What up nerds! I'm Jared and this is Change Log News for the week of Monday, October 30th, 2023. Move over T-Swift, Change Log beats logged over 5,000 streams in our first week as an artist. That's good, right? Is that good? I don't know. I don't know. I'm not an artist. We could just get one of our tracks into a viral TikTok dance challenge. Woo! We could quit our day jobs. But, if I wouldn't. Anyways, we'll be at Qcon North American as week.
No booth this time around, so you'll have to reach out to meet up or hope you run into us wandering the hallways like everyone else. Okay, let's get into the news, which admittedly is WebDebHeavy this week. The hub hub of the WebDeb world right now is next JS's integration of React server components, specifically the Use server directive, which lets you write React components that run SQL queries and presumably other server site things. People's gut reaction to this has been all over the map.
Maybe it sounds super powerful and expressive to you. Maybe it sounds super dangerous and sloppy. Me, it reminds me a lot of the index.php files we wrote at the turn of the century, which isn't something I want in my life anymore. But I'm withholding judgment until I see more. In the wake of this divisive news came criticism and a claim for next JS itself, even though it is the React team enabling and promoting the behavior, which leads us to our next headlines.
Kent C. Dodds is a remix guy, so it's not a surprise that he prefers it over next. But he gets asked a lot why he prefers it, so he wrote down his reasonings with the following disclaimer. Quote, I like to focus most of my time and attention on the positive side of software development. I would much rather write a post titled Why I Use Remix and written about the things I love about remix. I've already done this.
But a lot of people have asked me specifically about next JS and this post is for them. I'm not here to bash on next JS. I'm just here to add an honest take of my personal perception and experience with next JS. If you'd rather not hear negative things about next, then I invite you to stop reading now, go outside and touch some grass. End quote. I'll give you the bullet points and you can click through for the full explanations if interested.
Next JS doesn't always use or promote the web platform. Next JS is attached to Versailles, both Dev and Easy Deploy. Next JS is Eating React. Next JS has too much magic. Next JS is eating overly complex. And next JS favors features over stability. In response to Kent's post, Lee Robinson, who is the vice president of DX at Versailles, makes the case for next JS with the following disclaimer. So Kent is an incredible member of the React community.
I've learned a lot from him over the years, especially his material on testing. And this blog actually uses a library he created, MDX Bundler. So thank you. If you're new here, I'm Lee. I work on next JS. I've also made some courses about using next JS before I joined Versailles. Both Kent and I are passionate about the tools we use. I'm often asked about my opinions on next versus other frameworks.
This post is for the folks in the next JS community who are wondering about some of the points Kent brings up. End quote. Once again, I'll give you his bullet points and you can click through for the full explainers if interested. Learning next JS helps you learn the web platform. All next JS features work self-hosted. Server components and server actions are independent of Versailles. The React Canary channel is stable for frameworks like next JS to adopt.
And server components are production ready. To intelligent guys explaining their positions in great detail, both posts are worth a read so you can make informed decisions of your own. It's now time for sponsored news. Socket Security ForgetHub protects your apps from those dreaded supply chain attacks right where you live. Whenever a new dependency is added in a pull request, Socket analyzes the package's behavior and security risk. The best part, Socket is quick and easy to install.
Simply install the official GitHub app from the marketplace, choose the repos you wanted to protect, and Socket will automatically analyze your project and keep you secure. But don't take our word for it, check it out for yourself using the link in your show notes and chapter data. Thanks once again to Forross and our friends at Socket for sponsoring this week on Change Log News.
The NixOS team has successfully performed a reproducible build of a all packages that make it into the ISO and be the building of the ISO itself. This is progress from their 2021 announcement which only had reproduced the individual packages. Why are reproducible builds important?
Quote while there are a number of side benefits, the main point of reproducible builds is that it gives us a reliable way to verify the binaries we ship are faithful to their sources and have not been tampered with anywhere in the build pipeline. They still haven't arrived at the promised land yet.
There's a lot more to do to reap the benefits of reproducibility, such as removing a few hacks they put into achieve this, making more packages reproducible, setting up infrastructure so they can regularly independently rebuild artifacts and more. But big progress, exciting stuff. OpenSign is a project by OpenSign Labs with a mission to democratize the eSigning process, making it acceptable and straightforward for everyone.
The easiest way to think about OpenSign is a free and open source alternative to DocuSign. The software currently features secure signing, a user friendly interface, audit trails, and API for integration into other software and services. Hosted yourself as a React, Node, and MongoDB app, or opt for their Cloud Hosted version. That's the news for now, but we have some great pods coming up for you this week.
On Tuesday, Fleebo, Valzoda, and Roland Shoemaker from the Go team talk cryptography libraries on Go time. On Wednesday, Gene Yong from Postman joins Adam and I for a deep dive on API observability. Thursday brings Valerie Phoenix from Tech by Choice to JS Party, and on Friday, we sit down with the mysterious break master cylinder on Change Login Friends. Have a great week, tell your friends about Change Log news if you dig it, and I'll talk you again real soon.