Cloudflare built 'vinext', a rewrite of Next.js using Vite instead of Turbopack, accomplished by a single engineer in one week using ~$1,100 in AI tokens via OpenCode and Claude Opus 4.5. The rewrite covers 94% of Next.js's API at ~67k lines vs the original's ~194k. While Cloudflare claims production readiness, Vercel's CEO points out security issues and that the only 'production' deployment is a low-traffic beta government site. The broader implication is that AI has reduced the cost of rewriting well-tested open source software by ~100x, threatening the moats of commercial open source companies like Vercel that rely on proprietary build outputs to lock in deployment platforms. The analysis explores defensive strategies for commercial OSS (private test suites, larger closed-source cores, community building, infrastructure moats) and notes that Cloudflare also shipped an AI migration agent to help users move existing Next.js projects to vinext.
Table of contents
1. The Next.js ecosystem: a recap2. What Cloudflare did with Next.js3. AI brings the impossible within reach4. “AI slop” still an issue5. New attack vector on commercial open source?6. Defense or offense?7. AI-world realityTakeawaysSort: