frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Denial of service and source code exposure in React Server Components

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
56•sangeeth96•1h ago

Comments

chuckadams•40m ago
I remember when the point of an SPA was to not have all these elaborate conversations with the server. Just "here's the whole app, now only ask me for raw data."
tshaddox•34m ago
That was indeed one of the main points of SPAs, but React Server Components are generally not used for pure SPAs.
reactordev•10m ago
Correct, their main purpose is ecosystem lock-in. Because why return json when you can return html. Why even build a SPA when the old school model of server-side includes and PHP worked just fine? TS with koa and htmx if you must but server-side react components are kind of a waste of time. Give me one example where server side react components are the answer over a fetch and json or just fetching an html page?
rustystump•6m ago
It also decoupled fe and backend. You could use the same apis for say mobile, desktop and web. Teams didnt have to cross streams allowing for deeper expertise on each side.

Now they are shoving server rendering into react native…

rikafurude21•24m ago
Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues
billywhizz•19m ago
is it not obvious?

> These issues are present in the patches published last week.

> The patches published last week are vulnerable.

> If you already updated for the Critical Security Vulnerability, you will need to update again.

ChrisArchitect•5m ago
Related:

React2Shell and related RSC vulnerabilities threat brief - Cloudflare

https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-... (https://news.ycombinator.com/item?id=46237515)

GPT-5.2

https://openai.com/index/introducing-gpt-5-2/
500•atgctg•3h ago•390 comments

Denial of service and source code exposure in React Server Components

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-comp...
56•sangeeth96•1h ago•7 comments

Rivian Unveils Custom Silicon, R2 Lidar Roadmap, and Universal Hands Free

https://riviantrackr.com/news/rivian-unveils-custom-silicon-r2-lidar-roadmap-universal-hands-free...
118•doctoboggan•3h ago•143 comments

Litestream VFS

https://fly.io/blog/litestream-vfs/
160•emschwartz•3h ago•53 comments

An SVG is all you need

https://jon.recoil.org/blog/2025/12/an-svg-is-all-you-need.html
57•sadiq•2h ago•20 comments

The highest quality codebase

https://gricha.dev/blog/the-highest-quality-codebase
345•Gricha•3d ago•263 comments

Show HN: Sim – Apache-2.0 n8n alternative

https://github.com/simstudioai/sim
94•waleedlatif1•4h ago•12 comments

Almond (YC X25) Is Hiring SWEs and MechEs

https://www.ycombinator.com/companies/almond-2/jobs
1•shawnpatel•47m ago

The architecture of “not bad”: Decoding the Chinese source code of the void

https://suggger.substack.com/p/the-architecture-of-not-bad-decoding
19•Suggger•7h ago•11 comments

UK House of Lords attempting to ban use of VPNs by anyone under 16

https://alecmuffett.com/article/134925
18•nvarsj•1h ago•4 comments

My productivity app is a never-ending .txt file (2020)

https://jeffhuang.com/productivity_text_file/
85•simonebrunozzi•2h ago•60 comments

Craft software that makes people feel something

https://rapha.land/craft-software-that-makes-people-feel-something/
190•lukeio•8h ago•96 comments

Programmers and software developers lost the plot on naming their tools

https://larr.net/p/namings.html
59•todsacerdoti•3h ago•98 comments

Going Through Snowden Documents, Part 1

https://libroot.org/posts/going-through-snowden-documents-part-1/
134•libroot•2h ago•73 comments

Prove It All Night: With no fame or fortune, what keeps a band onstage? (1999)

https://chicagoreader.com/news/prove-it-all-night/
36•NaOH•1w ago•7 comments

Launch HN: BrowserBook (YC F24) – IDE for deterministic browser automation

53•cschlaepfer•6h ago•30 comments

An Orbital House of Cards: Frequent Megaconstellation Close Conjunctions

https://arxiv.org/abs/2512.09643
71•rapnie•6h ago•38 comments

Auto-grading decade-old Hacker News discussions with hindsight

https://karpathy.bearblog.dev/auto-grade-hn/
548•__rito__•1d ago•246 comments

iPhone Typos? It's Not Just You – The iOS Keyboard Is Broken [video]

https://www.youtube.com/watch?v=hksVvXONrIo
348•walterbell•6h ago•261 comments

Deprecate like you mean it

https://entropicthoughts.com/deprecate-like-you-mean-it
44•todsacerdoti•5h ago•108 comments

The Walt Disney Company and OpenAI Partner on Sora

https://openai.com/index/disney-sora-agreement/
86•inesranzo•7h ago•363 comments

Golang optimizations for high‑volume services

https://packagemain.tech/p/golang-optimizations-for-highvolume
25•der_gopher•3d ago•6 comments

French supermarket's Christmas advert is worldwide hit (without AI) [video]

https://www.youtube.com/watch?v=Na9VmMNJvsA
125•gbugniot•8h ago•76 comments

Contact Sheet Prompting

https://www.willienotwilly.com/contact-sheet-prompting
4•handfuloflight•3d ago•1 comments

EFF launches Age Verification Hub

https://www.eff.org/press/releases/eff-launches-age-verification-hub-resource-against-misguided-laws
157•iamnothere•1d ago•132 comments

Patterns.dev

https://www.patterns.dev/
540•handfuloflight•20h ago•124 comments

Show HN: Local Privacy Firewall-blocks PII and secrets before ChatGPT sees them

https://github.com/privacyshield-ai/privacy-firewall
92•arnabkarsarkar•2d ago•37 comments

Helldivers 2 on-disk size 85% reduction

https://store.steampowered.com/news/app/553850/view/491583942944621371
226•SergeAx•1w ago•237 comments

Encountering Japanese ellipses in English translations (2013)

https://legendsoflocalization.com/articles/japanese-ellipsis-usage/
13•tosh•1w ago•0 comments

Oldest attestation of Austronesian language: Đông Yên Châu inscription

https://en.wikipedia.org/wiki/%C4%90%C3%B4ng_Y%C3%AAn_Ch%C3%A2u_inscription
61•teleforce•5d ago•22 comments