Best of ReactDecember 2025

  1. 1
    Article
    Avatar of collectionsCollections·19w

    Critical Vulnerability in React Server Components: Immediate Action Required

    React2Shell (CVE-2025-55182) is a critical remote code execution vulnerability with a CVSS score of 10.0, affecting React 19.0-19.2.0 and Next.js 15.x-16.x. The flaw stems from unsafe deserialization in React's Flight protocol, allowing unauthenticated attackers to execute arbitrary code through crafted HTTP requests. State-sponsored groups and cybercriminals are actively exploiting it to deploy cryptocurrency miners and backdoors. Organizations must upgrade to patched versions (React 19.0.1+, Next.js 15.0.5+) immediately, as the vulnerability impacts 39% of cloud environments and 6% of all websites. WAF rules and endpoint restrictions provide temporary mitigation.

  2. 2
    Article
    Avatar of hnHacker News·17w

    Please Just Fucking Try HTMX

    HTMX offers a middle ground between raw HTML limitations and JavaScript framework complexity. By adding HTML attributes that trigger server requests and swap in HTML responses, you can build interactive web applications without the overhead of React, Vue, or Angular. A case study shows a company reduced their codebase by 67%, cut JavaScript by 90%, and improved performance by switching from React to HTMX. The approach works best for typical CRUD applications, dashboards, and forms rather than highly interactive apps like Google Docs. The core benefit is simplicity: no build tools, no state management libraries, just HTML attributes and server-side rendering.

  3. 3
    Article
    Avatar of tkdodoTkDodo·19w

    Designing Design Systems

    An experienced frontend engineer shares their perspective on building effective design systems, emphasizing that success requires more than visual design. The post outlines 30+ principles for creating robust design systems, covering API design, type safety, accessibility, composition patterns, performance, and developer experience. Key themes include balancing constraints with flexibility, prioritizing type safety and documentation, building for common use cases rather than edge cases, and treating adoption as a cultural challenge rather than purely technical.

  4. 4
    Article
    Avatar of logrocketLogRocket·19w

    Stop using JavaScript to solve CSS problems

    Modern CSS features like content-visibility, container queries, and scroll-driven animations now handle tasks developers traditionally solved with JavaScript. Content-visibility provides native virtualization without libraries like react-window, container queries enable responsive design based on parent containers rather than viewport width, and scroll-driven animations run on the compositor thread for better performance. While JavaScript remains necessary for truly infinite lists, precise measurements, and dynamic layouts, most common use cases benefit from CSS-first solutions with simpler code and better performance.

  5. 5
    Article
    Avatar of freecodecampfreeCodeCamp·16w

    How to Prepare for Technical Job Interviews – Based on My Experience Landing a Job

    A web developer shares their 18-month job search journey, detailing how they struggled with technical interviews despite having the necessary skills. The core issue was recall under pressure, not knowledge gaps. By adopting active recall techniques using flashcards, asking recruiters what to prepare for, and shifting job search strategies to smaller communities, they eventually landed a $5,500/month position with relocation. The approach emphasizes consistent practice of fundamentals, targeted preparation, and strategic job hunting over mass applications.

  6. 6
    Article
    Avatar of montemagnoJames Montemagno·16w

    Building a Complete FIRE Calculator App with GitHub Copilot in One Chat Session

    A developer built a complete FIRE (Financial Independence, Retire Early) calculator app in 30 minutes using GitHub Copilot's agent mode in VS Code. The privacy-first PWA includes 9 different calculators (Standard FIRE, Coast FIRE, Lean/Fat FIRE, Barista FIRE, and more), works completely offline, stores no data, and was created through a single conversational chat session. The app uses React, TypeScript, Tailwind CSS, and Recharts, with all calculations happening client-side and shareable via URL parameters.

