[B! JavaScript] YassLabã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

YassLab id:YassLab

JavaScriptã«é–¢ã™ã‚‹YassLabã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (70)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

Which Programming Language Is Best for Claude Code?
YassLab 2026/03/05
â€œDoesn't lack of types mean more bugs? -- Possibly... type errors are among the easiest bugs to detect and fix. If an agent frequently introduced type errors without a type checker, it would likely introduce logic bugs at a similar rate â€” at which point the problem goes beyond type checking.â€

Stats

AI

Claude

LLM

Ruby

JavaScript

TypeScript

Type

Python
ãƒªãƒ³ã‚¯
Claude Code ã«å‘ã„ã¦ã„ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªž
ã‚¿ãƒ¼ãƒ³æ•°ã¨ã¯ã€1 å›žã®ãƒ—ãƒãƒ³ãƒ—ãƒˆå®Ÿè¡Œä¸ã« Claude ãŒä½•å›ž API ãƒ©ã‚¦ãƒ³ãƒ‰ãƒˆãƒªãƒƒãƒ—ï¼ˆãƒ„ãƒ¼ãƒ«å‘¼ã³å‡ºã— â†’ çµæžœå—ã‘å–ã‚Š â†’ æ¬¡ã®å¿œç”ï¼‰ã‚’ç¹°ã‚Šè¿”ã—ãŸã‹ã®å›žæ•°ã§ã™ã€‚ v1ï¼ˆæ–°è¦ä½œæˆï¼‰ã®æ‰€è¦æ™‚é–“ v1 ã§ã¯è¨€èªžé–“ã®å·®ãŒå¤§ããå‡ºã¦ã„ã¾ã™ã€‚Pythonï¼ˆ32.9 ç§’ï¼‰ã¨ Rubyï¼ˆ33.2 ç§’ï¼‰ãŒåƒ…å·®ã§ãƒˆãƒƒãƒ—ã€JavaScriptï¼ˆ36.0 ç§’ï¼‰ãŒç¶šãã¾ã™ã€‚ä¸€æ–¹ã€Ruby/Steep ã¯ 105.0 ç§’ã¨ Ruby ã®ç´„ 3.2 å€ã€‚Luaï¼ˆ96.4 ç§’ï¼‰ã‚„ OCamlï¼ˆ80.9 ç§’ï¼‰ã‚‚é…ã‚ã€‚ v1 ã¯ç©ºã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‹ã‚‰ã‚¹ã‚¿ãƒ¼ãƒˆã™ã‚‹ã®ã§ã€Cargo.toml ã‚„ package.json ãªã©ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆè¨å®šãƒ•ã‚¡ã‚¤ãƒ«ã‚’ç”Ÿæˆã™ã‚‹ã‚³ã‚¹ãƒˆãŒå«ã¾ã‚Œã¾ã™ã€‚Python/Ruby/JavaScript ãªã©ã¯ minigit ãƒ•ã‚¡ã‚¤ãƒ« 1 ã¤ã‚’ç”Ÿæˆã™ã‚‹ã ã‘ã§æ¸ˆã‚€ã®ã§ã€å·®ãŒå¤§ãããªã£ã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™
YassLab 2026/03/05
â€œã¯ã˜ã‚ã« -- ã€ŒAIã®ãƒã‚°ã‚’é˜²ããŸã‚ã€åž‹ã‚·ã‚¹ãƒ†ãƒ ã¯é‡è¦ï¼ã€ã€Œã„ã‚„ã€åž‹æ³¨é‡ˆãŒãªã„ã»ã†ãŒãƒˆãƒ¼ã‚¯ãƒ³æ•°ãŒå°‘ãªãã¦æ¸ˆã‚€ï¼ã€å®šæ€§çš„ãªè°è«–ã¯è¦‹ã‹ã‘ã‚‹ã‚“ã§ã™ãŒã€å®šé‡çš„ãªè©±ã‚’è¦‹ãªã„ã®ã§ã€å®Ÿé¨“ã—ã¦ã¿ã¾ã—ãŸã€‚â€

