Hi everyone!

A major React 19 Server Functions vulnerability has just been disclosed. Make sure to upgrade your React 19 or meta-framework ASAP!

On the mobile side, we have more positive news: RNRepo should speed up our React Native builds even more, and Shared Elements Transitions are coming soon! (unlike React Native 1.0 😅)

Don’t forget to answer the State of React 2025 survey while it’s still open!

As always, thanks for supporting us on your favorite platform:

• 🦋 Bluesky

• ✖️ X / Twitter

• 👔 LinkedIn

• 👽 Reddit

William CandillonReact-Native animations expert - Youtuber

💸 Sponsor

AG Charts: The Best React Charts in the World.

AG Charts is a high-performance, canvas-based charting library from AG Grid.

Originally built to power AG Grid’s Integrated Charts, it now serves over 1M npm downloads each month.

• 🆓 Free: A wide range of chart types (bar, line, scatter, area, and more) — free, forever.

• 🚀 Fast: Optimised canvas rendering for large datasets (1M+ points).

• 🦾 Accessible: Built-in support for screen readers and keyboard navigation.

• 🔄 AG Grid Integration: Shared API with AG Grid for seamless integration.

👉 Get Started for Free: www.ag-grid.com/charts

⚛️ React

React 19 Critical Security Vulnerability in React Server Components

A critical (10.0) security vulnerability affects React 19. It allows unauthenticated remote code execution vulnerability in React Server Components by crafting a malicious HTTP request sent to a Server Function endpoint.

The React team recommends upgrading immediately. The vulnerability has been responsibly disclosed, and patches are already available for React 19 and the most popular frameworks that leverage RSCs: Next.js, Expo, React Router, Waku, Redwood, and more. Hosting providers can mitigate the issue thanks to their Web Application Firewalls.

• 💸 React Certification– Last Chance to get 50% off. Trusted by devs at Ford, PwC, Dell & 680+ companies. Exams by Microsoft MVP Aurora Scharff.

• 🐦 The Shopify Live Globe running on the Las Vegas Exosphere using React-Three-Fiber: If you are into creative web dev, you might also want to see their React-Three-Fiber pinball machine that also displays that globe.

• 👀 React-Redux issue - Mark connect as deprecated

• 📜 Without the blue bar: Re-implements GitHub using Next.js 16, RSC, ’use cache’ directives, and browser virtualization to show how much faster it could be.

• 📜 Building a toast component: The author of the popular React library Sonner shares various design engineering lessons.

• 📜 React Router’s take on React Server Components

• 📜 Use React <Activity /> to preload a video

• 📜 Use React <ViewTransition /> to Smoothly Transition Images and Titles

• 📜 React 19.2: The async shift is finally here

• 📜 React has changed, your Hooks should too

• 📜 The next era of React has arrived: Here’s what you need to know

• 📜 Migrating 6000 React tests using AI Agents and ASTs

• 📜 Vitest Browser Mode - The Future of Frontend Testing

• 📜 Why use React?

• 📦 React Router 7.10 - Stabilized various APIs: This also introduces a new unstable_useTransitions to opt-in/out of React transitions.

• 📦 Storybook 10.1 - Installation and accessibility improvements

• 📦 oRPC 1.12 - Configure default options for TanStack query/mutation

• 📦 Conform 1.14 - Improve useForm type inference, form reset, strip empty values by default

• 📦 CedarJS 1.0 - Actively maintained fork of RedwoodJS (winded down and renamed as Redwood GraphQL)

• 📦 Preact 10.28 - Types and perf improvements

• 📦 TanStack Form 1.17 - Fix React Compiler issues, React 17 compat

• 📦 StyleX 0.17.1 - Unplugin (universal bundler plugin), Custom Markers, default config options updated

• 📦 Base UI beta.7 - Various bug fixes before v1 that should come soon

• 📦 Zustand 5.0.9 - New unstable_ssrSafe middleware for usage with Next.js

• 🎥 Web Dev Simplified - Stop Writing React conditional code like this (use Activity)

• 🎥 Ankita Kulkarni - Cache directives - This Next.js Pattern Critical For Every Developer

• 🎙️ This Month in React 2025-11: Cloudflare outage, ongoing npm hacks, React Router is getting RSCs

Dominik DorfmeisterWeb Developer - React-Query maintainer

💸 Sponsor

Let AI fix your mistakes. It already generated the diff

Seer, Sentry’s AI debugger, finds what broke, tells you why, and figures out the fix. Now it can hand that root cause (with full issue context) to your Cursor agent to draft the PR automatically.

