from Hacker News

Know this before choosing Next.js

by ronbenton on 3/25/25, 8:42 PM with 1 comments

  • by mxhold on 3/25/25, 10:11 PM

    I really appreciate this post. I've always been a little uneasy about Vercel after trying to self-host Next.js on a VPS and running into a few of the little traps they seem to have set to nudge you into hosting on their platform instead. I get they have to pay the bills somehow but it does feel a bit risky to bet on their goodwill long-term.

    The way they've handled this vulnerability has made me even more uneasy.

    Vercel's initial framing of their Firewall as having "proactively protect[ed]" their customers definitely leaves a bad taste.

    This, plus the delay in notifying other platforms, reveals a conflict of interest I had not previously considered: is Vercel actually less motivated to prevent such vulnerabilities from being introduced to Next.js in the future because they can roll out mitigations on their own platform before public disclosure and then say "well you wouldn't have been affected if you used us for hosting :)"?