Issue #45: Everyday People
The ubiquity of React made people seriously talk about adding it to browsers natively and restructuring mental paradigms to React ways in absolutely unexpected places. “Just use React” mantra may either bring sympathy or disgust (rarely facepalming indifference, like for myself), and all things considered, it is a mainstream technology these days. But what I wanted to suggest you take a look at is some new and/or rather contrarian opinions on using React as a core of a metaframework — from tools getting wider adoption to new kids on the block. Let’s get into some intricate shades of some interesting React flavors.
The Good
The guys from Waku, my favorite (and one of the most minimalist) implementation of React Server Components (RSC) architecture, announced the finish line for Waku’s 1.0 version. Be aware: the release (predictably) includes some breaking changes specifically related to Node support, some RSC parts, and the router. Interestingly, the metaframework’s author Daishi Kato had recently shared some neat implementation details of the latter, for the file-based routing in particular, which takes only ~170 lines of code, imports and comments included! (I told you the tool is minimalist!)
Among other interesting and insightful sharings, this piece from Matija Sosic (who had built the React metaframework tool of interest — Wasp — with his brother Martin before we started to call these tools metaframeworks) stands alone as a respectfully vulnerable acceptance of the cruel reality of the modern web development market: developers are scared of programming! This discovery (emphasized by unavoidable AI role in the modern Developer Experience), as usual, led to boring (in good sense!.. right?) TypeScript. Basically, only “the API layer” changes with that pushing the existing custom DSL away (the freaking cool Haskell compiler doesn’t go anywhere!) and widely opening the gate for developers to participate in the metaframework’s path to a stable version.
[A]pp-level understanding doesn’t change at all with the switch from Wasp’s custom language to TypeScript. We only swapped the “front end” of the compiler, or how you define a high-level app spec in Wasp.
Talking about the APIs in the React ecosystem, there’s an interesting research from Long Ho engaging the groundbreaking role of RSC server functions in the modern React metaframeworks like Next.js.
[T]he deeper point is not specific to one framework. If a client can invoke server code through a generated server reference, that reference has API-like failure modes […] [RSC server functions] need to be treated with the same care as any other RPC layer.
And if you’re up to some other deep React esoterics and a bit of (justified, unfortunately) engineering complexity, Christoph Nakazawa had shared a big milestone for his [comparatively new] async React toolset called fate, which, along with the adjacent ecosystem of packages (and a good kick from Vite+), gets to the level of metaframeworks too at this stage with a decent and distinct mental paradigm of a robust data exchange protocol underneath.
The Bad
Metaframeworks are suffering loudly these days, together with the whole npm ecosystem. This “The Bad” block of the newsletter seems to grow bigger each time and focus more and more on security rather than some confusing technical aspects, as nothing confuses more than your favorite tool bringing you pain.
The recent TanStack security story is quite characteristic in this regard even though it is probably largely emphasized by the width of the tooling ecosystem.
Packages affected: 42 packages, 84 versions (two per package, published roughly 6 minutes apart).
Next.js, Nuxt, and SvelteKit followed suit closely, so assuming you read this newsletter for practical reason, there’s a huge chance you need to go and update your dependencies right now!
Not only the popular metaframeworks were affected in this wave of npm ecosystem vulnerabilities, of course — the Shai Hulud goes on full speed, echoes of wars propagate long after zero days, and deep research on the mechanics of different “fashionable” attacks grow like mushrooms after a rain. The fixes are boring and known, but there are voices and ideas that still need to be heard in this industry, and as soon as possible, otherwise the AI-empowered wave of adversarial events won’t ever weaken.
The Noteworthy
On a calm and positive side we have some new releases worth mentioning, as ever. And the first of them is, of course, from Astro team, which published the new version 6.3 (incentivizing me to update this project, and go wider, and suffer from vulnerable dependencies pain, and roll back some stuff, and all and more, as everyone does following the semantic versions OCD) with the huge hit — experimental advanced routing bringing the possibility to use multipurpose versatile handlers for your routes. I’m yet to reach the complexity level of this sort in any Astro project I work with but for some consumers this step is a big PRO for using Astro instead of a more “dynamic” tool with similar capabilities.
React Router team (in rare breaks between working on the new Remix, I believe) had also published the new version of the tool (with 11 occurrences of the word “Stabilize” in the release notes) with (not surprisingly) a lot of improvements to actual routing, including the [meta]Framework mode.
The April’s Tales from Void share some updates from the Vite ecosystem (reads like “the metaframeworks ecosystem”) concerning behind-the-scenes technical and architectural changes mostly. One cool thing I can’t stop sharing with my peers is this new Vitest’s “Writing tests” guide which is probably the second-best thing (after your AI coding assistant, of course) in terms of helping to write unit tests today, especially in terms of the ubiquitous blank slate syndrome.
With that, as usual, a couple of summarizing words of wisdom from an old MF (metaframeworks!) fart: write more tests, pin and update your dependencies in time (but not too early!), and don’t hesitate to try new tools, even when sticking with old boring technologies as the way of living working — you never know what new awesome ideas (or old nostalgic references) you may acquire.
đź‘‹