i18n
📱
- Expo SDK 56
- Reanimated
- Worklets
- NativeScript
- Strict DOM
- Standard Nav

🍿 Read: https://t.co/1TB0sNT7Uz

✍️ @jaworek3211 & I https://t.co/arbgUeWrOr

0

35

9

5

4K

8 days ago

Major milestone for the npm ecosystem All widely used package managers will soon block postinstall scripts by default!

8 days ago

❤️ npm + Supply chain security => improving now! 🤩 📦 npm v11.16 - Phase 1 - PR merged - package.allowScripts = [] - Warns on unapproved postinstall script 📦 npm v12.0 - Phase 2 - Upcoming PR 👀 - Blocks unapproved postinstall scripts by default 🚀

sebastienlorber's tweet photo. ❤️ npm + Supply chain security => improving now! 🤩

📦 npm v11.16
- Phase 1 - PR merged
- package.allowScripts = []
- Warns on unapproved postinstall script

📦 npm v12.0
- Phase 2 - Upcoming PR 👀
- Blocks unapproved postinstall scripts by default 🚀 https://t.co/pq77g5NQKa

13

357

38

87

67K

0

6

1

537

14 days ago

Another newsletter about security 😅

14 days ago

This Week In React 282 ⚛️ - Security - Fate - TanStack - Redux - Base UI - Relay - Storybook - Jotai 📱 - Hermes-node - Expo - Rozenite - Harness - VR - Nitro - Skia - Redraw 🍿 Read: https://t.co/c3tRQu1hY3 ✍️ @jaworek3211 & I

sebastienlorber's tweet photo. This Week In React 282
⚛️
- Security
- Fate
- TanStack
- Redux
- Base UI
- Relay
- Storybook
- Jotai
📱
- Hermes-node
- Expo
- Rozenite
- Harness
- VR
- Nitro
- Skia
- Redraw

🍿 Read: https://t.co/c3tRQu1hY3

✍️ @jaworek3211 & I https://t.co/n2nxlPmAbw

1

24

4

8K

1

2

0

328

ThisWeekInReact retweeted

15 days ago

💡 Use "using" for Vitest/Jest mocks/spys It's really nice to simplify You don't need manual mockReset / global afterEach

7

645

70

363

169K

ThisWeekInReact retweeted

16 days ago

Erratum: you'd rather EXPLICITLY disable caching in sensitive workflows using setup-node

4

88

9

49

19K

21 days ago

Security is making headlines this week 😅 But we also have a lot of exciting releases!

21 days ago

This Week In React 281 ⚛️ - Next.js CVE - TanStack Router compromise - Security - Redact - React Router - Waku - HTML Parser 📱 - Redraw - Expo 56 beta - Tabs - Screens - Pressable - Activity - Strict DOM - Rock - SWC - AI 🍿 Read: https://t.co/Cb7ryURprE ✍️ @jaworek3211 & I

sebastienlorber's tweet photo. This Week In React 281
⚛️
- Next.js CVE
- TanStack Router compromise
- Security
- Redact
- React Router
- Waku
- HTML Parser
📱
- Redraw
- Expo 56 beta
- Tabs
- Screens
- Pressable
- Activity
- Strict DOM
- Rock
- SWC
- AI

🍿 Read: https://t.co/Cb7ryURprE

✍️ @jaworek3211 & I https://t.co/cB3F2mrZcq

1

41

6

7

14K

0

386

23 days ago

These orgs have been compromised because of pull_request_target: - TanStack - PostHog - Nx - LiteLLM Any many more... As safe as you think it is, it's not and hackers are searching for repos using that workflow, easy target!

23 days ago

TL;DR for open-source maintainers 🚫 NEVER use "pull_request_target" workflows 🚫 NEVER use shared caches in your publish pipeline Combining these 2 in particular is extremely dangerous I've repeated this countless times over the years, but another reminder is always useful

sebastienlorber's tweet photo. TL;DR for open-source maintainers

🚫 NEVER use "pull_request_target" workflows

🚫 NEVER use shared caches in your publish pipeline

Combining these 2 in particular is extremely dangerous

I've repeated this countless times over the years, but another reminder is always useful https://t.co/qhSnhgXhr5

26

2K

220

1K

222K

0

4

1

770

ThisWeekInReact retweeted

23 days ago

TL;DR for open-source maintainers 🚫 NEVER use "pull_request_target" workflows 🚫 NEVER use shared caches in your publish pipeline Combining these 2 in particular is extremely dangerous I've repeated this countless times over the years, but another reminder is always useful

26

2K

220

1K

222K

ThisWeekInReact retweeted

29 days ago

This Week In React 280 ⚛️ - TanStack - Remotion - React Router - Remix - Trees - Pracht - shadcn 📱 - Expo Go - Ease - Screen Transitions - LegendList - JSI - Gradle - Radon - AI - DevTools 🍿 Read/subscribe: https://t.co/GNM7vBbiY4 ✍️ @jaworek3211 & I

0

20

3

5K

28 days ago

Email sent!

