Matt Brophy
@brophdawg11.com
Helping folks build better websites
Remix/React Router @Shopify 💿
Philadelphia
Remix/React Router @Shopify 💿
Philadelphia
Reposted by Matt Brophy
We just published 6 CVEs identifying security vulnerabilities in React Router and Remix v2
We recommend updating to the latest appropriate versions:
React Router v7 -- 7.12.0
React Router v6 -- 6.30.3
Remix v2 -- 2.17.2
Details, links, and package ranges are listed below
We recommend updating to the latest appropriate versions:
React Router v7 -- 7.12.0
React Router v6 -- 6.30.3
Remix v2 -- 2.17.2
Details, links, and package ranges are listed below
January 8, 2026 at 8:41 PM
We just published 6 CVEs identifying security vulnerabilities in React Router and Remix v2
We recommend updating to the latest appropriate versions:
React Router v7 -- 7.12.0
React Router v6 -- 6.30.3
Remix v2 -- 2.17.2
Details, links, and package ranges are listed below
We recommend updating to the latest appropriate versions:
React Router v7 -- 7.12.0
React Router v6 -- 6.30.3
Remix v2 -- 2.17.2
Details, links, and package ranges are listed below
They’re just straight up murdering people in broad daylight now
January 8, 2026 at 12:51 AM
They’re just straight up murdering people in broad daylight now
Reposted by Matt Brophy
"The Party told you to reject the evidence of your eyes and ears. It was their final, most essential command."
January 7, 2026 at 1:50 AM
"The Party told you to reject the evidence of your eyes and ears. It was their final, most essential command."
Reposted by Matt Brophy
It would be so cool if the United States Congress still existed.
January 4, 2026 at 5:04 AM
It would be so cool if the United States Congress still existed.
Been working in some prettier `semi: false` code for a bit and I'm surprised how much I don't notice/don't care
December 15, 2025 at 3:19 PM
Been working in some prettier `semi: false` code for a bit and I'm surprised how much I don't notice/don't care
Reposted by Matt Brophy
We found that the fix to address the DoS vulnerability in React Server Components (CVE-2025-55184) was incomplete and does not prevent an attack in a specific case.
This is disclosed as CVE-2025-67779. New patches are available now, please update immediately.
This is disclosed as CVE-2025-67779. New patches are available now, please update immediately.
December 12, 2025 at 12:04 AM
We found that the fix to address the DoS vulnerability in React Server Components (CVE-2025-55184) was incomplete and does not prevent an attack in a specific case.
This is disclosed as CVE-2025-67779. New patches are available now, please update immediately.
This is disclosed as CVE-2025-67779. New patches are available now, please update immediately.
Reposted by Matt Brophy
Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week.
These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.
These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.
December 11, 2025 at 8:51 PM
Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week.
These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.
These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.
I've heard folks express concern about React Router since the Remix 3 announcement
Some variation of "is it on hold?"/"is it a secondary focus?"/"will it stop getting features?" etc
No, No, and No 😀
To back it up, I thought I'd put together a little "React Router Wrapped" for 2025 🎄
Some variation of "is it on hold?"/"is it a secondary focus?"/"will it stop getting features?" etc
No, No, and No 😀
To back it up, I thought I'd put together a little "React Router Wrapped" for 2025 🎄
December 10, 2025 at 7:36 PM
I've heard folks express concern about React Router since the Remix 3 announcement
Some variation of "is it on hold?"/"is it a secondary focus?"/"will it stop getting features?" etc
No, No, and No 😀
To back it up, I thought I'd put together a little "React Router Wrapped" for 2025 🎄
Some variation of "is it on hold?"/"is it a secondary focus?"/"will it stop getting features?" etc
No, No, and No 😀
To back it up, I thought I'd put together a little "React Router Wrapped" for 2025 🎄
Reposted by Matt Brophy
The new fetcher.unstable_reset function is so nice
Previously, to accomplish this little UX I'd have to pull in useState and keep another state in sync.
Now I can just do this:
onChange={() => {
if (isSuccess) {
fetcher.unstable_reset();
}
}}
Thanks @brophdawg11.com
Previously, to accomplish this little UX I'd have to pull in useState and keep another state in sync.
Now I can just do this:
onChange={() => {
if (isSuccess) {
fetcher.unstable_reset();
}
}}
Thanks @brophdawg11.com
December 9, 2025 at 3:49 PM
The new fetcher.unstable_reset function is so nice
Previously, to accomplish this little UX I'd have to pull in useState and keep another state in sync.
Now I can just do this:
onChange={() => {
if (isSuccess) {
fetcher.unstable_reset();
}
}}
Thanks @brophdawg11.com
Previously, to accomplish this little UX I'd have to pull in useState and keep another state in sync.