  7. 7
    Video
    Avatar of stefanmischookStefan Mischook·17w

    The End of JavaScript Frameworks

    Mastering JavaScript fundamentals is more valuable than chasing specific frameworks. Understanding core concepts like the DOM, async operations, and the web stack makes learning any framework straightforward. Framework debates create analysis paralysis that prevents developers from becoming employable. Focus on building strong foundations first, then choose a framework based on local job market demand rather than hype.

  8. 8
    Article
    Avatar of newstackThe New Stack·16w

    Web Components Are the Comeback Nobody Saw Coming

    Web components are experiencing a resurgence as developers tire of framework complexity and bloated bundles. Native browser APIs like custom elements and Shadow DOM offer framework-agnostic, lightweight alternatives that work across React, Vue, or vanilla JavaScript without modification. Major browser support is now stable, and libraries like Lit have improved developer experience. The interoperability advantage makes web components ideal for design systems and microfrontends, allowing teams to build reusable UI components once and deploy them anywhere. As performance budgets tighten and framework fatigue sets in, the native web platform capabilities are proving sufficient for most modern applications.

  9. 9
    Video
    Avatar of t3dotggTheo - t3․gg·17w

    Shadcn just changed forever

    Shadcn UI introduced a major update called Shadcn Create that puts customization front and center. Instead of websites looking identical with default components, developers can now configure presets, colors, fonts, icon sets, and styles before generating a project. The system supports multiple component libraries (Radix UI and Base UI), offers various design presets (Vega, Nova, Maya, Lyra, Mirror), and allows extensive theming options. Testing shows that providing AI coding assistants with a well-structured component library significantly improves UI generation quality, even for models typically weak at design. The update maintains Shadcn's philosophy of code ownership while making it easier to start with a unique design system.

  10. 10
    Article
    Avatar of dailyopensourcetoolsDaily Open Source Tools·19w

    Cascader-shadcn: A simple Cascader component for Shadcn

    Cascader-Shadcn is a new open-source cascading dropdown component for Shadcn UI that provides hierarchical menu navigation with click or hover expansion. It supports icons, custom labels, and per-option disabling, offering similar functionality to Ant Design and React Suite cascaders in a lightweight, Shadcn-compatible package.

  11. 11
    Article
    Avatar of react_nativeReact Native·18w

    React 19.2, New DevTools features, no breaking changes · React Native

    React Native 0.83 is released with React 19.2, introducing the Activity component and useEffectEvent hook. Major DevTools improvements include new Network and Performance panels, plus a standalone desktop app that no longer requires Chrome or Edge. The release adds stable Web Performance APIs and experimental Intersection Observer support. This is the first React Native release with no breaking changes, making upgrades from 0.82 seamless. Additional features include Hermes V1 performance improvements, iOS legacy architecture removal option, and precompiled binary debugging capabilities.

  12. 12
    Article
    Avatar of devtoDEV·15w

    I Built a Tool to Stop Wasting Time on Toxic Open Source Projects

    A developer built repo-health, a tool that analyzes GitHub repositories to help contributors identify healthy open source projects and avoid toxic ones. The system uses a hybrid scoring approach combining weighted metrics (activity, maintenance, community, documentation) with LLM-based adjustments to account for context like feature-complete projects. Key features include PR metrics analysis, contributor retention visualization, intelligent issue analysis with difficulty scoring, activity pattern detection for spam, and file-issue mapping. The author shares technical implementation details, bug fixes (cache security vulnerability, React hydration mismatch), and lessons learned about focusing on real problems over engineering challenges.

  13. 13
    Video
    Avatar of primeagenThePrimeTime·15w

    They did what to SQL?

    A satirical commentary on TailwindSQL, an absurd open-source project that proposes writing database queries using CSS class syntax similar to Tailwind. The piece humorously critiques the concept of executing SQL queries from the client side using HTML classes, highlighting the obvious security implications and questioning the practicality of build-time query execution. The commentary uses heavy sarcasm to mock the trend of over-engineering simple solutions and the proliferation of questionable developer tools.

