A dedicated command-line tool,\u00a0fix-react2shell-next, to help developers immediately detect and patch the critical \u201cReact2Shell<\/a>\u201d vulnerability (CVE-2025-66478<\/a>).<\/p>\n This new scanner offers a one-line solution to identify vulnerable versions of Next.js and React Server Components (RSC<\/a>). Automatically apply the required security updates included in the latest Next.js release.<\/p>\n The tool simplifies the remediation process by recursively scanning all\u00a0package.json\u00a0files within a project.<\/p>\n This design ensures it works effectively across both standard repositories and complex monorepos managed by npm<\/a>, yarn, pnpm, or bun.<\/p>\n Unlike manual checks, which can be prone to human error, the scanner systematically verifies the installed versions of\u00a0next,\u00a0react-server-dom-webpack,\u00a0react-server-dom-parcel, and\u00a0react-server-dom-turbopack.<\/p>\n Once vulnerable packages are identified, the utility patches them to the correct, secure version, as determined by the official GitHub advisory<\/a>.<\/p>\n It then refreshes the lockfile using the detected package manager to ensure the fix is properly locked in.<\/p>\n For example, it will automatically upgrade a vulnerable Next.js 15.1.0 installation directly to the fixed 15.1.9 release.<\/p>\n The vulnerability affects multiple release lines of Next.js and React RSC packages, as reported by GitHub.<\/p>\n Developers running any version within the \u201cAffected\u201d ranges below should upgrade immediately.<\/p>\nAutomated Detection and Patching<\/strong><\/h2>\n
![\"next.js](\"https:\/\/i0.wp.com\/raw.githubusercontent.com\/vercel-labs\/fix-react2shell-next\/main\/cli.gif?ssl=1\")