Now I can just do this:
onChange={() => {
if (isSuccess) {
fetcher.unstable_reset();
}
}}
Thanks @brophdawg11.com
Reposted by Matt Brophy
We've open sourced the Remix Store, a real-world Shopify storefront built with React Router v7 and Hydrogen
remix.run/blog/oss-rem...
remix.run/blog/oss-rem...
Open Sourcing the Remix Store
We're open sourcing the Remix Store. A production-ready example for React Router developers and anyone building custom Shopify storefronts with Hydrogen.
remix.run
December 8, 2025 at 7:47 PM
We've open sourced the Remix Store, a real-world Shopify storefront built with React Router v7 and Hydrogen
remix.run/blog/oss-rem...
remix.run/blog/oss-rem...
Banger of a last sentence here
> Bradley told the lawmakers the drugs were eventually heading to Europe or Africa.
> Bradley told the lawmakers the drugs were eventually heading to Europe or Africa.
Admiral told lawmakers everyone on alleged drug boat was on a list of military targets
Adm. Frank Bradley said U.S. intelligence had identified the 11 people on the boat and determined the military was authorized to kill them as part of Trump’s campaign against alleged drug-smuggling ve...
www.nbcnews.com
December 8, 2025 at 3:14 PM
Banger of a last sentence here
> Bradley told the lawmakers the drugs were eventually heading to Europe or Africa.
> Bradley told the lawmakers the drugs were eventually heading to Europe or Africa.
Reposted by Matt Brophy
This is RSC-specific, and should be called out as such.
There's *tons* (the majority, I'd wager) of React sites that are completely unaffected by this. They should probably upgrade regardless, but for those that may not be in a position to do so, they might not need to freak out.
There's *tons* (the majority, I'd wager) of React sites that are completely unaffected by this. They should probably upgrade regardless, but for those that may not be in a position to do so, they might not need to freak out.
The original React2shell PoC is now public. This is as bad as it gets – full RCE. You must upgrade now. There are mitigations in place in CDNs including Cloudflare, Netlify, Vercel and AWS (and sites on Workers aren't vulnerable to this sort of attack), but there are variants in the wild now.
GitHub - lachlan2k/React2Shell-CVE-2025-55182-original-poc: Original Proof-of-Concept's for React2Shell CVE-2025-55182
Original Proof-of-Concept's for React2Shell CVE-2025-55182 - lachlan2k/React2Shell-CVE-2025-55182-original-poc
github.com
December 5, 2025 at 6:54 PM
This is RSC-specific, and should be called out as such.
There's *tons* (the majority, I'd wager) of React sites that are completely unaffected by this. They should probably upgrade regardless, but for those that may not be in a position to do so, they might not need to freak out.
There's *tons* (the majority, I'd wager) of React sites that are completely unaffected by this. They should probably upgrade regardless, but for those that may not be in a position to do so, they might not need to freak out.
Reposted by Matt Brophy
The changed code is a small fraction of an open source contribution. Your commitment to understand the issue, how your proposed solution fits with the project, and be ready to own and push the review process forward is the biggest chunk of the work. Your effort is the contribution, not the code.
December 5, 2025 at 9:58 AM
The changed code is a small fraction of an open source contribution. Your commitment to understand the issue, how your proposed solution fits with the project, and be ready to own and push the review process forward is the biggest chunk of the work. Your effort is the contribution, not the code.
Getting older means more and more manual/analog things in your life
☕️ Pour over coffee w/freshly ground beans
⏱️ Mechanical watches
🔉 Vinyl music
📓 Heck I'm even trying to use a handwritten daily notebook more
I wonder what's next?
☕️ Pour over coffee w/freshly ground beans
⏱️ Mechanical watches
🔉 Vinyl music
📓 Heck I'm even trying to use a handwritten daily notebook more
I wonder what's next?
December 5, 2025 at 2:39 PM
Getting older means more and more manual/analog things in your life
☕️ Pour over coffee w/freshly ground beans
⏱️ Mechanical watches
🔉 Vinyl music
📓 Heck I'm even trying to use a handwritten daily notebook more
I wonder what's next?
☕️ Pour over coffee w/freshly ground beans
⏱️ Mechanical watches
🔉 Vinyl music
📓 Heck I'm even trying to use a handwritten daily notebook more
I wonder what's next?
Reposted by Matt Brophy
After many long years, the most widely used React framework in the world has React Server Components support! And the migration story is iterative, not "big bang" 💥
I think React Router's take on RSC is really great. Read the article and watch the whole video here: www.epicreact.dev/react-router...
I think React Router's take on RSC is really great. Read the article and watch the whole video here: www.epicreact.dev/react-router...
December 1, 2025 at 4:06 PM
After many long years, the most widely used React framework in the world has React Server Components support! And the migration story is iterative, not "big bang" 💥
I think React Router's take on RSC is really great. Read the article and watch the whole video here: www.epicreact.dev/react-router...
