←back to thread

Denial of service and source code exposure in React Server Components

(react.dev)
298 points sangeeth96 | 2 comments | 11 Dec 25 20:46 UTC | HN request time: 0.504s | source
1. WatchDog ◴[12 Dec 25 02:15 UTC] No.46240134[source]
When I looked into RSC last week, I was struck by how complex it was, and how little documentation there seems to be on it.

In fairness react present it as an "experimental" library, although that didn't stop nextjs from widely deploying it.

I suspect there will be many more security issues found in it over the next few weeks.

Nextjs ups the complexity orders of magnitude, I couldn't even figure out how to set any breakpoints on the RSC code within next.

Next vendors most of their dependencies, and they have an enormously complex build system.

The benefits that next and RSC offer, really don't seem to be worth the cost.

replies(1): >>46241592 #
2. firtoz ◴[12 Dec 25 07:05 UTC] No.46241592[source]
People did complain about next exposing "react, not ready for production" things as "the latest and greatest thing from nextjs" for quite a while now

I had moved off nextjs for reasons like these, the mind load was getting too heavy for not too much benefit