Issue #29: Remember the Name

🎶 This is ten percent luck, twenty percent skill, fifteen percent concentrated power of will, five percent pleasure, fifty percent pain… 🎶

There wasn’t much big news from the metaframeworks around the last week but there were some drastic news from the security aspect of the tooling ecosystem, and some news about this newsletter itself — which we actually will start with to shed some light on this issue.

The Good

As you might have noticed, the name of the newsletter has changed starting from this particular issue. Now Metaframeworks Weekly turns into Metaframeworks Records, and there’s actually a lot of reasoning behind this. I elaborate on that (among some other things related to the newsletter) in this post on DEV, but TL;DR: nothing changes except the title and slight philosophical accents. I have learned a lot during these several months of the newsletter existence, and plan even more for the future. And one thing you can always rely on, of course, is a good soundtrack! 🎸

The Bad

The famous (and quite ubiquitous for corporate world, obviously) monorepo tool Nx, used widely for full-stack and cross-platform projects based on variety of technologies including metaframeworks, got hacked in a pretty inventive AI-driven and AI-enabled way. Some folks even blame vibe-coding in that, which is probably quite fair, even by the results of some deeper researches. What I personally realized from this story (TL;DR: the malware maliciously integrated into the open-source npm package abuses all AI assistants it can find installed on victims’ OS) is that we’re not safe using these tools anymore and they can easily turn from assistants to pests even by someone else’s will. Maybe it’s time to consider some more sophisticated (or at least sandboxed) solutions to your JSON schema conversion tasks… 😉

And if you have already started to search for alternatives to rewrite your quickly deleted Nx project from scratch with, Dominic Gannaway got you covered with a new TypeScript framework! Ripple is a React-, Solid-, and Svelte-inspired reactive UI framework in early development pivoting from the best findings of the frontend industry of the latest years.

This is largely a project that I built in less than a week, so it’s very raw.

Sounds like vibe-coding again?! Nah, hardly that, but what is true is that it’s something fresh you can experiment with. At least if you need a new JS/TS framework. Because some folks proceed to argue you don’t, actually!

I’m just trying to show you everything that’s possible

Will the result be as shiny as Next.js’ official website? Probably not. Will that help to prevent performance bottlenecks and many supply-chain security threats?! Hell yeah, you bet! And Dominik Meca supplements that with some additional details of why Next.js is especially a bad choice in his rebel-yell post permeated with bitter experience.

You might think that this is just a singular issue and I’m overreacting. But there’s bugs and edge cases around every corner. How did they manage to make TypeScript compile slower than Rust? Why make a distinction between code running on client and server and then not give me any tools to take advantage of that? Why? Why? Why?

The Noteworthy

And if you’re persuaded that new and shiny are not the right choices yet, I have good news for you: Gatsby, one of the metaframework grandfathers (considered to be rather dead than alive) is somewhat back and feeling good, thanks to several interesting releases from Philippe Serhal of Netlify. It’s still in a sort of maintenance mode but I believe everyone is happy with that because it means the users are still safe to use it and not be afraid of the latest security threats, for instance. For me personally Gatsby is a tool I built my first personal website with (not counting my blues-harmonica-master WYSIWYG-tool-generated webpage of yore) so it’s crazy nostalgia and a tool of (and for!) love.

Next.js also released some minor updates which, considering the scale of Next.js, are not that minor in fact and include a lot of experimental and stable features, as well as some important deprecations. I’m still quite confused about the way Next’s GitHub releases work (why 15.1.1.canary.12 goes after 15.1.2!?), but you can find the details on the corresponding page though.

Vite 7 empowers some new minors from Analog and Qwik continuing the victorious march through the vastness of the basements of metaframeworks laboratories.

Astro guys had published the traditional monthly awesomeness from the metaframework’s ecosystem, including a lot of beneficial comparisons with you-know-who already mentioned before. And recently the RedwoodSDK joined the army of awesomeness sharers with their “Week in Redwood” newsletter which you can secretly (the lifehack!) subscribe to on the old Redwood website.

All in all, September hadn’t started with drastic changes (as it sometimes does), but there are some interesting trends which I personally am eager to follow and watch for. I hope the newsletter updates won’t intimidate or confuse anyone but if you have any feedback to share, I’m really happy to chat — don’t hesitate to answer the email with this (or any!) issue, or just ping me directly to fyodor@metaframe.works.

👋