Ruby

JavaScript

Python

TypeScript

è¨€èªž

åž‹

AI

Claude

Stats

LLM
ãƒªãƒ³ã‚¯
3æœˆ2æ—¥ å¦ç¿’æ—¥å ±
HKã•ã‚“ã®ã‚¹ã‚¯ãƒ©ãƒƒãƒ—
YassLab 2026/03/04
â€œrailsã‚¬ã‚¤ãƒ‰ã§ã‚ãƒ£ãƒƒã‚·ãƒ¥æ©Ÿæ§‹ãŒã§ã¦ããŸã®ã§å¾Œã§ãã¡ã‚“ã¨èª¿ã¹ã‚‹ / Next.jsã¨ã®ã‚ãƒ£ãƒƒã‚·ãƒ¥ã®é•ã„ãªã©ã‚‚çŸ¥ã‚ŠãŸã„â€

Ruby

Rails

Railsã‚¬ã‚¤ãƒ‰

Next.js

JavaScript
ãƒªãƒ³ã‚¯
ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã«æ±Žç”¨APIã‚’ä½¿ã‚ã›ã¦ã¯ã„ã‘ãªã„ï¼ˆ4å¹´å¾Œã®ç¶šç·¨è¨˜äº‹ï¼‰ï¼ˆç¿»è¨³ï¼‰ï½œTechRacho by BPSæ ªå¼ä¼šç¤¾
æ¦‚è¦ å…ƒã‚µã‚¤ãƒˆã®è¨±è«¾ã‚’å¾—ã¦ç¿»è¨³ãƒ»å…¬é–‹ã„ãŸã—ã¾ã™ã€‚ è‹±èªžè¨˜äº‹: Donâ€™t Build a General Purpose API (4 Years Later) - Max Chernyak åŽŸæ–‡å…¬é–‹æ—¥: 2025å¹´12æœˆ11æ—¥ åŽŸè‘—è€…: Max Chernyak æ—¥æœ¬èªžã‚¿ã‚¤ãƒˆãƒ«ã¯å†…å®¹ã«å³ã—ãŸã‚‚ã®ã«ã—ã¾ã—ãŸã€‚ ç§ã¯2021å¹´ã«ã€ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰å‘ã‘ã«ã‚ã–ã‚ã–æ±Žç”¨ã®APIã‚’æ§‹ç¯‰ã—ã¦è‹¦åŠ´ã‚’å¢—ã‚„ã—ã¦ã¯ã„ã‘ãªã„ã¨å‘¼ã³ã‹ã‘ã‚‹è¨˜äº‹ã‚’æ›¸ãã¾ã—ãŸâ†“ï¼ˆã‚ˆã‚ã—ã‘ã‚Œã°æœ¬è¨˜äº‹ã‚’èªã‚€å‰ã«ç›®ã‚’é€šã—ã¦ãŠã„ã¦ãã ã•ã„ï¼‰ã€‚ å‚è€ƒ: Donâ€™t Build A General Purpose API To Power Your Own Front End - Max Chernyak ã“ã®è¨˜äº‹ã¯Hacker Newsã«2åº¦å–ã‚Šä¸Šã’ã‚‰ã‚Œã¾ã—ãŸãŒã€2åº¦ç›®ã¯è©•åˆ¤ãŒã‚ˆã‚ã—ãã‚ã‚Šã¾ã›ã‚“ã§ã—ãŸï¼ˆãã®åˆ†è°è«–ã¯ç™½ç†±ã—ã¾ã—ãŸãŒï¼‰ã€‚æŽ¨æ¸¬ã§ã™ãŒã€2
YassLab 2026/02/20
"æ±Žç”¨APIã‚’ã“ã—ã‚‰ãˆãŸã›ã„ã§å•é¡ŒãŒç™ºç”Ÿã—ãŸã‚‰ã€ãã®å•é¡Œã‚’è§£æ±ºã›ãšã«éš è”½ã™ã‚‹ãŸã‚ã«ã€ã¾ãŸåˆ¥ã®ãƒ¬ã‚¤ãƒ¤ã‚’ã“ã—ã‚‰ãˆã‚‹ / ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã®ã‚³ãƒ¼ãƒ‰é‡ã¯å€å¢—ã—ã€è¤‡é›‘ã•ã¯2å€ã«ã‚‚3å€ã«ã‚‚ãªã‚Šã€ãã“ã«æ³¨ãŒã‚Œã‚‹æ™‚é–“ã¨åŠ´åŠ›ã‚‚å¢—ãˆã‚‹"

API

HTML

JSON

GraphQL

ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰

JavaScript
ãƒªãƒ³ã‚¯
https://x.com/SevenviewSteve/article/2019601506429730976
YassLab 2026/02/09
"Rails/Hotwire performed well for a different reason / Rails has 20 years of convention-driven, heavily-documented patterns. Stimulus controllers are thin JS wrappersâ€”most of the work is Ruby and HTML, which the agent excels at. The agent's strength in Ruby compensated for Hotwire being more niche