I think React Router's take on RSC is really great. Read the article and watch the whole video here: www.epicreact.dev/react-router...
Reposted by Matt Brophy
November 24, 2025 at 3:49 PM
Improved React 19 Transition handling coming to React Router soon! the flag was merged yesterday so it' in our nightly release snow, should land in a stable in the next week or so.
reactrouter.com/dev/explanat...
reactrouter.com/dev/explanat...
React Transitions (dev branch)
reactrouter.com
November 21, 2025 at 7:52 PM
Improved React 19 Transition handling coming to React Router soon! the flag was merged yesterday so it' in our nightly release snow, should land in a stable in the next week or so.
reactrouter.com/dev/explanat...
reactrouter.com/dev/explanat...
Reposted by Matt Brophy
If your app needs to add these features maybe it's just not that great for people??? techcrunch.com/2025/11/18/t...
November 20, 2025 at 7:24 PM
If your app needs to add these features maybe it's just not that great for people??? techcrunch.com/2025/11/18/t...
@ricky.fm I'm a bit stumped on a transition/useOptimistic thing (let me know if you'd prefer a GH issue!)
Been making sure RR plays nice with async transitions via useOptimistic and ran into an odd quirk with history.go/popstate that I can't quite figure out:
stackblitz.com/edit/github-...
Been making sure RR plays nice with async transitions via useOptimistic and ran into an odd quirk with history.go/popstate that I can't quite figure out:
stackblitz.com/edit/github-...
Brophdawg11 - Minimal Rrv7 Lib Template - StackBlitz
Minimal react Router v7 template using Data mode
stackblitz.com
November 17, 2025 at 10:07 PM
@ricky.fm I'm a bit stumped on a transition/useOptimistic thing (let me know if you'd prefer a GH issue!)
Been making sure RR plays nice with async transitions via useOptimistic and ran into an odd quirk with history.go/popstate that I can't quite figure out:
stackblitz.com/edit/github-...
Been making sure RR plays nice with async transitions via useOptimistic and ran into an odd quirk with history.go/popstate that I can't quite figure out:
stackblitz.com/edit/github-...
Reproductions should be in as few files as possible. So much easier for the maintainer to grok the issue without having to jump between a bunch of different files.
November 17, 2025 at 4:08 PM
Reproductions should be in as few files as possible. So much easier for the maintainer to grok the issue without having to jump between a bunch of different files.
This sounds interesting
🤔 What if there were a conference without talks? Just hanging out with OSS maintainers & builders, seeing what they’re working on, and learning cool stuff by actually talking to people.
🤯 What if hallway track turned into the whole event!
💡 @tannerlinsley.com is exploring it. Interested? ⬇️
🤯 What if hallway track turned into the whole event!
💡 @tannerlinsley.com is exploring it. Interested? ⬇️
Web Forge Conf - A new kind of web developer conference
A community funded, not for profit event built for creators and the developers who use their work. Less stage. More story. All signal.
webforgeconf.com
November 14, 2025 at 3:29 PM
This sounds interesting
Reposted by Matt Brophy
Did you see that? Browser Mode in Vitest just went stable!
No better time to start testing your React components in the real browser. Learn more here: react-component-testing-with-vitest.epicweb.dev
No better time to start testing your React components in the real browser. Learn more here: react-component-testing-with-vitest.epicweb.dev
October 22, 2025 at 4:21 PM
Did you see that? Browser Mode in Vitest just went stable!
No better time to start testing your React components in the real browser. Learn more here: react-component-testing-with-vitest.epicweb.dev
No better time to start testing your React components in the real browser. Learn more here: react-component-testing-with-vitest.epicweb.dev
Coming soon to a React Router near you - (unstable) instrumentation APIs!
Great for logging, perf tracing, OTEL, and more.
reactrouter.com/dev/how-to/i...
Great for logging, perf tracing, OTEL, and more.
reactrouter.com/dev/how-to/i...
Instrumentation (dev branch)
reactrouter.com
October 22, 2025 at 6:14 PM
Coming soon to a React Router near you - (unstable) instrumentation APIs!
Great for logging, perf tracing, OTEL, and more.
reactrouter.com/dev/how-to/i...
Great for logging, perf tracing, OTEL, and more.
reactrouter.com/dev/how-to/i...
💯 Great write up. This mimics a lot of what I do when trying to repro bugs. Trimming away surrounding "fluff" is a skill and hugely beneficial when reproducing bugs.
i wrote about how to fix any bug
How to Fix Any Bug — overreacted
The joys of vibecoding.
overreacted.io
October 21, 2025 at 2:19 PM
💯 Great write up. This mimics a lot of what I do when trying to repro bugs. Trimming away surrounding "fluff" is a skill and hugely beneficial when reproducing bugs.