Issue #46: School's Out
Schools are out, some Spring pressure is out too, with managers taking on their vacationing panamas and leaving us some space to work in calm and pleasant Slack silence along with our IDEs and dusty mechanical keyboards. What you gonna tackle first? I bet if you read this newsletter, that would be some new shiny metaframeworks or tools from Vite ecosystem (unless you’re focusing on sandboxing your dev environment away from them bloody supply chain attackers). In this case I’ve got something tasty for ya, check it out and let me know how it was, as usual – and let the Summer of code begin!
The Good
I already told you about the new Preact-based metaframework pracht by Jovi De Croock about a month ago. The tool got a lot of updates since then, including the neat website and the insightful philosophy behind.
Everyone deserves a framework.
On top of that, the story of pracht is the story of ethical thoughtful AI assistance, love it or hate it.
That is the version of AI-assisted development I actually believe in.
It’s becoming easier to build your own metaframework these days, taking into account that Vite (which is foundational for almost all of them) is a kind of metaframework by itself in the latest version (especially with Vite+ and Void). But then you can easily find yourself trapped between dozens of hard and arguable decisions requiring well-aware opinions, and that’s not something everyone of us can brag about. So good well-engineered setups by trusted community members are something I personally pay a lot of attention to, and that’s how big things like SvelteKit, or Analog, or TanStack Start had started some time ago — from good experience, solid opinions, and Vite.
And if you want something more granular and less laser-focused but with big love for Preact too, you can check out hono-preact by Steven Beshensky (and Claude Code). Hono becomes another foundational part of the full-stack web development ecosystem and allows you to build a lot on top of it too (again, just directly, but also with HonoX). As I found a couple of days ago, it even got a new modern proxy helper to replace http-proxy-middleware with which I had a lot of not-fun time recently.
The Bad
But popularity brings a lot of bad attention too, as usual. The very Hono needed a dedicated patch release to take care of several vulnerabilities found at a time by different researchers. At least these were ethical disclosure, similar to the recent wave Vite tackled too. npm ecosystem could come up with much worse things, as we saw quite recently – all these mini Shai-Huluds and worms of all sorts, related and not related to crypto stealers, and often masking behind security tools themselves or tools and IDE extensions many developers love and use daily. It doesn’t seem to stop anytime soon, so be aware of the stuff you install and engage in your direct work and with access to your system files (TL;DR: you can clean up your dev tools by a half without losing good stuff, I promise!).
This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution.
Npm itself now provides new staged publishing possibilities for tooling authors so there’s some hope for gaining back control over the open-source supply chain ecosystem, but we need to remember how dangerous blind automation is, especially in these dark AI prevalence times.
The Noteworthy
While some (once popular and loved) metaframeworks come with a brilliant idea to take money for using their toolsets, noble and hard-working OSS maintainers proceed to deliver cool stuff out of love for the art itself, so let’s see what we got this last fortnight.
First of all, we welcome a couple of relatively new metaframeworks on the scene. The tool with a beautiful name Lupine.js is quite esoteric for usual eye but its zero-dependencies approach is so enticing. Another one, Mastro (“Minimal Astro”) is also impressive by its simplicity and minimalism, as well as thoughtful ideas behind.
The whole source code of Mastro is just ~700 lines of TypeScript, which easily fits into an LLM’s context (or a human’s). And just like types prevent humans from making stupid mistakes, they do the same for LLMs.
The oldmen like Remix also don’t stagnate and constantly cook something, like the (another) new website for a change (full browser support seems to come later). Interestingly, Vue-based Quasar comes with much deeper takes and updates including some breaking changes to CLI and metaframework utilities. Qwik City team had published some minor updates with focus on plugins and routing.
Astro, as ever, has a lot of overwhelming news including the new minor release with interesting updates for markdown processing (which is basically at the heart of any static site generator), based (🥁) on Rust! The tool behind is quite impressive (even though the browser support is quite lacking still and in my case rendering with blazing-fast Rust was much slower than with drastically obsolete Webpack-based Gridsome, for instance), even being new, and most importantly, doesn’t have Claude Code in the list of contributors, so worth trying, all in all.
If you’re into new reading about the metaframeworks topics, I have some stuff for your bookmarks – this time it’s about RSCs. Aurora Scharff published a nice deep dive into server components architecture, and Adam Rackis dedicated a good post on Frontend Masters to RSCs in TanStack Start. The latter had recently gotten an interesting experimental update worth diving into as well – deferred hydration – so a bit more, and it will become almost as powerful as Angular! (Just kidding – no one will be able to…)
You see, we have a lot to learn this Summer, and I’m pretty sure there will be multiple surprises, changes, predictions, threats, and whatnot. Let’s try to stay safe and thoughtful on the way, no matter what adversaries (and our coding agents) try to do with us (and our coding agents). Three warmest months ahead — to experiment, invent, build, and of course, have some rest. Let me know if you have anything special for the Summer in response, and have a great heatwave of awesomeness as a tailwind otherwise.
👋