Zod v4 + Next.js Server Actions: End-to-End Type Safety
A complete working pattern for type-safe Server Actions in Next.js 15 using Zod v4 — auth-aware wrappers, shared client/server schemas, file uploads, discriminated error shapes, useActionState wiring, and tests that exercise the validation boundary.
Server Actions Security: CSRF, Origins, and the Gaps
What Next.js Server Actions actually protect against out of the box, what they do not, and the security patterns — auth, rate limiting, input validation, file-upload hardening — every production app should layer on top.
Supply-Chain Attacks on npm: 2025 Lessons for Next.js Teams
A review of the npm supply-chain incidents that defined 2025 — typosquats, self-replicating worms, and dist-tag hijacks — plus the concrete hardening steps every Next.js team should have in place before 2026.
Next.js Security Alert: CVE-2025-55184 & CVE-2025-55183 - Upgrade Guide
Critical security vulnerabilities in Next.js 13-16 App Router: CVE-2025-55184 enables DoS attacks, CVE-2025-55183 exposes Server Action source code. Learn which versions are affected and how to upgrade immediately.