Next.js just dropped a game-changing bombshell, releasing the stable version of Next.js 15 before the Next.js Conf β and it's absolutely insane! π
Here are some of the mind-blowing new updates and features packed into Next.js 15:
- Improved Upgrades with
@next/codemod
CLI: Next.js 15 includes a new codemod CLI that makes it easier to upgrade to the latest Next.js and React versions. The CLI updates dependencies, shows available codemods, and provides guidance on applying them. - Async Request APIs: APIs that depend on request-specific data, such as
headers
,cookies
,params
, andsearchParams
, have transitioned to be asynchronous. This change affects APIs likecookies
,headers
,draftMode
,params
(in various contexts), andsearchParams
. This is a breaking change but a codemod is available to help with migration. - Changes in Caching Semantics: Next.js 15 changes the default caching behavior for
fetch
requests,GET
Route Handlers, and Client Router Cache. These are now uncached by default. You can opt into caching if needed.-
fetch
requests now useno-store
as the default cache option, meaning they are not cached by default. You can opt into caching by setting thecache
option toforce-cache
. -
GET
Route Handlers are also not cached by default. You can opt into caching using static route config options. - Client Router Cache no longer caches Page components by default. You can revert to the previous behavior by setting the
staleTime
innext.config.ts
.
-
- React 19 Support: Next.js 15 supports React 19, including the experimental React Compiler.
- The App Router uses React 19 RC, while backward compatibility for React 18 is maintained for the Pages Router. Using React 18 for the Pages Router and React 19 for the App Router in the same application is not recommended due to potential inconsistencies.
- The React Compiler aims to simplify code by reducing manual memoization, but it is still experimental and may result in slower build times.
- Stable Turbopack Dev: Turbopack, the new Rust-based build system, is now stable in development mode (
next dev --turbo
). It offers significant performance improvements in server startup, Fast Refresh, and initial route compilation. - Static Route Indicator: This new visual indicator helps identify static and dynamic routes during development.
-
unstable_after
API: Theunstable_after
API allows code execution after a response has finished streaming, which is particularly helpful for tasks that don't need to block the user, like logging and analytics. -
instrumentation.js
API: This API allows developers to monitor Next.js server lifecycle events, which is helpful for performance tracking and error analysis. - Enhancements to Forms with the
<Form>
Component: The new<Form>
component simplifies form handling with features like prefetching, client-side navigation, and progressive enhancement. - TypeScript Support in
next.config.ts
: Next.js 15 supports a TypeScriptnext.config.ts
file, offering type safety and autocompletion for configuration options. - Self-hosting Improvements: Next.js 15 provides more control over
Cache-Control
headers for self-hosting, simplifies image optimization by automatically usingsharp
, and includes a demo and tutorial video on self-hosting. - Enhanced Server Action Security: Next.js now eliminates unused Server Actions during the build process and utilizes unpredictable IDs for client-side references, enhancing security.
- Bundling External Packages: Next.js 15 provides more consistent configuration options for bundling external packages across both the App and Pages Routers. The
serverExternalPackages
option allows for unified management. - ESLint 9 Support: Next.js 15 introduces support for ESLint 9 while maintaining backward compatibility with ESLint 8. The update also includes deprecated option removal in
next lint
and an upgrade toeslint-plugin-react-hooks
to version 5.0.0. - Development and Build Improvements:
- Improved Server Components Hot Module Replacement (HMR) to enhance local development performance.
- Faster static generation in the App Router through optimized rendering processes and shared fetch caches among workers.
- Introduction of experimental static generation controls for advanced use cases, but these require caution as they might lead to increased resource consumption.
- Miscellaneous:
- Breaking changes and improvements across different areas like
next/image
, Middleware,next/font
, caching, configuration options, Speed Insights, sitemaps, dynamic routes, revalidation, and more. - General improvements in metadata handling, tree-shaking, parallel routes, error handling, prefetching, and several other aspects.
- Breaking changes and improvements across different areas like
Question arises, "How does the Next.js 15 release address the issue of unintentional exposure of server-side functions?"
The Next.js 15 release introduces two enhancements to address the unintentional exposure of server-side functions, specifically Server Actions:
- Dead Code Elimination: Server Actions that are not used in the application are automatically removed during the
next build
process. This prevents them from having their IDs exposed to the client-side JavaScript bundle and creating a public endpoint. - Secure Action IDs: Next.js 15 generates unguessable, non-deterministic IDs for Server Actions, making it difficult for attackers to guess and access them directly. These IDs are periodically recalculated between builds to further enhance security.
It is important to note that these measures do not completely eliminate the risk of Server Action exposure. Developers should still treat Server Actions as public HTTP endpoints and implement appropriate security measures to protect sensitive data and functionality.
Top comments (0)