47 comments

[ 2.9 ms ] story [ 101 ms ] thread
Tangentially, who else misses the time when React was just a side project by FB? Increasingly it seems to be led by Vercel who makes profit from React-based solutions.
what do you miss about that? prehooks world was horrible and Nextjs has no vendor lock
lol pre hooks world was fine. Hooks are great but react took over the world because of the clarity of class component lifecycles. If hooks were there from the start it wouldn’t have been as popular.

Also Vercel/NextJS is like if DHH was charging people to use Rails. We are in the “enshittification” part of react development.

>because of the clarity of class component lifecycles.

is this satire?

Ah, the clarity of useEffect(() => { return () => { handleUnmount() } }, [])! How did they manage to live with the ugly componentWillUnmount() { handleUnmount() } for all those years?

(By the way, don't forget that [] or it does a completely different thing that you never want.)

useEffect is the biggest source of bugs in any react codebase bar none
I started off with hooks and started learning about class components just to clear interviews and damn it provides clarity of when, how components are gonna re-render. If you can get past the HOC hell hole and the "this.add = this.add.bind(this)". I felt it made it very clear how and in what order things run. Its definitely true when OP said if things did not get so clear with class components we would never have gotten hooks.
> I felt it made it very clear how and in what order things run.

I'm sorry, the entire community rallied around hooks PRECISELY because the life cycle methods were not clear and were very problematic.

It seems extremely strange to see such opinions.

When you see a hook you know exactly when it's going to execute and why and because of what. You don't have to layer the methods with tons of checks making sure the life cycle method has been run in the right context, it literally just works.

Hooks gained momentum because of advantages in composability and removing a lot of pain with HOCs. Brevity also helped. The obfuscation about re-renders and memoization of variables is absolutely a downside that I see junior devs really struggle with all the time — something that “just works” with class components.

Anyway, both are fine and usable haha. Just think there are arguments to be made on both sides.

For what it’s worth there is a babel plugin to auto bind arrow functions as methods so you never have to do this.
No. Hooks have their advantages over classes, but readability is not one of them, by far.
> Nextjs has no vendor lock

It's complicated. If you want the vercel like experience of deploying to a serverless environment it's not as trivial. There is a reason that open-next exists.

It's actually not that hard to be honest, their Docker examples are pretty good and well accessible from the documentation. Where have you gotten stuck?
Despite a few shuffles in employment, it’s many of the same people.
If React powers your dev platform then you may not want React to be particularly powerful and easy to use. Otherwise some people will just use React directly and other people will build their platforms on top of React and undercut your platform. Financial incentives are a powerful thing
If Meta wanted to, they could've expanded it themselves. They didn't, hence all these other companies.

Between MUI and Next and RTK-query, IMO, React is finally approaching something usable and complete.

Not a React fanboy. I loved Angular v1, in fact. Just hate how minimalist and useless vanilla React was.

Edit: And maybe this is a problem of scale too. At Meta's size or similar, React is just one component and one team that works alongside dozens of others to deliver a working product. But when they open source it, smaller companies and individuals also try to use it but without Meta's scale and resources. And they inevitably find it lacking because they don't have whole teams working on the rest of the problem (like basic routing, which Meta handles in their derivative of PHP, I think?) , so they have to hope someone else (like react router) solved that problem in a drop-in way. That's why Next is so magical for small and medium businesses; they do a lot of that curation and infra building for you, for a reasonable fee.

I definitely don't. IMO Next/Vercel is a better steward of React than FB was, and turned it into an actual framework usable for a site, not just a UI lib that took ten thousand other libs to make a website out of. The React world is quickly standardizing around Next as most of its stack (maybe with a state manager thrown in if useContext isn't enough) and that makes life a hell lot easier.

And being a Vercel customer has been wonderful. Their systems are so much nicer to work with than legacy web stacks/VMs/containers, or trying to hook something up in PHP or Java. The dev ex is awesome, being able to `create-next-app` and deploy to Vercel in like 3 minutes.

100% agreed
I dont disagree but isn't this the point of their strategy? I.e. lure everyone in to only vendor lock-in later on?
yeah probably, even if the current team doesnt want that, a board member or future executive will push for it and do it

currently, deploying on vercel is so easy and the project structure works on any other compute instance that migrating away will be easy too, and breaking versions of Next or NextAuth can just not be used

How is this much different from being locked in to AWS or Docker Desktop or Oracle's Java or MySQL or WordPress or Cloudflare or OpenAI?

Vercel is a business with a very good value proposition. And Next is open source with a huge community. It's not perfect, and Vercel isn't perfect, but among its peers (the web industry) it stands out to me as one of the two companies I'd trust to steward the future of the web (the other being Cloudflare). Way way way more so than Meta or Google, because at the end of the day at least these companies are selling good web hosting, not shitty advertising, and aren't run by total dicks either.

Do I wish they were nonprofits with shared governance? Yeah, maybe. But short of that, their track record has actually been incredible.

The web is still immature enough (surprising, I know) that new companies and technologies rise and fall all the time. Today's vendor lock-in is tomorrow's opportunity for another young upstart, the same way Next was to React, the way React was to Angular, the way Angular was to the frameworks before it. I'm not too worried.

