🚨 Critical React vulnerability affects 39% of apps

🚨 Critical Vulnerabilities in React and Next.js: everything you need to know
Wiz just posted about two critical React and Next.js RCE vulnerabilities that every working React dev should know about, especially since default setups are exploitable out of the box. They break down how insecure deserialization in the react-server RSC Flight protocol opens the door to remote code execution with shockingly high reliability. With 39% of cloud environments affected, this is one of those rare moments where upgrading to the patched React and Next.js releases isn’t optional. If you’re running anything with RSC, this one’s worth your immediate attention.

🎨 Most React Developers Never Master Design Patterns (And How to Fix That)
You can know React's API inside and out and still write code that's impossible to maintain. The missing piece? Design patterns. Not the "here's what compound components are" variety, but actually understanding when to reach for each pattern and why it exists. Most tutorials teach patterns in isolation without answering the crucial question: when do I use this over the alternatives? The Design Patterns in React course fixes this by teaching the problem each pattern solves, the tradeoffs involved, and real-world scenarios where you'd actually use it.

🏗 The Design System Advice I Wish I Knew as a Junior Dev
This post is a fun and honest look at how a self-described non designer ended up on Sentry’s Design Engineering team, helping build their new Scraps design system. Instead of focusing on pixel perfect visuals, Dominik explains how strengths in API design, DX, performance, and infrastructure are just as vital to a successful system. He shares why design systems are really about enabling teams to ship faster and more consistently, and lay out a big list of sharp opinions on what makes a great one. It’s a good read for anyone who lives at the intersection of engineering and design.

🧑‍💻 How Hackers Use NPMSCan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
This deep dive shows how hackers use NPMSCan.com to uncover weaknesses in modern JavaScript apps like Next.js, Nuxt.js, React, and Bun, exposing everything from middleware bypasses to SSRF, RCE, cache poisoning, and path traversal. It walks through real examples where tiny misconfigurations create major breaches, and how attackers turn package metadata into actionable exploit paths. The post makes a strong case that most vulnerabilities come not from your code, but from the dependencies you trust blindly.

💡 What I Learned After Two Years Building TanStack Full Time
This reflection looks back on two years of full-time, community-funded open source and how TanStack grew from a handful of libraries into a massive ecosystem used by millions. Tanner shares the emotional and financial realities of building TanStack Start, the importance of family and a strong team, and what sustainable OSS really requires. The post highlights TanStack’s explosive growth, billions of downloads, thousands of contributors, and adoption by major companies, while laying out a future focused on scaling, RSC support, and a new flagship library.

💬 React Router's take on React Server Components
Kent walks through React Router’s upcoming support for React Server Components, showing how its approach makes RSC feel flexible, incremental, and easy to adopt. He explains how RSCs integrate with Vite, how loaders can now return UI instead of data, and how entire routes can become server components for slimmer payloads. The post also highlights server functions, client components, and the ability to migrate gradually across a large app.

Quick Links

📆 Advent of Code 2025
Advent of Code is back, and even though it's already Day 4, it’s still the perfect time to jump in, the puzzles are fun, approachable, and truly anyone can do them. Eric Wastl’s annual event delivers a daily programming challenge you can solve in any language, with difficulty that ramps up just enough to stay interesting. You don’t need a CS background or fancy hardware, just a bit of coding knowledge and curiosity will take you far.

🧠 JetBrains new IDE lets you delegate tasks to agents
Air introduces a powerful new agentic development environment that lets you delegate complex coding tasks to multiple AI agents running in parallel while staying fully in control. You define tasks, choose isolated execution environments, and jump in anytime to guide or review progress. With built-in code review, seamless committing, and upcoming support for more agents and cloud execution, Air aims to make async, multi-agent workflows feel natural for everyday developers.

🤔 At what point do you stop learning new programming languages?
This reflective essay explores the question of when (or whether) developers should stop learning new programming languages, told through decades of experience with Pascal, C, and SQL. The author shares how sticking with familiar tools brought deep expertise and long-term stability, but also made them less attractive to modern employers. With AI rapidly closing skill gaps and “vibe-coding” on the horizon, they wonder if becoming a beginner again is worth it this late in the game.

😢 AI-Assisted Coding Killed My Joy of Programming
This essay is a raw, relatable look at how AI-assisted coding can feel like using cheat codes, thrilling at first, then draining the joy that made programming fun in the first place. Meysam describes losing the satisfaction of problem-solving, the sense of craftsmanship, and even control over his own codebase as AI takes over more of the work. In a world where coding feels fully democratized, he wonders what’s left for programmers and why he keeps returning to his piano for something AI can’t automate.

⌨ How AI is transforming work at Anthropic
Anthropic surveyed its own engineers to see how AI is transforming day-to-day software work, finding huge productivity gains alongside new tensions. Developers report becoming more full-stack, tackling tasks they once avoided, and completing far more work, yet many worry about skill atrophy, reduced collaboration, and long-term career uncertainty.

Ready to transform artificial intelligence from a buzzword into your personal revenue generator?

HubSpot’s groundbreaking guide "200+ AI-Powered Income Ideas" is your gateway to financial innovation in the digital age.

Inside you'll discover:

Download your guide today and unlock a future where artificial intelligence powers your success. Your next income stream is waiting.

Get Your Guide