React and React Native Ecosystem: Security, UI Developments, and Platform Updates

The React ecosystem has recently faced challenges with developers needing to update React versions to patch new vulnerabilities. This highlights the critical importance of prioritizing security during development and testing. React Native has largely remained unaffected by these specific threats, primarily because Server Components are not yet widely adopted in mobile environments.

Internationalizing Next.js Applications

With Next.js 16 recently released, now is an ideal time to streamline i18n setups and leverage them for competitive advantage. The resource at learn.next-intl.dev outlines practical patterns for effective localization, covering:

• I18n beyond translations: Understanding the components of a truly localized experience.
• Scalable Architecture: Proper handling of routing, locales, time zones, and currencies.
• Comprehensive Approach: Backend integration, CMS, SEO, development tooling, and AI translations.

React Ecosystem Updates

Denial of Service and Source Code Exposure in React Server Components

The React ecosystem recently addressed new vulnerabilities. While less severe than previous Remote Code Execution flaws, these issues remain critical, necessitating an upgrade to React 19. Both vulnerabilities are linked to React Server Components (RSC) and Server Actions.

• The first, identified as CVE-2025-55184, is a denial-of-service vulnerability. It allows attackers to crash a server by sending a payload with a cyclical reference within the React Flight Protocol, leading to an indefinite loop and server timeout.
• The second, CVE-2025-55183, involves potential code exposure. Insufficient user input validation can, under specific circumstances, lead to the leakage of implementation source code.

Maintainers promptly released patches, including React 19.2.3, Next.js 16.0.10, and Vercel/SWR 2.3.8.

Additional resources on these React vulnerabilities:

• Next.js Security Update – The necessary steps to secure your Next.js app against all the recent vulnerabilities.
• Ankita Kulkarni - 2 More React Security Issues
• Shruti Kapoor - React RCE Attack Explained - Critical Vulnerability CVSS 10.0
• Theo - The latest React vulnerabilities explained
• Wes Bos - I’m gonna crash out (react2shell vulnerability)
• PodRocket - React got hacked with David Mytton

React Server Components Explorer

The recent security discussions have intensified interest in the inner workings of React Server Components (RSC). In response, Dan Abramov introduced RSC Explorer, an interactive tool designed to visualize the wire format and aid in understanding the RSC mental model.

Base UI 1.0 Stable Release

Base UI 1.0 has reached stable release, marking the official debut of unstyled primitives from the creators of Radix UI, Floating UI, and MUI. This is a notable addition to the "headless" component ecosystem, providing an alternative to libraries like Radix UI or React Aria. Notably, all shadcn/ui components have already been refactored to support Base UI.

Further React Developments and Tools

• Next.js 16 Route Handlers Explained: 3 Advanced Use Cases
• Storybook Security Advisory - CVE-2025-68429: A security concern where .env variables can be inadvertently exposed when publishing Storybook v7+ to the web.
• Brand new React Aria documentation with interactive examples.
• Intro to performance of React Server Components: A thorough analysis of how RSC can enhance page load times by offloading data fetching and rendering to the server, alongside a discussion of architectural trade-offs.
• How AI Coding Agents Hid a Timebomb in Our App: A narrative detailing an infinite recursion bug that remained hidden due to the use of the new <Activity> component, operating in the background.
• React Compiler’s Silent Failures (And How to Fix Them): Discusses how the React Compiler fails silently when unable to compile a component. The author discovered a private ESLint rule, react-hooks/todo, which enables fail-fast behavior for patterns not yet supported by the Compiler.
• Driving 3D scenes in Blender with React: Explores a custom React reconciler that translates React operations into Python commands for interaction with the Blender API.
• shadcn 3.6 - npx shadcn create: A new CLI tool allowing users to create customized shadcn component libraries, supporting both Radix UI and Base UI. Theo also released a video about this if you want to learn more about what has changed.
• TanStack Start 1.141 - Vue Start: Following React and Solid support, TanStack Start now includes Vue, positioning itself as a framework-agnostic meta-framework.
• React Router 7.11: Features vite preview support, a stabilized onError API, and a new unstable_defaultShouldRevalidate opt-out API.
• Format.JS for React: Multiple releases introducing breaking changes and a conversion to ESM.
• Recharts 3.6: Adds a new BarStack component and support for ranged stacked BarChart.
• React Grid Layout 2.1: Offers support for large-scale layouts and custom constraints, testable in the interactive docs’ showcase.
• Slot JSX: A custom JSX pragma designed to power asChild or render function prop patterns.
• PodRocket - TanStack, TanStack Start, and what’s coming next with Tanner Linsley.