Ruby

Rails

React

Vue

JavaScript

Hotwire
ãƒªãƒ³ã‚¯
https://x.com/i/grok?conversation=2020672284319711463
- 1 user
- x.com
- å¦ã³
YassLab 2026/02/09
â€œRails/HotwireãŒã†ã¾ãã„ã£ãŸã®ã¯åˆ¥ã®ç†ç”± / 20å¹´ã®ã‚³ãƒ³ãƒ™ãƒ³ã‚·ãƒ§ãƒ³é§†å‹•ã§ã€å¤§é‡ã«ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã•ã‚ŒãŸãƒ‘ã‚¿ãƒ¼ãƒ³ãŒã‚ã‚‹ / ä»•äº‹ã®å¤§éƒ¨åˆ†ã¯Rubyã¨HTMLã§ã€ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆãŒå¾—æ„ã€‚Rubyã®å¼·ã¿ãŒHotwireã®ãƒ‹ãƒƒãƒã•ã‚’è£œã£ãŸã€‚â€

Ruby

Rails

React

Vue

JavaScript

Hotwire
ãƒªãƒ³ã‚¯
Hotwire vs. React: A Guide for the "One-Person Framework"
YassLab 2026/02/02
â€œRails 8 is pushing the concept of the "One Person Framework." The idea is that a single dev should be able to build a startup that used to require a team of 5. If you are a solo dev or a small team using React, you are spending 50% of your time managing the glue between your backend and frontend.

Ruby

Rails

JavaScript

React

Hotwire
ãƒªãƒ³ã‚¯
agent-skills/skills/react-best-practices/rules/bundle-conditional.md at main Â· vercel-labs/agent-skills
YassLab 2026/01/16
â€œConditional Module Loading - Load large data or modules only when a feature is activated.â€

TypeScript

JavaScript
ãƒªãƒ³ã‚¯
Next.jsã®è„†å¼±æ€§ã‚’æ•°æ—¥æ”¾ç½®ã—ãŸã‚‰æš—å·é€šè²¨ãƒžã‚¤ãƒŠãƒ¼ã‚’ä»•è¾¼ã¾ã‚ŒãŸè©± - Qiita
ã‚„ã£ãŸã‚‰å‹•ä½œãŒé…ã„ãªã¨æ€ã£ãŸã‚‰ã€ã„ã¤ã®é–“ã«ã‹ CPU ä½¿ç”¨çŽ‡ãŒ100%ã«ã€‚ ã“ã‚Œã¯ã‚‚ã—ã‚„...ã¨æ€ã£ãŸã‚‰ã€ã¾ã•ã«ã§ã—ãŸã€‚ PM2ã«ãƒã‚°ãŒæ®‹ã£ã¦ã„ãŸã®ãŒæ•‘ã„ã€‚ å¾Œã¯ã€Claude Code ã«ãŠã¾ã‹ã›ã—ã¾ã—ãŸã€‚ ä»¥ä¸‹ã€å‚™å¿˜éŒ²ï¼š ã¯ã˜ã‚ã« 2025å¹´12æœˆã€é‹ç”¨ã—ã¦ã„ãŸè¤‡æ•°ã®Next.jsã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒã‚µã‚¤ãƒãƒ¼æ”»æ’ƒã‚’å—ã‘ã€æš—å·é€šè²¨ãƒžã‚¤ãƒŠãƒ¼ã‚’ä»•è¾¼ã¾ã‚Œã¾ã—ãŸã€‚CVE-2025-55182ãŒå…¬é–‹ã•ã‚Œã¦ã‹ã‚‰2æ—¥å¾Œã®ã“ã¨ã§ã—ãŸã€‚ Note: ã“ã®è¨˜äº‹ã¯ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆèª¿æŸ»ãƒ¬ãƒãƒ¼ãƒˆã‚’åŸºã«ã€Claude CodeãŒåŸ·ç†ã—ã¾ã—ãŸã€‚ TL;DR CVE-2025-55182å…¬é–‹ã‹ã‚‰2æ—¥å¾Œã«æ”»æ’ƒã‚’å—ã‘ãŸ Next.js 15.x / 16.x ã®Server Actionsè„†å¼±æ€§ã§RCEï¼ˆãƒªãƒ¢ãƒ¼ãƒˆã‚³ãƒ¼ãƒ‰å®Ÿè¡Œï¼‰ã•ã‚ŒãŸ æš—å·é€šè²¨ãƒžã‚¤ãƒŠãƒ¼ï¼ˆMoneroï¼‰ã¨è¤‡æ•°ã®ãƒãƒƒã‚¯ãƒ‰ã‚¢ã‚’ä»•è¾¼ã¾ã‚ŒãŸ ã‚µãƒ¼ãƒãƒ¼å†…éƒ¨ã®èªè¨¼æƒ…å ±ãŒæ¼æ´©ã—ãŸå¯
YassLab 2025/12/21
â€œ2025å¹´12æœˆã€é‹ç”¨ã—ã¦ã„ãŸè¤‡æ•°ã®Next.jsã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒã‚µã‚¤ãƒãƒ¼æ”»æ’ƒã‚’å—ã‘ã€æš—å·é€šè²¨ãƒžã‚¤ãƒŠãƒ¼ã‚’ä»•è¾¼ã¾ã‚Œã¾ã—ãŸã€‚CVE-2025-55182ãŒå…¬é–‹ã•ã‚Œã¦ã‹ã‚‰2æ—¥å¾Œã®ã“ã¨ã§ã—ãŸã€‚â€

