#Next.js

3 articles

Tech Dec 18, 2025 5 min

React2Shell Was Such a Headache I Migrated from Next.js to Astro

CVSS 10.0 React2Shell, fix it and another vulnerability appears, fix again... I was done. Migrated to Astro — including a lesson learned from installing 60 shadcn UI components and using only one.

Next.js Astro Security Experiment

Tech Dec 10, 2025 2 min

npm Was Broken So I Switched to pnpm [React2Shell Vulnerability]

npm install kept failing with a mysterious error while patching Next.js/React for a security vulnerability. Switching to pnpm fixed it immediately.

npm pnpm Node.js Next.js React Security Troubleshooting Experiment

Tech Dec 10, 2025 updated 6 min

Notes on addressing the Next.js/React 'React2Shell' vulnerability

A summary of how to verify impact and the mitigation steps for the CVSS 10.0 React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478), plus additional DoS and source code exposure issues.

Next.js React Security Vulnerability Dify