Issue #23: Sun Tan
🎵 Why does the sun set, baby? I’m tryna to get my sun tan… 🎵
In this “midsommar” Metaframeworks Weekly issue we will proceed focusing on great tools from the metaframeworks ecosystem and the people that make them, along with keeping one eye on the security surface area of the corresponding tooling and the ways different teams and developers spend their sunny vacations and working days.
The Good
TanStack Start has come a long way lately. I hadn’t seen the official website for quite some time and when I was digging into the ways frameworks scaffold apps recently, I found that it got some decent positive changes. Even the small details, like that “Try it in 60 seconds” button, make a lot of sense for new users, but the whole new docs system is very approachable and detailed (with dedicated pages for React and Solid implementations).
There’s still a lot of complexity behind the TanStack ecosystem, that’s for sure (even the docs page got broken for me in Safari with something like Importing a module script failed.), as it is one of the most over-engineered (for a reason though!) projects. But the team makes a lot of effort to help developers get their hands dirty in the fastest and easiest way, providing a bunch of cool interactive examples of how things work, including different integrations. And the release cadence is crazy (almost on a daily basis), because I believe the guys want to make their way from 0 to 1 (in versioning semantics of course — that is from beta to production-readiness) as fast as possible. So all in all, being literally the most Summer metaframework around, TanStack Start seems to aim to prove that Summers are not only for taking a lazy rest but also for taking advantage of others resting and delivering brilliant Summer gifts instead.
The Bad
But not all the metaframeworks get nice gifts from Summers. Next.js has acquired another significant vulnerability instead (“High” CVSS score), this time related to cache poisoning and leading to potential DoS (Denial of Service) conditions. There’s obviously the dedicated official patch already (don’t forget to update your dependencies in case you or your dependabot didn’t make it yet!). And again, the bounty hunters responsible for the finding are our old friends Rachid and Yasser who seem to continue their voyage to the world of metaframeworks vulnerabilities (for good!).
The Noteworthy
The Astro team summarized their June with the traditional monthly news blogpost containing a lot of awesomeness, as usual. And they didn’t wait for too long to push another product version (v5.11) with some interesting improvements for their experimental CSP features and on-demand rendering with HTTP streaming.
Also last week brought the very insightful episode of The Weekly Dev’s Brew podcast where the guest Alexander Lichter (called “Ryan Carniato” on the preview picture for some reason!) shared some news and thoughts on not only Nitro and Nuxt, but also the whole UnJS ecosystem and the Void0 product list. These tools are something everyone interested in the metaframeworks world should keep an eye on, as it is hard to overestimate the amount of innovations among them these days.
And last but not least — some meta! 🎉 I got tired of surfing the web suffering from metaframeworks FOMO and decided to use the capabilities Bluesky provides to create the custom list and (more importantly!) the custom feed of the people and the resources related to metaframeworks ecosystem. Check this out if you’re on Bluesky (you can also just search for “Metaframeworks Weekly” on the dedicated “Feed” page of the app), and please let me know if you think I missed some accounts that need to be there!
👋