Security

CVE

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

JavaScript

Next.js

React
ãƒªãƒ³ã‚¯
Over 644,000 Domains Exposed to Critical React Server Components Vulnerability
Home Cyber Security Over 644,000 Domains Exposed to Critical React Server Components Vulnerability The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significant improvements to their scanning methodologies, researchers have identified a massive attack surface
YassLab 2025/12/21
â€œFollowing significant improvements to their scanning methodologies, researchers have identified a massive attack surface comprising over 165,000 unique IP addresses and more than 644,000 domains hosting vulnerable code as of December 8, 2025.â€

JavaScript

React

Security

CVE

è„†å¼±æ€§
ãƒªãƒ³ã‚¯
React Server Componentsã®è„†å¼±æ€§ CVE-2025-55182ï¼ˆReact2Shellï¼‰ã«ã¤ã„ã¦ã¾ã¨ã‚ã¦ã¿ãŸã€‚ - piyolog
2025å¹´12æœˆ3æ—¥ã€JavaScriptãƒ©ã‚¤ãƒ–ãƒ©ãƒª Reactã‚’é–‹ç™ºã™ã‚‹The React Teamã¯ã€React Server Componentsã«æ·±åˆ»ãªè„†å¼±æ€§ãŒç¢ºèªã•ã‚ŒãŸã¨ã—ã¦è„†å¼±æ€§æƒ…å ±ã‚’å…¬é–‹ã—ã€ä¿®æ£ç‰ˆã¸ã®æ›´æ–°ã‚’æ¡ˆå†…ã—ã¾ã—ãŸã€‚ã“ã“ã§ã¯é–¢é€£ã™ã‚‹æƒ…å ±ã‚’ã¾ã¨ã‚ã¾ã™ã€‚ ã©ã‚“ãªè„†å¼±æ€§ãŒç¢ºèªã•ã‚ŒãŸã®ï¼Ÿ React Server Function ã®Flightãƒ—ãƒãƒˆã‚³ãƒ«ã«ãŠã„ã¦ã€ä¿¡é ¼ã§ããªã„ãƒ‡ãƒ¼ã‚¿ã®ãƒ‡ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã«é–¢ã™ã‚‹è„†å¼±æ€§ ãŒç¢ºèªã•ã‚ŒãŸã€‚ã“ã®è„†å¼±æ€§ã¯èªè¨¼ä¸è¦ã§ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰æ‚ªç”¨ãŒå¯èƒ½ã§ã‚ã‚Šã€ãƒªãƒ¢ãƒ¼ãƒˆã‚³ãƒ¼ãƒ‰å®Ÿè¡Œï¼ˆRCEï¼‰ ã«è‡³ã‚‹æã‚ŒãŒã‚ã‚‹ã€‚æ·±åˆ»åº¦ã¯ ç·Šæ€¥ï¼ˆCVSS åŸºæœ¬å€¤ 10.0ï¼‰ ã¨è©•ä¾¡ã•ã‚Œã¦ãŠã‚Šã€é–‹ç™ºå…ƒã¯åˆ©ç”¨è€…ã«å¯¾ã—ã¦é€Ÿã‚„ã‹ãªå¯¾å¿œã‚’å‘¼ã³ã‹ã‘ã¦ã„ã‚‹ã€‚ React ã¯ã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚ºç’°å¢ƒã‚’å«ã‚€å¹…åºƒã„ã‚·ã‚¹ãƒ†ãƒ ã§æŽ¡ç”¨ã•ã‚Œã¦ãŠã‚Šã€æ—¥æœ¬å›½å†…ã§ã‚‚ React ã‚’ç”¨ã„ãŸã‚·ã‚¹ãƒ†ãƒ ã‚’å…¬é–‹ã—ã¦ã„ã‚‹ãƒ›ã‚¹ãƒˆãŒå¤šæ•°
YassLab 2025/12/20
â€œæ˜Žç¤ºçš„ã«React Server Function ã‚’ä½¿ç”¨ï¼ˆå®Ÿè£…ï¼‰ã—ã¦ã„ã‚‹ã‹ã«ã‹ã‹ã‚ã‚‰ãšå½±éŸ¿ã‚’å—ã‘ã‚‹ ... ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®è¨å®šã§æ§‹ç¯‰ã•ã‚ŒãŸç’°å¢ƒï¼ˆcreate-next-appã§ä½œæˆã•ã‚Œæœ¬ç•ªç”¨ã«ãƒ“ãƒ«ãƒ‰ã•ã‚ŒãŸæ¨™æº–çš„ãª Next.jsã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ç‰ï¼‰ãŒå½±éŸ¿ã‚’å—ã‘ã‚‹â€

