Best of Next.jsApril 2026

  1. 1
    Article
    Avatar of railway-blogRailway Blog·6w

    Moving Railway's Frontend Off Next.js

    Railway migrated its entire production frontend from Next.js to Vite + TanStack Router, completing the switch in just two PRs with zero downtime. The motivation was slow builds (10+ minutes, 6 of which were Next.js), heavy reliance on client-side patterns that didn't fit Next.js's server-first model, and hacky layout workarounds on the Pages Router. The migration was split into two phases: first removing all Next.js-specific APIs, then swapping the framework and generating 200+ routes from the original page tree. Nitro was added as the server layer, consolidating redirects, headers, and caching. Results include builds under 2 minutes, instant dev server startup, type-safe routing, and first-class layouts. Trade-offs include losing built-in image optimization (replaced with Fastly) and ecosystem tools like next-seo (replaced with in-house equivalents). TanStack Start's relative immaturity is acknowledged but accepted.

  2. 2
    Article
    Avatar of hnHacker News·4w

    GitHub - calcom/cal.diy: Scheduling infrastructure for absolutely everyone.

    Cal.diy is a fully MIT-licensed, community-maintained fork of Cal.com with all enterprise and commercial code removed. It provides open-source scheduling infrastructure for self-hosters who want complete control without license keys or proprietary features. Built on Next.js, tRPC, React, Tailwind CSS, and Prisma with PostgreSQL, it supports Docker-based deployment, manual setup, and one-click deploys to Railway, Vercel, Render, and Northflank. The README covers full setup instructions including environment configuration, database migrations, E2E testing with Playwright, and integration guides for Google Calendar, Microsoft 365, Zoom, HubSpot, and more.

  3. 3
    Article
    Avatar of vercelVercel·6w

    Summary of CVE-2026-23869

    A high-severity vulnerability (CVSS 7.5) tracked as CVE-2026-23869 affects React Server Components in Next.js 13.x through 16.x. A specially crafted HTTP request to any App Router Server Function endpoint can trigger excessive CPU usage upon deserialization, leading to Denial of Service. Vercel has deployed WAF mitigations to protect hosted projects automatically, but users must still upgrade to patched versions (15.5.15 or 16.2.3) as the WAF alone is not sufficient protection.

  4. 4
    Article
    Avatar of bytesdevBytes by ui.dev·5w

    TanStack Start gets RSC

    TanStack Start has shipped experimental React Server Components (RSC) support with a fundamentally different philosophy from Next.js. Rather than making the server own the component tree by default, TanStack Start treats RSC as plain React Flight streams that clients fetch, cache, and render like any other async resource via TanStack Query. Key differences include client-owned trees, explicit server functions via createServerFn (avoiding recent RSC CVEs), a new Composite Components primitive, and fully opt-in adoption. On tanstack.com, migrating to RSC cut ~153KB gzipped from the client bundle and reduced Total Blocking Time from 1,200ms to 260ms on content-heavy pages. The newsletter also covers Bun v1.3.12 with native headless browser automation, a North Korean supply chain attack on the Better-Auth library, and various other frontend links.

  5. 5
    Article
    Avatar of logrocketLogRocket·4w

    When to move API logic out of Next.js

    Next.js Route Handlers are convenient for small, internal APIs but struggle as complexity grows. An alternative to extracting a separate backend service is embedding ElysiaJS within the same Next.js project via a catch-all route. ElysiaJS provides integrated TypeBox-based validation, automatic OpenAPI/Swagger docs, and Eden Treaty for end-to-end type safety — eliminating the schema drift common in Route Handler codebases. The setup deploys as a single Next.js app, with Elysia handling the backend boundary internally. The post compares Route Handlers vs. a dedicated Elysia layer across type safety, validation, execution model, and structure, and walks through a practical implementation.

  6. 6
    Article
    Avatar of vercelVercel·4w

    Vercel Flags is now generally available

    Vercel Flags is now generally available as a built-in feature flag provider on the Vercel platform. It allows teams to create and manage feature flags with targeting rules, user segments, and environment controls directly from the Vercel Dashboard. The Flags SDK offers framework-native integration for Next.js and SvelteKit, requiring only a few lines of code to define and use flags. For teams on other frameworks or custom backends, the adapter supports the OpenFeature standard for provider-agnostic usage.

  7. 7
    Video
    Avatar of jherrJack Herrington·5w

    React2Shell on TanStack Start?!?