React Native in VR Development

Developing for VR with React Native necessitates an adaptive-layout mindset, moving beyond fixed viewports to flexible, resizable user windows. An article by Jan Jaworski from Callstack details how to safely integrate mobile experience patterns into VR, highlighting areas where existing patterns map well and where rethinking typography, spacing, accessibility, and interaction models is essential.

A step-by-step React Native VR series covers:

• Get Started With Expo on Meta Quest
• Use Expo Libraries on Horizon OS: A Guide to Compatibility
• How to Release a React Native App on the Meta Horizon Store
• And more related topics.

React Native Ecosystem

State of React Native Survey

The State of React Native survey is now open for participation. This year's survey has been streamlined to specifically focus on React Native aspects, avoiding overlap with the broader State of React survey. Your input is crucial for core maintainers and library authors to prioritize future development efforts.

React Native Updates and Tools

• React Navigation 8.0: Upcoming v8 alpha is anticipated to include improved TypeScript types, native Bottom Tabs by default, access to parent screen parameters, and a new pushParams() API.
• React Native RFC - iOS Migration to SceneDelegate: A proposal to adopt iOS UIScene lifecycle APIs, moving away from AppDelegate.
• Expo UI: A sneak peek reveals Live Activities and Widgets coming with SDK 55.
• Official Hermes Team Blog: A structured GitHub repository now compiles articles on Hermes, offering insights into Hermes internals and JSI. Recent content includes Tzvetan Mikov explaining how JSI extensions facilitate contributions to the Hermes engine.
• Implementing iOS Widgets in Expo Apps: A case study on utilizing Swift UI Widgets with Expo to deliver subtle, low-friction content to users, aligning with Expo’s efforts to integrate Widgets for Expo UI components.
• Debug Like a Senior - React Native Performance Panel: This article details the features of the new Performance Panel in React DevTools, which addresses previous difficulties in JS performance profiling for React Native, enhancing the developer experience.
• Latest React Native DevTools without Upgrading: A workaround allowing the use of the new Performance profiler even with older React Native project versions.
• Expo Supports Maestro Cloud Testing: Maestro is gaining traction as a reliable mobile application testing solution, and Expo now integrates it into CI workflows.
• No JavaScript Minification in React Native Apps: Thanks to Hermes, minifying JavaScript code in React Native applications is often unnecessary.
• AI-powered Code Reviews for Expo Projects: Integration of CodeRabbit offers AI-driven code reviews for Expo projects.
• Screens 4.19: Adds support for iOS bottomAccessory in native tabs and provides enhanced bottom tab bar customization on Android.
• Radon IDE 1.14: Features React Native 0.83 support, Radon AI capabilities, and improvements to its Network Inspector.
• True Sheet 3.4: Introduces a custom dim view with smooth interpolation.
• Pager View 8.0: Underwent a full rewrite in Swift UI.
• Zoom Grid: A zoomable grid component built on Shopify FlashList.
• Nitro MLX 0.1: Enables running Large Language Models (LLMs) on-device in React Native using MLX Swift.
• Nitro Markdown: A high-performance Markdown parser leveraging Nitro and md4c (C++).
• Software Mansion - A Deep Dive into Shared Element Transitions (Reanimated 4.2).
• Code with Beto - What’s new in React Native 0.83, React 19.2, new DevTools features.
• Expo - How to add native iOS Widgets to your Expo app (SwiftUI + Expo Apple Targets).
• Rocket Ship 87 - React Native 0.83, Security Vulnerability, Faster Builds, Expo Router Sneak.
• RNR 349 - How 2025 changed the React Native job market.

General Web Development and Browser Updates

• CSS Scroll-Triggered Animations: A new version of Chrome in 2026 will introduce CSS-definable scroll-triggered animations.
• State of HTML 2025 - Survey results.
• Why are my view transitions blinking?: A detailed examination of the view-transition-name CSS property.
• Symbol.iterator Is Pretty Neat, Actually: An interesting application demonstrating how gaining control over the spread operator can enhance developer experience.
• Safari 26.2: A significant release featuring commandfor, the Navigation API, Map Upsert, auto-expanding textareas, scrollbar-color, and more. This release notably brings cross-browser support for the Navigation API.
• Node 24.12 - Type Stripping Stable: TypeScript support is now officially stable in Node LTS.