- TomuusThe vulnerable code exists inside of the React Flight wire protocol that is used by Next.js but also Vite, Parcel, Waku and any other custom RSC implementation that exists. Your comment was accurate circa 2019 but not since React released server components.
- This POC is not realistic and doesn't work against production builds of Next.js. It requires explicit exposure of gadgets by the user (eg. vm.runInContext) so is invalid as noted on https://react2shell.com
- The React Server Components wire format (Flight) is relatively novel and very new (it has existed in React stable for just a year). This is not a simple JSON parsing bug.
- Record types are now "on protocol", you resolve them via a similar mechanism as in the article. https://atproto.com/specs/lexicon#lexicon-publication-and-re...
- And Vercel's "compute units"
- ZigBee is a mesh network, this is very important in many situations eg. battery powered or large area
- 1.0.0 means the API and semantics are stable, not that there are no bugs.
- Observables and Generators (iterators) are fundamentally different. Observables are push-based (like a promise) whereas iterators are pull-based (like a function).
Glossing over this fact leads to a flawed understanding, not a deeper one.
- Things mostly just work. Remember Node.js is mostly APIs on top of JS the language. If those tools compile to JS in the browser, they can compile to Deno. Deno is a more stabdards-based runtime than Node, it's closer to how the browser works.
- I don't think Firefox was reading any QR codes, but instead was recrawling the link in the "Recents" list on a new tab or bookmarks screen.
This is in no way a problem. There is precedent for browsers eagerly loading links, it happens all the time in regular webpages. This is most of the reason why anchors should be safe/side-effect free.
- Using the Web Platform and using React are not opposites, you can do both. See: Remix as a framework that bakes in these ideas, but using the platform is easily achievable yourself too.
Making this distinction between HTML <form>s and React shows a clear misunderstanding of the programming model that React provides. It targets the platform in a native way. This is how React DOM, React Native, and libraries like Ink[1] work.
- Platforms. Google sucks at building platforms. https://vm.tiktok.com/ZMNmnGgfV/?k=1
- I wouldn't agree that Deno showed that, as I said many companies are making a lot of money from non-Node JS runtimes.
The players I mention have built their own runtime, they're mostly all built on V8 isolates (including Deno Deploy).
This is why I struggle to see where Bun fits in the edge JS world, as far as I understand it JSC has no Isolate primitive meaning Bun would have to write this from scratch (or salvage the other parts of WebKit that offer isolation). Otherwise Bun will be limited to using Linux containers on the edge, at which point you re-introduce the startup time you gained by switching from node in the first place.
- Deno isn't the only company offering a not-Node JS server runtime. Cloudflare, Shopify, Fastify, AWS, and probably more all have skin in this game.
- Unsafe does not turn off the borrow checker
https://steveklabnik.com/writing/you-can-t-turn-off-the-borr...
- Me too, as to do so you'd need to solve P == NP - we can split the $1million 50/50 if you like.
- One of my favourite things about Remix, and where it beats Next IMO, is that you can deploy it anywhere. Bring your own server.
Whereas trying to deploy Next.js anywhere other than Vercel is a nightmare.
- We'll be saying this in a few years about all other forms of algabreic effects too.
- You're asking for opaque types. This is kinda possible in typescript but you can only approximate it unfortunately.
You may also want to consider a branded type, which can be useful but a little less strict.
- I think this article skips over many nuances of the declarative model.
For a real "ground up" approach of explaining those I'd recommend this article series: https://acko.net/blog/climbing-mt-effect/