It doesn't make sense to be afraid of Next when it's really just repackaged cloud hosting in a very shiny wrapper. They resell AWS and GCP and Cloudflare infra at a markup but make it much much easier to use. It's a win win for everyone as far as I can tell.

Next.js is a vendor lock-in worlf in sheep's open source clothing and few recognize this. they've fully captured the bootcamp, self-educate crowd.
What isn't? Android, iOS,. NET, Java,MySQL, AWS, Azure, GCP, Cloudflare, Nginx, Slack, Docker Desktop, Kubernetes, Chrome, Typescript, VSCode, the entire web is built off vendor lock-in.
A whole lot isn't. Django, Node, Electron, Caddy etc. Everything that companies open source that isn't monetized (like DraftJS, Gerrit). And don't forget Linux on which the entire web and all the commercial stuff you mentioned runs.
How does Remix fit into this?
Next saw it as a significant threat and copied some of their ideas, I believe.
> Employees can easily access the user's data and impersonate any account

At every decent sized company I've worked for, topics like production data privileges, data classification (public, sensitive, confidential, etc.), data masking, and data anonymization for testing have been top priorities. And these policies are sometimes a true pain in the ass for developers, but they exist for a good reason.

I guess you shouldn't miss the timing to go from "move fast and break things" to "ok we're now a serious business".

And the secret they don't tell you is that at least some employees still need to have that access even at the largest companies. People working on the storage team probably can access the data whenever they like (although it's against company policies) and while there are probably access logs to ensure trace who accessed what, the employees still have and need the access to perform their job duties.
Absolutely, humans are still the weakest link
Being a "serious business" is very, very hard, because the world is hellbent to assign blame. Even most big business are not serious businesses in this sense (look at the cases that, to this day, are being brought to and won against big tech). In most cases, the outfall is relatively manageable. If you are less lucky, it won't be.

Having run a couple of businesses and feeling the pain I still don't see how to better the situation. It's good that businesses are put under pressure, because if they are not, bad actors would run wild. It is bad that running any business, at least to me, feels like navigating a minefield, and good actors are negatively impacted by that disproportionally.

Personally, I have come to accept that, no matter how hard you can reasonably try, with any business and at any given moment, there is a number of things that if somebody looked very closely, that would probably raise some red flags, because the cost of safeguarding against all of them is infinite.

This is really concerning.

This combined with their marketing strategy of copying popular indie products and turning them into NextJS templates creates paranoia in the minds of builders who trust Vercel with their codebases, analytics, and often even their data (via Vercel's storage products).

It seems that an enterprising Vercel employee has a goldmine of data to help inform their next "side project".

If you self host a NextJS app and vercel copies your product can you sue them ?
They won't have access to your private project info (code, analytics, data etc.) if you don't host on their platform. NextJS itself is an open source framework.

Suing for copying your product is tricky. In general I wouldn't rely on courts to protect your product IP. Execution is the only real moat. Any good product will have many copycats and competitors.

Isn't this like the 5th or 6th time Vercel accessed private information from customers to launch a competitive service and/or shutdown the customer?

Is there some tech incubator clause buried in their TOS and this is all okay?

Outch. What services comes to your mind?
In my experience at early stages of a company data ACLs are often the last priority for companies. People are rewarded for shipping things that can get a mention in company's next board deck, and "added ACLs to our Postgres" never got a mention in a board deck.

I am sure a half motivated employee at your favorite cab service could see which addresses you frequently commuted to in first few years of that service's existence

There were stories that at Uber events they had a big screen and shared that info publicly of various celebrities.
Add it to the long list of evidence that Vercel is a shady af company who shouldn’t be trusted.
Curious, what are the other evidences?
I mean it could be argued that a core part of their business model seems to be based on tricking people and locking them into terrible deals.
Vercel is rapidly turning into a scourge in the open source world. Their strong coupling to React is also worrying, they are already trying to influence future React features for their NextJS framework.
This was only one part of the story?

1. Vercel shipping Indie hackers projects ( their customers) as "app templates" as a host, for marketing purpose

https://twitter.com/nico_jeannen/status/1712749652133683632?...

2. The mentioned infringement of a Vercel employee, mentioned here ( he seems to be fired)

https://twitter.com/nico_jeannen/status/1713139186474406206?...

3. Very broad ToS -> Vercel may delete your app for no reason at all

https://twitter.com/bk_7312/status/1713197808264839479?t=h1T...

Well, I already don't like vercel and just sign up to test couple of things. But after I read this, I am going to delete my test account.
> The employee did not have access to any source code, secrets, or the ability to change settings or deployments.

We are talking about an employee who has access to the customers personal information as part of their job doing something unethical.

I would be extremely surprised if Vercel didn't have industry systems and practices in place for security.

This is an edge case which can only be avoided by building Google-esque systems and practices. I don't think you guys really understand what your asking for here.

This will cripple them in so many ways, it makes so much more sense delay it as long as possible. Not because they can save a bit of money, but because they UX will fall of a cliff, feature velocity will ground to a halt and the product will drift further away from stuff we really want.