Steven β¬’
@styfle
Followers
5K
Following
39K
Media
737
Statuses
7K
π Software Shepherd @vercel π Contributor to @nextjs @reactjs @nodejs @tc39 π€΅ Husband & Father βοΈ Jesus lover
::1
Joined May 2008
Package Phobia just hit 1000 stars π π€© π« https://t.co/dYcrYZm258
github.com
βοΈ Find the cost of adding a new dependency to your project - styfle/packagephobia
4
3
59
Hey @jaredpalmer Can we get a new subscribe option to get notified when the PR is released? Right now, I can get notified when the PR is merged, but I'm not gonna build https://t.co/sriR1VT8l2 from source. Actually two new checkboxes - one for prerelease and one for stable
2
0
26
Itβs not too many filesβ¦itβs too many dependencies
I am calling for a total and complete shutdown of any new files in the root directory until our representatives can figure out what is going on
1
1
13
To put this in perspective - Temporal is coming to a JS runtime near you and will be 0 bytes to install, but even using the temporal-polyfill npm package is only 736KB. That means date-fns is 30x larger install size than temporal-polyfill π€― You can improve your CI install time
date-fns 3.6.0 increased install size from 4.7MB to 21.1MB https://t.co/TqbB69NwSx
9
16
372
I was walking the dog this morning, and as dogs do, she had to stop to pee. A man driving by leaned out the window and screamed "PICKUP YOUR SH!T" Now this man probably didnβt realize that female dogs squat to pee. So I had to think of a way to inform him of this matter, so
2
0
13
date-fns 3.6.0 increased install size from 4.7MB to 21.1MB https://t.co/TqbB69NwSx
github.com
Comparing version 3.5.0 and 3.6.0, date-fns increased install size from 4.7MB to 21.1MB. This seems like a bug. https://packagephobia.com/[email protected]
25
22
379
We want to thank the hackerone community for an incredible collaboration over the weekend. They discovered a total of 15 unique issues, leading to an expected payout of $750K. Our eng team has hardened the WAF as issues were discovered, and the last "flag capture" was 20 hours
vercel.com
CVE-2025-55182 is a critical vulnerability in React, Next.js, and other frameworks that requires immediate action
We introduced a dedicated HackerOne program for Vercel WAF bypasses for CVE-2025-55182 / react2shell Critical bypass: $50K https://t.co/90NnL06Vnx
20
47
537
The latest on React2Shell: β’ Upgrade to a patched version immediately β’ Use πππ‘ πππ‘-ππππππΈπππππ-πππ‘π to start β’ Rotate secrets Updates and guidance will be published in the React2Shell Bulletin β
vercel.com
CVE-2025-55182 is a critical vulnerability in React, Next.js, and other frameworks that requires immediate action
5
26
207
Update on CVE-2025-66478 (React2Shell): An npm package has been released to scan and update affected Next.js apps. Use `npx fix-react2shell-next` to update to patched versions. All users should update as soon as possible. More details our blog: https://t.co/fjNfpv3huI
nextjs.org
A critical vulnerability (CVE-2025-66478) has been identified in the React Server Components protocol. Users should upgrade to patched versions immediately.
46
352
2K
Meet Nanovatar, a fun new way to generate your own avatar using AI. Just: β’ Sign in with Vercel β’ Describe your dream avatar β’ Draw from your AI Gateway wallet β’ Pick Nano Banana or Nano Banana Pro No markup, at token cost. https://t.co/BuCpQi2IA7
5
9
98
The developer was probably trying to prevent layout shift π
at an old company there were random reports of users seeing "a purple guy" show up around the app turns out one of the devs had uploaded a screenshot of his runescape wizard during a test as `undefined.png` and all their code looked like this <img src={`{imageUrl}.png`} />
0
0
3
Node.js added support for path rewrites for #/ wildcard. This means you don't need typescript voodoo to use project relative imports. Thanks to @hybristdev
https://t.co/gHb3w91FcQ
github.com
It's a common ecosystem pattern to map a source root directory to @/ but it requires special tooling support. This turns #/* into a more realistic alternative for that pattern. See: #49182
8
32
306
Them: Do not deploy on Fridays Them also: And absolutely do not deploy on Black Friday! Vercel customers so far today: https://t.co/PBk8taIpxa
23
8
330
i'm looking for someone truly obsessed with web performance to join the Next.js team no need for prior framework experience, just strong React skills and real product performance wins :) if you love squeezing every millisecond out of the web, please reach out π
87
30
521
Now you can safely increase your image optimization TTL to longer periods (say 30 days) without fear of having to wait. When the source image changes, you can purge it on-demand π
You can now invalidate the CDN cache by source image. ππππππ { πππππππππππ±π’ππππΈππππ } ππππ '@ππππππ/πππππππππ' Available for all teams on the new image optimization price. https://t.co/DhZ2Q4DETV
0
0
3
Big if true (pun intended)
Sooo. Apparently. Cloudflares outage was caused by a single oversized configuration file used for bots and threat related blocks. The file which auto generates from live threat intel, grew far beyond expected size. When the system reloaded it during routine opss, the bot
0
1
2
Descartes DeScript? That one had to be trolling, right? π
At https://t.co/lXXgqcsAKL Allen tells the story about the alternative names that were considered for JavaScript. It could have been Cool or Rad, but ultimately became ECMA.
1
0
6
Vercel now natively supports bulk redirects, scaling up to 1 million redirects per project. Set ππππππππππππππΏπππ to your redirects folder and they'll be automatically imported at build time. Available for Pro and Enterprise teams. https://t.co/QjN9Llfw82
vercel.com
Using bulk redirects, you can import millions of redirects via csv and other formats natively with Vercel.
8
11
173