Here’s how it works and how to set it up.

📱 React-Native

RNRepo - Faster React Native Builds Through Prebuilt Artifacts

Software Mansion just unveiled RNRepo, a new infrastructure project aiming to speed up our React Native builds.

The idea is to prebuild popular native libraries against multiple React Native versions ahead of time, and host the artifacts on a Maven repository. Then, you can configure your build to download the prebuilt artifacts instead of building them locally, saving time and disk space. This should complete nicely the speed improvements we get with React Native core prebuilds and the Expo Build Cache providers.

For now, RNRepo is in beta. It only supports Android and 40 popular libraries, but iOS support is coming, and the community can request support for additional libraries.

• 💸 PostHog - Discover and debug issues with session replay for React Native.

• 📅 Release Calendar updated for 2026: The release dates for React Native 0.84-0.89 have been defined. No sign of 1.0, so we pray for 2027? 😇

• 🐦 Reanimated Shared Elements Transitions are coming: Software Mansion is teasing us about this highly anticipated Reanimated PR that could be merged anytime soon!

• 🐦 Marc Rousavy is bullish on hybrid approaches: I liked the comparison of React Native with the scripting layer of game engines like Unreal and Unity.

• 🐦 Hermes will soon support ISerialization (efficient opaque binary representation) for efficient message passing between runtimes: Will be the base of an upcoming Web Worker implementation 👀.

• 🎄 React Native Advent Calendar 2025

• 📜 Deep Links and Authentication in React Navigation 7: Explains how to deep link to screens behind auth and leverage a new UNSTABLE_routeNamesChangeBehavior option to help navigate to the deep link screen after login..

• 📜 Building an AI-Powered Note-Taking App in React Native - Part 4: Automatic Speech Recognition

• 📜 Bridging UIKit and SwiftUI in a Nitro Module

• 📜 Transcribing audio buffers from react-native-audio-api in Real-time

• 📦 Keyboard Controller 1.20 - Compatible with Expo Snacks, migrate from deprecated Reanimated useAnimatedKeyboard hook, new assureFocusedInputVisible() API

• 📦 Nitro Cookies - High-performance HTTP cookie management

• 📦 True Sheet 3.0 - New Architecture, automatic ScrollView detection, native header/footer, sheet stacking, Reanimated 4, edge-to-edge, and more

• 📦 Action Sheet 10.0 - Reanimated, edge-to-edge, improved keyboard behavior, better list support, new SheetManager APIs

• 📦 Expo Targets - Add iOS widgets, App Clips, iMessage stickers, share extensions, and wallet extensions to your Expo app — no native experience required

• 🎥 React Strict DOM: Nicolas Gallagher on Writing Once for Web & Native

• 🎥 Expo - How to send emails with Resend from your Expo app

• 🎙️ Rocket Ship 86 - CSS Grid, Faster JSON, Uniwind Experience, React Native Rails & Tiny Harvest Game Update

🔀 Other

• 📣 Progress on TypeScript 7: The 10x faster Go-based TypeScript compiler is coming! It already achieves great compatibility, and previews can easily be tested. TypeScript 6.0 will be the last JS-based release, and a bridge toward the newer implementation.

• 📣 Bun is joining Anthropic

• 📣 WebGPU is now supported in major browsers

• 📜 NPM Security Best Practices: How to Protect Your Packages After the 2025 Shai Hulud Attack

• 📦 Oxc Formatter Alpha - Rust-powered, Prettier-compatible code formatter

• 📦 Vite 8.0 beta - The Rolldown-powered Vite

• 📦 Valibot 1.2 - Type coercion, metadata examples, ISBN validation

• 📦 Prettier 3.7 - Improved formatting consistency and new plugin features

• 📦 Actsense - Audit your GitHub Actions to identify security vulnerabilities

🤭 Fun

See ya! 👋