React

CVE

Security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

è„†å¼±æ€§

Next.js

JavaScript
ãƒªãƒ³ã‚¯
ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã‚¨ã‚ã‚¹ãƒ‘ãƒ¼ãƒˆãƒãƒ¼ãƒ ã®è§£æ•£ã¯ ã€Œã„ã„è©±ã€ãªã®ã‹ï¼Ÿ
YassLab 2025/12/20
â€œFEEã®å˜åœ¨ãŒæž·ã«ãªã‚‹éƒ¨åˆ†ã‚‚ â€¢ ãã‚‚ãã‚‚èª°ã‹ãŒãƒªãƒ¼ãƒ‰ã›ãšã¨ã‚‚ã‚„ã‚Œã‚‹äººãŒãŸãã•ã‚“ã„ã‚‹ã¯ãš / æž ã‚’è¶…ãˆãŸãƒˆãƒ©ã‚¤ã‚’ã™ã‚‹ã«ã‚‚ ã€ŒFEEãŒã„ã‚‹ã‹ã‚‰ãªâ€¦ã€ã€ŒFEEãŒâ—¦â—¦ã‚„ã£ã¦ã‚‹ã—ãªâ€¦ã€ ã¨ã„ã†ç™ºæƒ³ã«ãªã‚Šã‚„ã™ã„â€

SPA

JavaScript

Frontend
ãƒªãƒ³ã‚¯
Node.js â€” Tuesday, January 13, 2026 Security Releases
Commercial support for versions past the Maintenance LTS phase is available through our OpenJS Ecosystem Sustainability Program partners Security releases available Updates are now available for the 25.x, 24.x, 22.x, and 20.x Node.js release lines to address: 3 high severity issues. 4 medium severity issues. 1 low severity issue. This security release includes the following dependency updates to a
YassLab 2025/12/18
â€œ(Update 17-Dec-2025) Security Release target January 7th - We have decided to delay the release further to Wednesday, January 7th, 2026 to ensure the team has enough time to properly prepare the patches and releases. We also prefer not to disrupt the holiday season with a security release.â€

