The Changelog: Software Development, Open Source - What will React come up with Next? (News)
Episode Date: October 30, 2023The hubbub of the web dev world right now is Next.js' integration of React Server Components, Kent C. Dodds writes up why he doesn't use Next, Lee Robinson responds with why he does, the NixOS team hi...ts a milestone in their reproducible builds effort & OpenSign is an open source alternative to DocuSign.
Transcript
Discussion (0)
What up, nerds?
Shaboy!
I'm Jared, and this is Changelog News for the week of Monday, October 30th, 2023.
Move over, T-Swift!
Changelog beats logged over 5,000 streams in our first week as an artist.
That's good, right? Is that good? I don't know.
I don't know what's good. I'm not an artist. Now, if we could just get one of our tracks into a
viral TikTok dance challenge, we could quit our day jobs, but we probably wouldn't. Anyways,
we'll be at QCon North America next week. No booth this time around, so you'll have to reach out to meet up
or hope you run into us wandering the hallways
like everyone else.
Okay, let's get into the news,
which admittedly is web dev heavy this week.
The hubbub of the web dev world right now
is Next.js' integration of React server components,
specifically the useServer directive,
which lets you write React components
that run SQL queries
and presumably other server-side things.
People's gut reaction to this
has been all over the map.
Maybe it sounds super powerful
and expressive to you.
Maybe it sounds super dangerous and sloppy.
Me?
It reminds me a lot of the index.php files
we wrote at the turn of the century,
which isn't something I want in my life anymore, but I'm withholding judgment until I see more.
In the wake of this divisive news came criticism and acclaim for Next.js itself,
even though it is the React team enabling and promoting the behavior,
which leads us to our next headlines.
Kent C. Dodds is a Remix guy, so it's not a surprise that he prefers it over Next.
But he gets asked a lot why he prefers it,
so he wrote down his reasonings with the following disclaimer.
Quote,
I like to focus most of my time and attention
on the positive side of software development.
I would much rather write a post titled Why I Use Remix
and written about the things I love about Remix.
I've already done this.
But a lot of people have asked me specifically about Next.js,
and this post is for them.
I'm not here to bash on Next.js.
I'm just here to add an honest take of my personal perception
and experience with Next.js.
If you'd rather not hear negative things about Next,
then I invite you to stop reading now,
go outside,
and touch some grass. End quote. I invite you to stop reading now, go outside, and touch
some grass. End quote. I'll give you the bullet points and you can click through for the full
explanations if interested. Next.js doesn't always use or promote the web platform. Next.js is
attached to Vercel, both dev and easy to deploy.
Next.js is eating React.
Next.js has too much magic.
Next.js is getting overly complex.
And Next.js favors features over stability.
In response to Kent's post, Lee Robinson, who is the vice president of DX at Vercel, makes the case for Next.js with the following disclaimer.
Quote,
Kent is an incredible member of the React community.
I've learned a lot from him over the years,
especially his material on testing,
and this blog actually uses a library he created, MDX Bundler.
So thank you.
If you're new here, I'm Lee.
I work on Next.js.
I've also made some courses about using Next.js before I joined
Vercel. Both Kent and I are passionate about the tools we use. I'm often asked about my opinions
on Next.js versus other frameworks. This post is for the folks in the Next.js community who
are wondering about some of the points Kent brings up. End quote. Once again, I'll give
you his bullet points and you can click through for the full explainers if interested.
Learning Next.js helps you learn the web platform.
All Next.js features work self-hosted.
Server components and server actions are independent of Vercel.
The React canary channel is stable for frameworks like Next.js to adopt.
And server components are production ready.
Two intelligent guys explaining their positions in great detail.
Both posts are worth a read, so you can make informed decisions of your own.
It's now time for Sponsored News.
Socket Security for GitHub protects your apps from those dreaded supply chain attacks right where you live.
Whenever a new dependency is added in a pull request, Socket analyzes the package's behavior and security risk.
The best part, Socket is quick and easy to install.
Simply install the official GitHub app from the Marketplace,
choose the repos you want it to protect,
and Socket will automatically analyze your project and keep you secure.
But don't take our word for it.
Check it out for yourself
using the link in your show notes and chapter data.
Thanks once again to Firas and our friends at Socket
for sponsoring this week on ChangeLog News.
The NixOS team has successfully
performed a reproducible build of A, all packages that make it into the ISO, and B, the building of
the ISO itself. This is progress from their 2021 announcement, which only had reproduced the
individual packages. Why are reproducible builds important? Quote, while there are a number of side
benefits, the main point of reproducible builds is that Quote, while there are a number of side benefits,
the main point of reproducible builds
is that it gives us a reliable way to verify
the binaries we ship are faithful to their sources
and have not been tampered with
anywhere in the build pipeline, end quote.
They still haven't arrived at the promised land yet.
There's a lot more to do
to reap the benefits of reproducibility,
such as removing a few hacks they put in to achieve this,
making more packages reproducible,
setting up infrastructure so they can regularly, independently rebuild artifacts, and more.
But, big progress. Exciting stuff.
OpenSign is a project by OpenSign Labs with a mission to democratize the e-signing process,
making it acceptable and straightforward for everyone.
The easiest way to think about OpenSign
is a free and open-source alternative to DocuSign.
The software currently features secure signing,
a user-friendly interface, audit trails,
and an API for integration into other software and services.
Host it yourself as a React, Node, and MongoDB app,
or opt for their cloud-hosted version.
That's the news for now,
but we have some great pods coming up for you this week.
On Tuesday, Filippo Valsorda and Roland Shoemaker
from the Go team talk cryptography libraries on GoTime.
On Wednesday, Gene Yong from Postman joins Adam and I
for a deep dive on API observability. Thursday
brings Valerie Phoenix from Tech by Choice to JS Party. And on Friday, we sit down with the
mysterious Breakmaster Cylinder on Changelog and Friends. Have a great week. Tell your friends
about Changelog News if you dig it. Seriously, do it, do it. And I'll talk to you again real soon.