A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...

Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. Tracked as CVE-2025-11953 (CVSS score of 9.8) and disclosed in early November, the ...

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...

In DEV mode: you usually get a helpful Red Screen with a stack trace In production (bundled) mode: the app can quit or crash with far less context ...

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React Native NPM package. React Native is an open source framework designed for ...

A new library, React Native Godot, enables developers to embed the open-source Godot Engine for 3D graphics within a React Native application. Enterprise development teams often have to balance the ...