Is create-react-app abandoned?

[thomastvedt]

I finally get to use React again, after 1 year of absence using Angular.. One year ago create-react-app was the best way to create a new React project. But now I'm starting to wonder what the status of the create-react-app project is??

914 issues?
254 open PRs?

And after setting up a new project I get this:

That doesn't look good?

Are people still using create-react-app, or is there a new and better thing? (except from manually tweaking webpack, I'm not suicidal)

[arogozine]

Someone can correct me here, but as I understand, CRA is abandoned by Facebook.
The current team doesn't have Facebook listed in their organizations and refer to themselves as volunteers.

I'm using CRACO to fix up some issues with CRA (lack of new TS and modern JS support) at the moment.

[ultrox]

Next 11 have experimental feature to convert CRA to Next, that's not by accident. I think this decision is bad for React.

[ryota-murakami]

As @ultrox mentioned Next v11 containing migration CRA to Next feature.
https://nextjs.org/blog/next-11#cra-migration

I think Next.js is great framework for making app with general production quality.
Even though CRA has another crucial role in the industry that grow developers.

Plane React development tool still worth it in order to step up to advanced techniques superset framework like Next and understand what does it doing internally.

[arogozine]

Can't seem to edit my answer, but here is the "none of the maintainers ... work at Facebook. We are all volunteers working on this project in our spare time.",
#6756 (comment)
#7981 (comment)

[bugzpodder]

Facebook never used CRA internally, it has always being run by volunteers until Dan got a job there. They do use jest and yarn v1 but the maintainers are all non-fb ppl.

[gaearon]

it has always being run by volunteers until Dan got a job there

I understand the frustration but I want to correct this statement because I don't want it to be repeated. It's not true. I am an original co-author of CRA which I started and worked on while at Facebook. I did not work on it "before I got a job", this is factually false. Usually, I would work on it every once in a while to help push out a new release, but I've been more busy lately and am currently dividing my attention between React itself and new React Docs. So unfortunately I don't have enough time right now to work on CRA. The volunteer team has been doing a lot of work and I'm really grateful to them for picking it up when I'm not available.

[ryota-murakami]

Is create-react-app abandoned?

I really know that feeling and I guess that's one of the reason that evolving alternative like (Vite)[https://vitejs.dev/] .
I think many external contributor motivated improve project but facebook guys doesn't review most of Pull Request.

[arogozine]

For those looking for alternatives, I tried porting to Vite and ran into three issues,

1. Not compatible with ASP.NET Core useReactDevelopmentServer
2. Does not replace env variables placed in index.html (no support for <base href="%PUBLIC_URL%/" />)
3. Failed with image imports - dynamic require of "SVG PATH" not supported

[ryota-murakami]

Thank you, I didn't know that.
I have to realize there is no one perfect tools.

[thomastvedt]

Did a quick test on https://neutrinojs.org/, but not too impressed here either..:

• uses react 16.4
• webpack 4
• and also has a bunch of security warnings:
  

[ivanjeremic]

Take a look at Vite. https://vitejs.dev/guide/#scaffolding-your-first-vite-project I use it now instead of CRA+Craco

[ultrox]

Thanks bro :) I didn't know vite is for react as well. Hvala brale!

[ivanjeremic]

Thanks bro :) I didn't know vite is for react as well. Hvala brale!

nema problema ;)

[martinnormark]

Thanks for info!

Vite works great with React. If you need to add Tailwind, their guide for Vue based on Vite works: https://tailwindcss.com/docs/guides/vue-3-vite - even works with jit.

[ivanjeremic]

Wow didn't know this will happen... I'm really starting to think Next.js will be the next official React Framework.

[thomastvedt]

I was wondering about that too.. But I thought Next.js was more like Gatsby? Just for static sites? I didn't get around to test it yet, how is it compared to create-react-app for regular SPA's with no need for SSR?

I think they use webpack 5, and probably abstract away the difficult webpack setup stuff? I also saw a video where it looks like they are working on a new devServer which looked extremely fast on live updates!

But is Next.js a good fit for "regular" SPAs?

[ryota-murakami]

@thomastvedt I think Next.js is not best solution for regular SPA.
Because Next's architecture designed for multiple page website.(combined directory name and url)
On the other hand CRA Just export regular SPA by build command, so I think CRA should get development transition as same as Next.js for satisfy the demand developer who build variety type of application.

[arogozine]

Next JS has its own routing / paging system - not React Router. So its not a drop in replacement.

[partoneplay]

Finally, an update coming

[mrmckeb]

CRA is definitely not abandoned, you'll see that we are definitely replying to issues and merging work, but the current team of maintainers are not employees of Facebook and we do this in our "free time".

We try to address critical issues quickly, but we recognise we need to do more and we're trying to improve the speed at which we iterate/release.

I'm hoping we'll get 4.1 out in the near future, but some breaking changes (in dependencies) have complicated that release. We're also working hard to get Webpack 5 shipped, and we're actively talking about what's next for CRA after that.

[bugzpodder]

https://reactjs.org/blog/2016/07/22/create-apps-with-no-configuration.html
fb doesn't use it internally

[mrmckeb]

@thomastvedt, no one from Facebook is an active maintainer of CRA today. We are still in the Facebook org though, so they still have ownership of the project from that perspective - and still give feedback, and communicate with us around issues, direction, etc.

[gaearon]

I responded here. #11180 (comment)

[arogozine]

Is it possible to decouple this project from facebook?

[gaearon]

Sure, in principle. Want to reply in #11180 (comment)? I don't know what concretely this would entail from your perspective and what you're hoping to achieve by this but happy to discuss.

[gaearon]

I want to address this part:

And after setting up a new project I get this:

101 vulnerabilties

There is no actual issue here. See #11174 for details. Basically, the way vulnerabilties are reported on npm is horribly broken because it doesn't take context into account. If you check each vulnerability report that gets flagged, you'll find that 99.9% or more are false positives because they don't apply in the context of the build tooling.

[gaearon]

I responded to the rest of your questions here.

#11180 (comment)

[thomastvedt]

There is no actual issue here. See #11174 for details. Basically, the way vulnerabilties are reported on npm is horribly broken because it doesn't take context into account. If you check each vulnerability report that gets flagged, you'll find that 99.9% or more are false positives because they don't apply in the context of the build tooling.

Well that is interesting, I didn't know that! I kind of suspected that npm audit was "off", but found it strange that a official tool would do this.. npm audit --production has fewer reported vulnerabilities, but still a few. I read trough 11174, and it makes sense that these warnings are not relevant for a build tool.

I think that especially for new developers getting started with React, these warnings could raise doubts about the tooling? Could it be an idea to add a note about npm audit and false positives here?:
https://reactjs.org/docs/create-a-new-react-app.html#create-react-app

I responded to the rest of your questions here. #11180 comment

Thanks!

I think the biggest thing that causes people to worry about maintenance is the "vulnerability" reports. This is where it becomes noticeable that releases are lagging behind. Unfortunately, as you probably know, 99.9% of these reports are false positives and the npm audit system is horribly broken.

I don't think the majority of developers knows that these reports are false positives?

We will be working with Node/npm to figure out a solution to this. It creates unnecessary FUD and penalizes slower-moving projects even if they're not actually vulnerable.

That sounds like a good idea 👍🏻

[hinell]

I think it's dead as of Jan 2023.

[thomastvedt]

reactjs/react.dev#5487 (comment)

Here is a recent comment listing some alternative paths for create react app, and which path they are currently suggesting.