  14. 14
    Article
    Avatar of newstackThe New Stack·15w

    Trends That Defined JavaScript in 2025

    JavaScript in 2025 saw a shift toward performance optimization and web standards, with developers questioning React's dominance as modern browsers matured. Signals emerged as a key reactivity pattern across Angular, Vue, Solid, and Svelte. Compilers took on more optimization work, with React Compiler and Svelte 5's Runes automating performance improvements. VoidZero launched Vite+ as a unified Rust-based toolchain to address JavaScript's fragmentation. AI integration moved to the frontend through MCP servers and browser-based machine learning libraries, while new frameworks like Hono, Mastro, and Wasp addressed specific use cases from edge computing to multipage apps.

  15. 15
    Video
    Avatar of joshtriedcodingJosh tried coding·18w

    The AI SDK Killer is Finally Here... (Tanstack AI)

    TanStack AI is a new open-source SDK competing directly with Vercel's AI SDK, offering a unified interface across multiple AI providers (OpenAI, Anthropic, Google Gemini) with automatic type inference and provider-specific options. Built by the team behind React Query, it features multi-provider support, tool calling with automatic execution loops, and framework-agnostic design (React, TypeScript, PHP, Python). The main differentiator is its pure open-source approach with no vendor lock-in or service fees, though it faces an uphill battle against Vercel's established ecosystem that includes AI Elements, accelerator programs, and the AI Gateway.

  16. 16
    Article
    Avatar of codropsCodrops·16w

    Building a Nostalgic 8-bit Universe with Modern Tech: A Vibe Coding Journey

    A developer rebuilt their portfolio with an 8-bit retro aesthetic using a 95% AI-driven workflow governed by strict design constraints. The project implements custom pixel mask transitions using Bayer dithering, a singleton PixelationManager for Canvas optimization, and adaptive WebGL quality scaling to maintain 60 FPS. Key techniques include a .cursorrules "Design Constitution" that prevents AI from hardcoding values, atomic component development in Storybook, GSAP ScrollTrigger orchestration, and performance optimizations like offscreen canvas rendering and intersection observers. The approach demonstrates how to maintain design integrity and code quality while leveraging AI for rapid development.

  17. 17
    Article
    Avatar of ergq3auoeReinier·17w

    TanStack Start Full Course - Build and Deploy a Production-Ready Full Stack App

    A comprehensive 4-hour video course teaching how to build and deploy a production-ready ecommerce application using the TanStack ecosystem. The course covers TanStack Start, Router, Query, and Form, explaining how these tools work together with Vite, Nitro, and Vinxi. It includes comparisons with Next.js and demonstrates modern React full-stack framework architecture through hands-on development.

  18. 18
    Article
    Avatar of dailydoseofdsDaily Dose of Data Science | Avi Chawla | Substack·18w

    Finally, MCP Servers Can Deliver UI-rich Experiences!

    MCP servers traditionally only return text/JSON responses without UI capabilities. The open-source mcp-use framework solves this by letting developers create React components that automatically register as MCP tools and render as interactive widgets in ChatGPT. Components placed in a resources/ folder become callable tools with zero boilerplate—no duplicate schemas or manual registration needed. The framework supports the full React ecosystem, hot reloading, and automatic theme syncing with ChatGPT's light/dark mode. A practical example demonstrates building an interactive stock chart widget that displays closing prices over time.

  19. 19
    Video
    Avatar of asaprogrammerAs a Programmer·15w

    PERN Stack Course: Build a Full Stack Product Store with React and Postgres

    A comprehensive tutorial for building a full-stack product store application using the PERN stack (PostgreSQL, Express, React, Node.js). The course covers backend API development with TypeScript, Drizzle ORM for database management, authentication with Clerk, and frontend development with React, Tailwind CSS, and TanStack Query. Includes complete setup instructions, database schema design with relations, environment configuration, and deployment guidance. Features user authentication, product CRUD operations, commenting system, and 30+ theme options with responsive design.

