react
Safeguard articles tagged "react" — guides, analysis, and best practices for software supply chain and application security.
8 articles
React and TypeScript security best practices for 2026
A 2025 npm phishing attack hit packages with 2.6 billion weekly downloads. Here's how React and TypeScript teams reduce XSS, API, and dependency risk.
XSS defaults and escape hatches: React, Vue, and Angular compared
All three major frameworks escape output by default, but each ships a named escape hatch that turns raw HTML back on — and only one sanitizes it automatically.
Inside CVE-2025-55182: the React Server Components RCE and how to defend against it
A CVSS 10.0 pre-auth RCE in React Server Components, exploited within 48 hours of disclosure — how the deserialization flaw works and how to mitigate it.
Secure conditional rendering in React and Next.js Server Components
A CVSS 10.0 React Server Components flaw, patched in December 2025, shows why {isAdmin && <Panel/>} isn't access control — the data ships to the client either way.
Next.js Supply Chain Security Hardening
Next.js pulls hundreds of transitive dependencies into production bundles, and the middleware auth bypass of March 2025 showed how a single framework CVE cascades across every App Router deployment. Here is the hardening playbook for 2024 and beyond.
Next.js Security Hardening Guide
Harden your Next.js application with secure headers, API route protection, and server component safety practices.
Remix Framework Security Deep Dive
Remix's server-first architecture and loader/action primitives make for a distinctive security model. The framework encourages good patterns, but the places where it leaves choices to the developer are where I find the interesting bugs.
React Application Security Guide
Securing React applications from XSS, dependency vulnerabilities, and common frontend attack patterns.