29 days ago

This Week In React 280 ⚛️ - TanStack - Remotion - React Router - Remix - Trees - Pracht - shadcn 📱 - Expo Go - Ease - Screen Transitions - LegendList - JSI - Gradle - Radon - AI - DevTools 🍿 Read/subscribe: https://t.co/GNM7vBbiY4 ✍️ @jaworek3211 & I

0

20

3

5K

0

291

ThisWeekInReact retweeted

30 days ago

Node.js 26 🎉 🔥 Temporal ➡️ modern date/time API ⚡️ Undici 8 ➡️ better/faster HTTP client 🔓 V8 14.6 ➡️ Unlocks Map.getOrInsert() & Iterator.concat

sebastienlorber's tweet photo. Node.js 26 🎉

🔥 Temporal ➡️ modern date/time API
⚡️ Undici 8 ➡️ better/faster HTTP client
🔓 V8 14.6 ➡️ Unlocks Map.getOrInsert() & Iterator.concat https://t.co/pbkxepXTPh

6

498

36

62

53K

ThisWeekInReact retweeted

Remotion

@Remotion

about 1 month ago

HTML-in-canvas is now a first-class primitive in Remotion! It enables new types of effects that were impossible before.

64

3K

208

3K

572K

about 1 month ago

Calm week for the React ecosystem, but still a few interesting releases Thanks to @swmansion for handling this issue!

about 1 month ago

This Week In React 279: ⚛️ - React Compiler - TSRX - StyleX - TanStack - XState - shadcn - Hook Form - Inertia 📱 - Swift Package Manager - JSI - SimCam - Enriched Markdown - MLX - Jail Monkey 🍿 Read/subscribe: https://t.co/hYQISjypMX ✍️ @kacperkapusciak @Konrad_Armatys

1

53

8

10

9K

0

11

1

3K

about 1 month ago

Check your inbox! 😋

about 1 month ago

This Week In React 278 ⚛️ - React Email - TSRX - ESLint plugin - Rspack RSC - TanStack Store - TanStack Blog - Hook Form 📱 - Vision Camera - Expo - Nano Icons - ExecuTorch - Argent - Audio API - RNSec - CSS 🍿 Read/subscribe: https://t.co/rbPMzse0e4 ✍️ @piaskowyk @f_solecki

1

44

10

5

7K

0

436

about 2 months ago

Lots of interesting releases this week! For both React and RN

about 2 months ago

This Week In React 277 - Exciting week 🤩 ⚛️ - TanStack RSC - React2Dos - Next.js - MUI - BaseUI - StyledComp - React Aria - Storm - Unhead 📱 - Pulsar - Nitro Fetch - Agent React Devtools - Pretext - Metro - Voltra 🍿 Read/subscribe: https://t.co/ii6QnQnEQv ✍️ @jaworek3211

0

35

8

5

4K

0

1

0

1

852

about 2 months ago

about 2 months ago

New React CVE just dropped 😆 DOS vulnerability in Server Functions Patched versions already out: - 19.0.5 - 19.1.6 - 19.2.5

19

493

57

136

67K

0

12

2

1

1K

about 2 months ago

We are always happy to receive a positive newsletter feedback! Please send us more and tell us what you think! Also tell us what we could do better, we are here to serve you.

about 2 months ago

I rarely get any replies to my newsletter emails Once in a while, I get one that really makes me happy 😊 If you like something, please be loud about it! Authors will appreciate it more than you think

3

17

0

1

2K

0

301

about 2 months ago

Email sent ✅ New React Native release And many little React / RN library updates

about 2 months ago

This Week In React 276 ⚛️ - Boneyard - Ink - MUI - React Router - Next.js - shadcn - Docusaurus - Comark - Forms - Shaders 📱 - RN 0.85 - ViewTransition - Skia - Windows - CRNL - Maestro - Nitro Player - RNGH 🍿 Read/subscribe: https://t.co/hpQOC2obX2 ✍️ @jaworek3211 & I

1

31

5

4

9K

0

525

ThisWeekInReact retweeted