Oleg Drapeza

SSR applications at scale - notion.so/superoleg39/SS… - Static Site Generation - Rendering at the Edge - Microservices - Code optimization - Component caching - Request Caching - Rate Limiting - Fallback page cache - Client-side rendering fallback - Clustering and Workers

@rickyfm @jantimon @jherr I get it, so Intersection Observer is not necessarily because of smart selective hydration, and everything other from this list is achievable with React 19 API 's May I ask you about possible loadable replacement, what we can do to combine Suspense+use+Lazy, but preload CSS?

@ODrapeza @jantimon @jherr Yes, and that article has a good explanation of the solution I'm describing:

Deferred Hydration is a huge for performance, and it's only (AFAIK) on TanStack.

@rickyfm @jacobrask Big part of the problem - this heavy Footer component loading/parsing/compilation time (and also React tree construction aks createElelement calls as I understand how it works)

@ODrapeza @jacobrask Right, that's why React defers the hydration by default. It will hydrate whenever there's free time on the CPU to hydrate, without blocking anything else, and ideally with plenty of time before the user interacts with it.

This is a React feature btw, not framework specific. If you suspend during hydration React pauses hydration until you unsuspend. Tanstack is just wrapping the React feature in an API. <Hydrate> adds a suspense boundary, and suspends: use(props.gate.promise)

@rickyfm @jantimon @jherr Without RSC, in SSR React applications, how can we improve application load performance, if for some part of the page we don't need to add interactivity (load JS then hydrate) before visibility? This article have a good problem explanation - wix.engineering/post/40-faster…

@jantimon @jherr Probably doesn’t matter to tanstack since they have their own API for this feature (which doesn’t work with other react features like useOptimistic). But idk if it’s good to need to learn all these bespoke framework APIs to do things React already supports natively better.

@rickyfm @jacobrask Footer is a perfect example, because links list often dynamic and footer can have A/B test and experiments. Delayed hydration with lazy footer JS import (and loadable for SSR) can give a huge performance win. Only problem is that CSS can't be delayed.

@jacobrask It’s also funny because the best answer there is to not need to hydrate static content at all, which RSCs give you. My mentions are full of both “how do I do this” and “why do I want RSCs”

Also built reactive-framework-test-suite — 180 test cases for reactive signal semantics across 13 libraries. PRs welcome to add more frameworks or test cases. github.com/johnsoncodehk/…

@matteocollina Thanks for the insightful thread! I wish only we could find all of this information in official node.js documentation 🙏

Everyone setting --max-old-space-size in Kubernetes is doing it wrong. Here's why your Node.js app keeps getting OOMKilled despite your "careful" heap tuning 🧵

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

@platformatic @matteocollina Hi! One question prevent me today from sleep - how with Watt, or in general with worker_threads, share any in-memory caches between, like lru-cache? Just can't get how to effectively solve concurrency and serialization costs...

@woodywoodsta @matteocollina Yep, especially with the streaming API, example - #issuecomment-1085086649" target="_blank" rel="nofollow noopener">github.com/facebook/react…

@matteocollina @ODrapeza The compression middleware would crush CPU-bound performance.

We benchmarked TanStack Start, React Router, and Next.js running the exact same eCommerce app at 1,000 req/s on AWS EKS. The results were eye-opening.

@ryanflorence @matteocollina SSR in meta-frameworks is mostly React rendering API and choosen http server request handling, this is baseline in React ecosystem when we're measuring CPU working time. Anything other - is framework-specific features and some unnecessary work. To do less - always a good job)

@matteocollina Like, is this what it looked like when you first ran it? Because if so I want to congratulate our team on an insanely job well done.

My takeaway from the thread. You can use React Router without needing to reach out to the team to fix bottlenecks. 😏

@matteocollina @platformatic Remember this SSR benchmark and how Marko is outclassed everybody 😅 #ssr-times" target="_blank" rel="nofollow noopener">github.com/BuilderIO/fram…

@platformatic Full benchmark data, flamegraphs, and reproducible infrastructure are open source. You can run these benchmarks yourself on your own AWS account. Blog post: blog.platformatic.dev/react-ssr-fram…

.@nodejs has always been about I/O. Streams, buffers, sockets, files. But there's a gap that has bugged me for years: you can't virtualize the filesystem. You can't import a module that only exists in memory. You can't bundle assets into a Single Executable without patching half the standard library. That changes now 👇

@sapphi_red vite.dev/blog/announcin…

we've just released Nuxt 4.4! it brings: 🏭 custom useFetch/useAsyncData factories 🗺️ vue-router v5 💪 typed layout props 🗣️ `useAnnouncer` for screen readers ⚡ 28x faster route generation with `unrouting` 🍫 smarter payload handling for cached routes 📊 build profiling 👉 read more at nuxt.com/blog/v4-4

Astro 6 is here! We completely rebuilt the Astro dev server and build pipeline onto a new, more powerful runtime-agnostic architecture. Plus: New Fonts API, CSP support, an experimental new Rust compiler, and more... astro.build/blog/astro-6/?…

The Release Candidate for TypeScript 6.0 is now available! Read up on what's coming up with 6.0 & 7.0, and try it out on your codebase today! devblogs.microsoft.com/typescript/ann…