Security

è„†å¼±æ€§

Node.js

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

JavaScript
ãƒªãƒ³ã‚¯
ä¸€é€£ã®RSCè°è«–ã«ã¤ã„ã¦
ä¸€é€£ã®RSC/Server Functionsè°è«–ã«ã¤ã„ã¦ ä»¥ä¸‹ã®äº‹è±¡ã®ã©ã‚Œã‚’ãƒ¨ã‚·ã¨ã—ã¦ã€ã©ã‚Œã‚’ãƒ¨ã‚·ã¨ã—ãªã„ã‹ã«ã¤ã„ã¦ã‚¹ã‚¿ãƒ³ã‚¹ã‚’æ˜Žç¢ºã«ã—ã¦ã‹ã‚‰è°è«–ã‚’è¡Œã†å¿…è¦ãŒã‚ã‚Šã¾ã™ ã‚µãƒ¼ãƒå´ã§è¦‹ãŸç›®ã‚’ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ã™ã‚‹ã“ã¨ (Server Componentsã‚’ç”¨ã„ãŸUIãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°) ã‚µãƒ¼ãƒå´ã®ãƒ‡ãƒ¼ã‚¿ã‚’é”æ³•ã®ã‚ˆã†ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«æ¸¡ã›ã¦ã—ã¾ã†ã“ã¨ (SCã‹ã‚‰CCã¸ã®propså—ã‘æ¸¡ã—) ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒã‚µãƒ¼ãƒã®é–¢æ•°å‘¼ã³å‡ºã—ã‚’æ„è˜ã›ãšé”æ³•ã®ã‚ˆã†ã«è¡Œãˆã¦ã—ã¾ã†ã“ã¨ (Server Functionsã¸ã®å¼•æ•°æ¸¡ã—) è‡ªåˆ†ã¯ä¸€ç•ªç›®ã¯æ˜¯éžã¨ã‚‚è¨±å®¹ã—ã¦ã„ããŸãã¦(ã“ã‚Œã«é–¢ã—ã¦ã¯MPAã‚„HTML on the Wire/HotWire ã®ãƒ¡ãƒªãƒƒãƒˆã¨åŒã˜)ã€ 2ã¨3ã¯ã†ã¾ãç«‹ã¡å›žã‚‰ãªã„ã¨è‡ªåˆ†ã®è¶³ã‚’è‡ªåˆ†ã§ã¶ã¡æŠœã„ã¦ã—ã¾ã†å±é™ºãªä»•çµ„ã¿ãªã®ã§é¿ã‘ã€ SPA + Backend APIã¨åŒæ§˜ã«APIã‚¹ã‚ãƒ¼ãƒžã‚’å®šç¾©ã—ã€æ„å›³ã—ãªã„å€¤ã®
YassLab 2025/12/17
â€œReact2Shellæ”»æ’ƒã«ãŠã„ã¦ã€JavaScriptã®äº’æ›æ€§ã‚’ç†ç”±ã«ç¶™ç¶šã•ã‚Œã¦ã„ã‚‹ä»•æ§˜ãŒã„ãã¤ã‹ç‹™ã‚ã‚Œã¦ã„ã‚‹ / ç§é”ã«å‡ºæ¥ã‚‹ã“ã¨ã¯ã€ã—ã£ã‹ã‚Šã¨ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ã‚’è¡Œã„ã€æ”»æ’ƒãŒè„†å¼±ãªä»•æ§˜ã«çµã³ã¤ãå‰ã«ã¡ã‚ƒã‚“ã¨æ–ã¡åˆ‡ã‚‹ã“ã¨â€

JavaScript

React

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

Security

è„†å¼±æ€§
ãƒªãƒ³ã‚¯
New PCPcat Exploiting React2Shell Vulnerability to compromise 59,000+ Servers
YassLab 2025/12/16
"admin can detect this activity by monitoring connections to the command server IP addr 67.217.57.240 on ports 666, 888, and 5656, looking for systemd services with names containing pcpcat, and checking for unusual outbound connections carrying JSON data containing environment vars or credentials."

JavaScript

React

Next.js

Security

Incident
ãƒªãƒ³ã‚¯
Lessons from React2Shell
DEV Community Follow A space to discuss and keep up software development and manage your software career Future Follow News and discussion of science and techno logy such as AI, VR, cryptocurrency, quantum computing, and more. Open Forem Follow A general discussion space for the Forem community. If it doesn't have a home elsewhere, it belongs here
YassLab 2025/12/15
â€œThe vulnerability wasn't an implementation bug that slipped through code review. It was the predictable consequence of violating a fundamental security principle: complex deserialization of untrusted data leads to remote code execution. If you can't do it perfectly don't do it at all.â€

