Guillermo Rauch on the Next.js Drama, AI-Driven Dev, Vercel’s v0, and the Future of Frontend.

welcome to the show how you doing my man great thanks for having me I've been looking forward to this me too I think everyone's looking forward to this that there's drama on the timeline we need to have a tvpn segment we really appreciate you coming on uh can you uh can you just give us like a breakdown of what's happening in the world of versel right now well yeah uh maybe to introduce versel too for those that are that are new to our company uh versel creates Frameworks and infrastructure to deploy great web applications uh we're super invested in open source we created a

framework called nextjs y that powers a lot of the internet and we're very proud about it but we also have investments in a bunch of other open source projects uh I have a long history of being involved in the JavaScript ecosystem typescript ecosystem so if you're building a new application uh versel and xch are are a pretty good choice for people fantastic and what's going on most recently yeah I mean if you go on X there's a lot going on um maybe the thing that started a lot of this was we

got a ping from a security researcher about a uh potential security vulnerability on nextjs we get lots of this uh operating at the scale that that we're in we have millions of monthly active developers on nextjs uh tens of millions of applications deployed to the versel platform and so we get we get a lot of P but this one in particular was interesting because it was a potential off bypass which you know in the security industry it's as bad of a bug as you could imagine like bypassing

login sign up things like that um we took a look at it uh we we uh process it through the queue we remediated it and then when we disclos it of the world uh you know we we we could have done a lot better in how we disclosed it so um we we filed the cve in partnership with GitHub uh which is the standard mechanism for how you notify every nextjs user on the planet whether they use verell or not about this this vulnerability but the awesome thing about nextjs is that once you use nextjs you're actually not just getting the open source project nextjs you're getting a huge ecosystem of of products

with it that you can use that integrate really nicely into nexs there there are a lot of off Partners a company like clerk stack off better off Luchia in the open source ecosystem is awesome products and I think we should have notified those people before that cve went out so they could have had the opportunity to like look at what the impact would have been to their projects and like that uh on the other hand we

did test internally like okay netlify which is another deployment option for nexts uh affected and again we could have done a much better job at partnering with companies like netlify and Cloud flare who host nexas as well um but it kind of became like a Twitter thing you know that like uh it got big and then Cloud got involved I think you guys were just talking about it before I joined and uh yeah there's some Banger tweets being exchanged here and there uh yeah you're entertaining I'm I'm curious to get your

read on it you you've been in the game for you know you founded socket uh back in the day uh do you feel like the environment now there's Le you know there's still a lot of Internet to build and there's still a lot of opportunity but at the same time we have these sort of scaled businesses like Cloud flare and versell and things like that do you feel like the environment today is like more hostile or emotionally charged than ever before because there's you know people are there's now like sort of like the Market's established in many ways it's not maybe going quite as quickly as

it used to there's new opportunities but it's yeah it's like it's it's starting you know is is this sort of more zero some environment making things a little bit more charged today I think not I do think that on X people get really spicy I was very shocked that the Sea of uh Cloud flare came I mean he's he's a CE of a public company and he came guns blazing uh even putting out like some like cringeworthy