    TanStack Start's new React Server Components support does not expose apps to the React2Shell CVE that affects Next.js. Three key reasons explain why: TanStack Start routes server functions to module-specific URLs (not a predictable slash endpoint), only includes server function code when explicitly defined, and uses the Seroval data format instead of React's flight data format. Flight data's object reference traversal mechanism is the root cause of React2Shell, and Seroval avoids this attack vector entirely. Past CVEs against Seroval were permanently fixed without the single-payload attack surface that flight data has.

  8. 8
    Video
    Avatar of webdevcodyWeb Dev Cody·3w

    Can Opus 4.7 Refactor NextJs to Tanstack Start?

    An experiment using Claude Code's max effort level to refactor a production Next.js app (with tRPC) to TanStack Start. The author walks through the full process: setting up the prompt, running a 28-minute planning session that consumed ~33% of a 5-hour session budget, iteratively fixing errors (config issues, React SSR incompatibilities, auth migration from NextAuth to Auth.js v5, S3 bucket port mismatches), and ultimately getting the app running locally with 103 file changes. Key takeaways include keeping refactoring scope narrow, running security audits on auth/middleware changes post-refactor, and setting up a staging environment before merging to production.

  9. 9
    Article
    Avatar of twirThis Week In React·6w

    This Week In React #276: Next.js, Boneyard, MUI, React Router, Ink, shadcn, Docusaurus, Comark, Forms, Shaders

    Weekly roundup covering React and React Native ecosystem news. React highlights include Boneyard (auto-generated skeleton screens), Ink 7.0 (React CLI renderer with React 19.2 support), Material UI 9.0, Mantine 9.0, React Hook Form 7.72 with form-level validation, Docusaurus 3.10, React Router 7.14 with Vite 8 support, and a new Comark markdown parser. React Native 0.85 ships with a new Shared Animation Backend (enabling native driver for layout props), DevTools improvements for simultaneous CDP connections, and Metro TLS support. Also covered: ViewTransition support for RN Fabric (in progress), Skia Graphite pre-release, RN Windows 0.82, and the axios npm supply chain compromise. Other JS ecosystem news includes JSIR (Google's JavaScript IR proposal), esbuild 0.28, ESLint 10.2, and Ky 2.0.

  10. 10
    Article
    Avatar of bu38pdhxh4kmmx7dgvmlpMartin Poblet·3w

    Reuna Presenter - Multi-screen projection software for churches, in the browser

    Reuna Presenter is a browser-based church presentation app built as a web alternative to ProPresenter and EasyWorship. Built with Next.js 15, React 19, Supabase, and TypeScript in a Turborepo monorepo, it supports multi-screen projection with independent content per display, a stage monitor view for performers, drag-and-drop service planning, a cloud-shared song library, Bible search with offline support, mobile remote control via QR code, container-query-based templates, MIDI timeline cues, and a 2D canvas for managing physical screen layouts. The developer is offering 10 days of PRO access to church tech teams willing to test it in a live Sunday service.

  11. 11
    Article
    Avatar of twirThis Week In React·5w

    This Week In React #277: TanStack RSC, React2Dos, Next.js, MUI, Base UI, Aria, StyledComponents, Storm

    Weekly React and React Native newsletter covering TanStack's experimental RSC implementation, a new React DoS vulnerability (CVE-2026-23869) affecting Server Functions requiring upgrade to React 19.2.5 or Next.js 16.2.3, MUI v9 release, Styled Components 6.4 with RSC support, and Base UI 1.4. On the React Native side: Pulsar haptics library from Software Mansion, Nitro Fetch 1.0 as a fast fetch replacement with HTTP/3 support, RN 0.85.1, Metro 0.84.3, and Agent React DevTools for AI-assisted debugging. Other highlights include Chrome 148 Beta with HTML-in-Canvas, Bun 1.3.12, and Syncpack 14.0 rewritten in Rust.

  12. 12
    Article
    Avatar of vercelVercel·4w

    How GitBook serves 30,000 sites with sub-second content updates

    GitBook hosts 30,000 documentation sites on a single Vercel deployment, serving 120 million monthly page views. The engineering team solved multi-tenant cache invalidation by using Next.js tag-based caching with Vercel's `use cache` directive, enabling content updates to propagate globally within 300ms after a merge event. The system processes 40,000 cache invalidations daily without triggering broad purges across unrelated sites. A notable infrastructure challenge is that 41% of traffic now comes from AI crawlers, which create less predictable cache access patterns than human readers. Future work includes adaptive documentation that personalizes content per reader, adding further complexity to the caching model.

See all Next.js archives