Next.js

JavaScript

React

CVE

è„†å¼±æ€§

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ãƒªãƒ³ã‚¯
å€‹äººé–‹ç™ºã®EC2ãŒä¹—ã£å–ã‚‰ã‚Œã¦Moneroã‚’æŽ˜ã‚‰ã‚Œã¦ã„ãŸè©±ã€CVE-2025-55182ã€‘ï½œãã“ã‚ã“
ã¯ã˜ã‚ã«ã€Œã‚ã‚Œã€CPUã‚¯ãƒ¬ã‚¸ãƒƒãƒˆãŒã‚¼ãƒã«ãªã£ã¦ã‚‹â€¦ï¼Ÿã€ 12æœˆ9æ—¥ã€AWSã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‚’é–‹ã„ãŸçž¬é–“ã€è¡€ã®æ°—ãŒå¼•ã„ãŸã€‚t2.microã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®CPUã‚¯ãƒ¬ã‚¸ãƒƒãƒˆãŒå®Œå…¨ã«æž¯æ¸‡ã—ã¦ã„ã‚‹ã€‚ ã†ã¡ã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã¯æ¯Žæ—¥å¤œä¸ã«å†èµ·å‹•ã™ã‚‹ã®ã ãŒã€å†èµ·å‹•ç›´å¾Œã€ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆãŒå›žå¾©ã—å§‹ã‚ãŸé€”ç«¯ã«ä¸€æ°—ã«æ¶ˆè²»ã•ã‚Œã€ãã®å¾Œæž¯æ¸‡ã—ã¦ã„ãŸã€‚ ã“ã‚Œã¯ã€ç§ã®å€‹äººé–‹ç™ºã‚µãƒ¼ãƒãƒ¼ãŒæ”»æ’ƒã‚’å—ã‘ã€ä»®æƒ³é€šè²¨ãƒžã‚¤ãƒ‹ãƒ³ã‚°ã®è¸ã¿å°ã«ã•ã‚Œã¦ã„ãŸè¨˜éŒ²ã§ã™ã€‚ ç•°å¤‰ã®ç™ºè¦‹æœ€åˆã®é•å’Œæ„Ÿå€‹äººé–‹ç™ºã§é‹ç”¨ã—ã¦ã„ãŸNext.jsã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã€‚æ™®æ®µã¯é™ã‹ã«å‹•ã„ã¦ã„ã‚‹ã¯ãšã®t2.microã®CPUã‚¯ãƒ¬ã‚¸ãƒƒãƒˆãŒä½•æ•…ã‹æž¯æ¸‡ã—ã¦ã„ã‚‹ã€‚ è©³ã—ãèª¿ã¹ã¦ã¿ã‚‹ã¨ã€ ps aux --sort=-%cpu | head -20 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ubuntu 2175 0.0 0.0
YassLab 2025/12/13
"å€‹äººé–‹ç™ºã§é‹ç”¨ã—ã¦ã„ãŸNext.jsã‚¢ãƒ—ãƒª / ä»®æƒ³é€šè²¨ãƒžã‚¤ãƒ‹ãƒ³ã‚°ã®è¸ã¿å°ã«ã•ã‚Œã¦ã„ãŸ / å…¬é–‹ã‹ã‚‰3æ—¥ã§æ”»æ’ƒãŒæ¥ã‚‹ / æ”»æ’ƒè€…ã¯è„†å¼±ãªã‚µãƒ¼ãƒãƒ¼ã‚’è‡ªå‹•ã‚¹ã‚ãƒ£ãƒ³ã—ã¦ã„ã‚‹. è¦æ¨¡ã¯é–¢ä¿‚ãªã„. ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã«å…¬é–‹ã—ãŸçž¬é–“, æ”»æ’ƒå¯¾è±¡"

