JSX.lol

On November 29th, Lachlan Davidson reported a security vulnerability in React that allows unauthenticated remote code execution [...] This vulnerability was disclosed as CVE-2025-55182 and is rated CVSS 10.0.

By default, you get the dreaded hydration pattern—do all the computing on the server in JavaScript (yay!), serve up HTML straight away (yay! yay!) …and then serve up all the same JavaScript that’s on the server anyway (ya—wait, what?).

React’s mobile strategy inherently drives teams toward platform capture. The web offers an alternative: no gatekeepers, no platform fees, direct distribution.

React’s core failure is compounded by confusing API design for which documentation is indecisive, essays are written, and correct usage is endlessly debated.

When teams need a new frontend, the conversation rarely starts with “What are the constraints and which tool best fits them?” It often starts with “Let’s use React; everyone knows React.” That reflex creates a self-perpetuating cycle where network effects, rather than technical fit, decide architecture.

To dismiss this entire problem as a "skill issue" and imply all is good now because an external library solved an issue that React will allow you to do is very curious to me. [...] You would think you can come back to a technology after three years and still be able to work on it - I mean, how much can it change? In any other stack, that might be true, but in frontend development, and React especially so - it's too naive to think that.

React isn’t just slow — it’s a bloated ecosystem with technical debt baked into its DNA. Yet despite this, it keeps being chosen. Why?

It would be too easy to just say React is, well, downright insane, and go on with our lives. But as reasonable primates, I believe we can do better. We can try to understand it.

My day-to-day consulting work, along with high-visibility industry data, shows that the React community is mired in a deep, measurable quality crisis. But attendees of React Summit who didn't already know wouldn't hear about it.

Next.js has become a Vercel vendor lock-in disguised as an open-source framework. Save yourself the headache and choose something else for your "next" project.

Several CTOs mentioned a surprising problem: while React developers are plentiful, truly skilled ones who understand the deeper patterns are increasingly rare and expensive. [...] Several companies reported that their most experienced engineers were getting frustrated with the growing complexity and leaving for roles using other technologies.

[...] baseline HTML that gets progressively enhanced into something better when JS is available… 1. Gives people a more usable experience earlier in the process. 2. Ensures that on slow connections your site doesn’t seem like trash. 3. Means that if something goes wrong, people can still use your site.

Last weekend, Vercel disclosed a critical security vulnerability with Next.js. This type of issue is normal, but the way Vercel chose to handle it was so poor, reckless and disrespectful to the community that it has exacerbated my concerns about the governance of the project.

I have used React for a long time. Trust me when I tell you: There is no reason to use it and a lot of reasons against it.

Maybe it’s the changing interest rates or political winds, but I think the “fat client” era JS-heavy frontends is on its way out. The hype around edge applications is misplaced and unnecessary for building many different flavors of successful businesses. Many interactions are not possible without JavaScript, but that doesn’t mean we should look to write more than we have to.

Frameworkism preaches that the way to improve user experiences is to adopt more (or different) tooling from the framework's ecosystem. This provides adherents with something to do that looks plausibly like engineering, except it isn't. It can even become a totalising commitment; solutions to user problems outside the framework's expanded cinematic universe are unavailable to the frameworkist.

React proponents might claim that React will teach you modern UI, but from what I've seen it barely copes with modern UI. autofocus is broken, custom elements don't work in all but the experimental version, using any "modern" features like dialog or popovers requires useEffect, and the synthetic event system teaches you so little about how DOM actually works. This isn't modern UI, it's UI from 2013 at its inception.

React has become a bloated carcass of false promises, misleading claims, and unending layers of backwards compatibility – the wrong kind of backwards compatibility, as they still occasionally break your fucking code when updating.

Locate your /node_modules folder and drag it to the trash bin.

Applets. ActiveX. Flash. Flex. Silverlight. Angular. React. Plenty of corporations thought they knew better but failed to see the larger picture.

Its proponents can be weird, it takes itself far too seriously, and its documentation is interminable. These are some ways that some people have described Christianity. This video is about React.js.

Refuse to go along with plans to build YAJSD (Yet Another JavaScript Disaster). Engineering leaders look to their senior engineers for trusted guidance about what technologies to adopt. When someone inevitably proposes the React rewrite, do not be silent.

If you’re a new web developer entering the profession, you might even consider eschewing React altogether — although admittedly, that will diminish your short-term job prospects. But it’s at least an option to seriously consider, and might even help you land a job with a forward-thinking employer.

One dev team made the shift from React’s "overwhelming VDOM" to modern DOM APIs. They immediately saw speed and interaction improvements.

After a lot of public pushback, heated discussions, and probably a good deal of talking behind the scenes, the React team backed out and decided to hold off on this change for now.

moving away from React to a modern Web Components + HTML-first architecture has had a *huge* benefit for users, particularly folks on low-end hardware

React is, for the vast, vast majority of organisations making web-facing software, objectively worse than many of the alternatives.

I’ve seen all those headlines about Svelte being the “most loved” framework, and… well I admit, I just ignored it as noise. But the next time that survey comes around, I’ll be right up there with them, waving from the Svelte bandwagon.

I talk about an apparent attitude shift in attitude towards React in the community and also make some recommendations about decision-making for your projects.

Personally, I would love it if more people were complaining about the dreadful user experience inflicted by client-side React. Instead the complaints are universally about the developer experience.

By ejecting from the thrash of React and other heavy-handed frameworks and doubling down on web fundamentals, you’ll be future-proofing both your career and your codebases.

Why the heck is everyone reaching for React as soon as something on the screen needs to update? And why do we insist on squishing our frontend concerns together with our backend concerns?

However, today I see two problems that make me enjoy React a little less and make me worry that new developers might be intimidated by it: ownership and complexity.

After a false start with React in 2023, we’re now on a tech stack that we’re not fighting against and that maps better to our customers’ domain.

[...] I still reach for React when I want to build something somewhat complex, I just… wish I were happier about it when I do.

It has been one and a half years since the last React release, far longer than any previous release took.

At the same time, React has done nothing (besides an abandoned experiment in 2019) to improve their pitiful client-side story. It is a legacy framework created to solve Facebook-scale problems with Facebook-scale resources, and as such is a bad fit for most use cases.

Performance challenges with a React SPA created an opportunity to explore Liveview. After two days of exploration, we were convinced Liveview provided a path forward, and within a few weeks, we replaced our React SPA with Liveview.

You should stop using React. In fact, you probably should have never used React in any of the projects you used it on. But before you pull out your sawed-off shotgun and shoot me, hear me out.

Hooks in React are tricky to use correctly and even harder to use in a performant way. This has left many applications with poor code quality and bad performance, but that doesn’t have to be the case anymore.

Making the case that you should not use React Server Components if you want to ship applications quickly. If you want to learn, experiment, or make content, by all means!

Feels like React is playing his own game by his own rules.

How do we improve JavaScript usage, teach progressive enhancement and reconcile the community?

There have been a number of criticisms levied at the React project over the years, some of them handled and some of them still wavering in the wind.