TanStack Creator Tanner Linsley's 'Redact' Project Dramatically Shrinks React, New Critical Vulnerabilities Emerge, and React Doctor v2 Launched

midudev
#react #performance #security #developer-tools #tanstack

TanStack creator Tanner Linsley has unveiled “Redact,” an experimental project that “projects” React to drastically reduce its bundle size and improve performance. Motivated by React 19’s 60KB gzipped client-side footprint, Linsley developed Redact by surgically removing or simplifying core React functionalities unnecessary for his TanStack Start framework, while meticulously maintaining the public React API. This innovative approach resulted in an astonishing 80-85% smaller client-side bundle (down to 9.39KB for a full projection, and 7KB for a nano version, compared to React 19’s 60KB), an 18% speed increase, and significant Lighthouse score improvements, including up to one-third less JavaScript payload. Redact, which passes over 700 React tests including React Server Components, is not positioned as a React alternative but rather a demonstration of “projecting dependencies” to tailor libraries to specific application needs, hinting at a future of modular, customized JavaScript frameworks. Linsley currently uses Redact in production on his blog and the TanStack website.

In parallel, the React ecosystem faces new security concerns as Cloudflare and Vercel have identified critical vulnerabilities. These include Denial of Service (DoS) flaws via prefetching (CVSS 7.5) and middleware bypass exploits (CVSS 7.5) that could lead to unauthorized access. Developers are strongly advised to update React, React Server DOM, Webpack, Parcel, Turbo Pack, and Next.js to their latest versions immediately, as some of these issues cannot be mitigated by firewalls. This development prompts discussion on the complexity of modern frameworks and potential security trade-offs. Additionally, the open-source community gains a valuable tool with the release of React Doctor v2. This free utility scans React, Next.js, Vite, and React Native projects, providing actionable suggestions, errors, and warnings to enhance code quality and performance, complete with a project scoring system.