Next.js Is Starting to Show Its Age — in Subtle Ways:

Next.js has been here for a long time, and for years it genuinely felt like the obvious choice for React apps. But lately, it feels less like a modern default and more like a mature, heavily layered framework that comes with baggage people don't always think about — especially when paired with managed platforms like Vercel.

This isn't a hit piece. Next.js still works. It's just not as simple or risk-free as it used to be.

A big part of this comes from how much functionality Next.js now tries to cover. Between routing systems, server components, edge logic, and caching layers, there's a lot going on under the hood. That power is useful, but it also means more room for confusion.

Some common problem areas I've seen (and hit myself):

  • Routes or APIs being exposed without realizing it
  • Caching behaving differently than expected, especially with auth
  • Blurry lines between server-only and client-side code
  • Defaults that are safe for demos, but risky in real apps

Deploying on Vercel adds another layer. Vercel makes shipping fast, but it also abstracts a lot away. That's fine until you need to understand exactly what's public, what's cached, and what runs where. When something goes wrong, the "it just works" model can work against you.

The bigger issue isn't Next.js or Vercel, it's how casually they're often treated. They're no longer lightweight tools. They're real infrastructure, and they need the same level of attention you'd give to any production backend.

That's great for speed, but it also means:

  • Developers may not fully understand what's publicly exposed
  • Defaults matter a lot
  • A small config mistake can have wide impact
  • Debugging security issues can be less transparent than on self-hosted setups

To be clear: Vercel is not insecure by default. But managed platforms always come with a shared responsibility model, and many teams underestimate their side of that responsibility.

The Real Issue: Blind Trust in Defaults

The biggest problem isn't Next.js or Vercel. It's the assumption that popular defaults are automatically safe and optimal.

At scale, and under real production pressure, frameworks need:

  • Explicit security reviews
  • Clear mental models
  • Intentional configuration

Without that, even well-maintained tools can create fragile systems.

Final Thought

Next.js hasn't become bad, it's become serious infrastructure. And serious infrastructure requires more care than most tutorials or starter templates suggest.

If you treat it like a black box that "just works," you'll eventually get burned. If you treat it like a powerful but complex tool, it can still serve you well.