  20. 20
    Article
    Avatar of hnHacker News·18w

    Building a toast component

    Sonner is a React toast library downloaded 7M+ times weekly. Its success stems from unique stacking animations using CSS transitions instead of keyframes for smooth interruption, momentum-based swipe gestures, and an Observer Pattern for state management that avoids React Context. Key implementation details include dynamic height calculations for stacking, velocity-based dismissal, tab visibility detection to pause timers, and pointer capture for consistent drag behavior. The library prioritizes developer experience with a simple API and comprehensive documentation.

  21. 21
    Article
    Avatar of perfplanetcalWeb Performance Calendar·17w

    The Old Ways Are the Best: 100 Lighthouse, 0ms TBT, 32ms Queries

    A developer achieves exceptional performance metrics (100 Lighthouse score, 0ms Total Blocking Time, 32ms queries) by rejecting modern frameworks in favor of older techniques. The approach uses DATAOS (DOM As The Authority On State), treating the DOM itself as the state container instead of maintaining separate state objects, eliminating reconciliation overhead. On the backend, 1972-era bitmap indexing with RoaringBitmaps enables constant-time queries regardless of dataset size. The resulting application uses 32KB of vanilla JavaScript (15% of React's size) with a total payload under 100KB, demonstrating that native browser APIs and decades-old database techniques can outperform contemporary frameworks for most web applications.

  22. 22
    Article
    Avatar of logrocketLogRocket·17w

    Angular vs. React vs. Vue.js: A performance guide for 2026

    Angular 20, React 19.2, and Vue 3.5 have converged around signals-based reactivity, compiler-driven optimizations, and improved hydration strategies. Angular offers zoneless architecture with 20-30% runtime gains and enterprise-grade structure. React provides the largest ecosystem with automatic batching and compiler-assisted memoization. Vue delivers the smallest bundle size at 20KB with fine-grained reactivity and Vapor Mode previews. Performance differences are narrowing as all three frameworks adopt similar architectural patterns around reactivity, edge rendering, and build tooling. Framework choice now depends more on team size, ecosystem needs, and architectural preferences than raw performance metrics.

  23. 23
    Video
    Avatar of fireshipFireship·18w

    React.js shell shocked by 10.0 critical vulnerability…

    A critical 10.0 severity vulnerability (CVE-2025-55182) dubbed "React2shell" has been discovered in React's server components flight protocol. The exploit allows attackers to achieve remote code execution without authentication by sending malicious payloads that are deserialized on the server. The vulnerability affects millions of React applications using Next.js and similar frameworks, with over 2 million vulnerable servers estimated. Security researchers observed active exploitation attempts from Chinese hacking groups within hours of disclosure. Developers should immediately check their React server components package versions and update to patched versions.

  24. 24
    Video
    Avatar of youtubeYouTube·17w

    4-Step Gemini 3.0 Pro System For Beautiful UI Designs

    A four-step workflow for generating UI designs using Gemini 3.0 Pro before building functionality. The process starts with creating a product requirements document (PRD), extracting core features and UX considerations, building a design system based on visual inspiration, and finally generating screen-by-screen designs with all states. The approach emphasizes designing upfront rather than treating UI as an afterthought, using structured prompts to guide the AI through creating a complete design system with colors, typography, and component specifications that can be implemented in React with Tailwind CSS.

  25. 25
    Article
    Avatar of elixirstatusElixirStatus·15w

    Modern and Flexible Accounting

    A solo founder shares their three-month journey building WorkBill, a double-entry accounting platform for small businesses. The tech stack centers on Elixir/Phoenix backend with InertiaJS bridging to a React frontend using shadcn/ui components. The platform features a flexible general ledger based on BeanCount's nested account model, allowing complex transaction representation without rigid categories. Key technical choices include Postgres for data storage, Oban for background jobs, BAML for LLM-powered reconciliation, and Reducto for PDF parsing. The nested account structure enables users to track finances flexibly even without explicit feature support, with invoicing and PDF generation via Typst planned next.

See all React archives