å€‹äººé–‹ç™º

React

JavaScript

CVE

Security

Next.js
ãƒªãƒ³ã‚¯
React Server Componentsã«ãŠã‘ã‚‹è„†å¼±æ€§ã«ã¤ã„ã¦ï¼ˆCVE-2025-55182ï¼‰ | æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ | IPA ç‹¬ç«‹è¡Œæ”¿æ³•äºº æƒ…å ±å‡¦ç†æŽ¨é€²æ©Ÿæ§‹
æ³¨é‡ˆï¼šè¿½è¨˜ã™ã¹ãæƒ…å ±ãŒã‚ã‚‹å ´åˆã«ã¯ã€ãã®éƒ½åº¦ã“ã®ãƒšãƒ¼ã‚¸ã‚’æ›´æ–°ã™ã‚‹äºˆå®šã§ã™ã€‚ æ¦‚è¦ React Server Componentsã¯ã€JavaScriptãƒ©ã‚¤ãƒ–ãƒ©ãƒªã€ŒReactã€ã®ã‚µãƒ¼ãƒæ©Ÿèƒ½ã«é–¢ã™ã‚‹ã‚³ãƒ³ãƒãƒ¼ãƒãƒ³ãƒˆã§ã™ã€‚ ã“ã®React Server Componentsã«ãŠã„ã¦ã€ä¿¡é ¼ã§ããªã„ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ‡ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã™ã‚‹è„†å¼±æ€§ï¼ˆCVE-2025-55182ï¼‰ãŒç¢ºèªã•ã‚Œã¦ã„ã¾ã™ã€‚ æœ¬è„†å¼±æ€§ã‚’æ‚ªç”¨ã•ã‚ŒãŸå ´åˆã€é éš”ã®æ”»æ’ƒè€…ã«ã‚ˆã£ã¦ä»»æ„ã®ã‚³ãƒ¼ãƒ‰ã‚’å®Ÿè¡Œã•ã‚Œã‚‹ãŠãã‚ŒãŒã‚ã‚Šã¾ã™ã€‚ ãªãŠã€ã€ŒNext.jsã€ãªã©ä»–è£½å“ã«ãŠã„ã¦ã€åŒæ§˜ã®å½±éŸ¿ã‚’å—ã‘ã¾ã™ã€‚ --- 2025å¹´ 12 æœˆ 10 æ—¥æ›´æ–° --- æœ¬è„†å¼±æ€§ã‚’æ‚ªç”¨ã—ãŸã¨æ€ã‚ã‚Œã‚‹æ”»æ’ƒãŒå›½å†…ã§ç™ºç”Ÿã—ã¦ã„ã‚‹ã¨ã®æƒ…å ±ãŒã‚ã‚Šã¾ã™ã€‚ ä»Šå¾Œã€ã“ã®è„†å¼±æ€§ã‚’çªã„ãŸæ”»æ’ƒãŒæ‹¡å¤§ã™ã‚‹ãŠãã‚ŒãŒã‚ã‚‹ãŸã‚ã€æ—©æ€¥ã«å¯¾ç–ã‚’å®Ÿæ–½ã—ã¦ãã ã•ã„ã€‚ --- 2025å¹´ 12 æœˆ 12 æ—¥æ›´æ–° ---
YassLab 2025/12/11
â€œ2025å¹´ 12 æœˆ 10 æ—¥æ›´æ–° --- æœ¬è„†å¼±æ€§ã‚’æ‚ªç”¨ã—ãŸã¨æ€ã‚ã‚Œã‚‹æ”»æ’ƒãŒå›½å†…ã§ç™ºç”Ÿã—ã¦ã„ã‚‹ã¨ã®æƒ…å ±ãŒã‚ã‚Šã¾ã™ã€‚ä»Šå¾Œã€ã“ã®è„†å¼±æ€§ã‚’çªã„ãŸæ”»æ’ƒãŒæ‹¡å¤§ã™ã‚‹ãŠãã‚ŒãŒã‚ã‚‹ / ã€ŒNext.jsã€ãªã©ä»–è£½å“ã«ãŠã„ã¦ã€åŒæ§˜ã®å½±éŸ¿ã‚’å—ã‘ã¾ã™â€

React

CVE

Security

è„†å¼±æ€§

Next.js

JavaScript
ãƒªãƒ³ã‚¯
ChatGPT - SPA è¤‡é›‘ã•ã®æ‡¸å¿µ
YassLab 2025/09/25
â€œã—ã‹ã—ç§ãŸã¡ã¯ã€ãƒãƒ¼ãƒ ãŒãã®ã‚ˆã†ãªãƒˆãƒ¬ãƒ¼ãƒ‰ã‚ªãƒ•ã‚’åˆ†æžã™ã‚‹ã“ã¨ãªãã€ãƒ“ã‚¸ãƒã‚¹ä¸Šã®è¦ä»¶ãŒæ£å½“åŒ–ã—ãªã„å ´é¢ã§ã‚‚ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ SPA ã®è¤‡é›‘ã•ã‚’å—ã‘å…¥ã‚Œã¦ã—ã¾ã£ã¦ã„ã‚‹çŠ¶æ³ã‚’ã‚ˆãç›®ã«ã—ã¾ã™ã€‚â€

JavaScript

SPA

React

Hotwire
ãƒªãƒ³ã‚¯
GitHub - taketo1113/alt-ujs: alternative rails-ujs
YassLab 2025/09/11
â€œalt-ujs is an alternative to rails-ujs. rails-ujs has been deprecated since Rails 7.0 and was no longer released starting from Rails 7.2. / alt-ujs provides: force confirmation dialogs for various actions; make non-GET requests from hyperlinks; have submit buttons become automatically disabledâ€

Ruby

Rails

UJS

JavaScript
ãƒªãƒ³ã‚¯
1 2 3 4 æ¬¡ã®ãƒšãƒ¼ã‚¸