OpenSkillIndex← back to search
claude-code

Awesome-omni-skill nextjs-senior-dev

Senior Next.js 15+/16 Engineer skill for App Router. Use when scaffolding production apps, enforcing RSC patterns, auditing codebases, or optimizing performance.

install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/development/nextjs-senior-dev-majiayu000" ~/.claude/skills/diegosouzapw-awesome-omni-skill-nextjs-senior-dev-c264ae && rm -rf "$T"
manifest: skills/development/nextjs-senior-dev-majiayu000/SKILL.md
source content

Next.js Senior Developer

Transform into Senior Next.js 15+/16 Engineer for production-ready App Router applications.

When to Use

  • Scaffolding new Next.js App Router projects
  • RSC vs Client Component decisions
  • Server Actions and data fetching patterns
  • Performance optimization (CWV, bundle, caching)
  • Middleware and authentication setup
  • Next.js 15/16 migration or audit

Version Notes

VersionKey Changes
Next.js 16
middleware.ts
proxy.ts
, Node.js runtime only, Cache Components
Next.js 15fetch uncached by default, React 19, Turbopack stable

Triggers

CommandPurpose
/next-init
Scaffold new App Router project
/next-route
Generate route folder (page, layout, loading, error)
/next-audit
Audit codebase for patterns, security, performance
/next-opt
Optimize bundle, images, fonts, caching

Reference Files (20 Total)

Load based on task context:

Core References

CategoryReferenceWhen
Routing
references/app_router.md
Route groups, parallel, intercepting
Components
references/components.md
RSC vs Client decision, patterns
Data
references/data_fetching.md
fetch, cache, revalidation, streaming
Security
references/security.md
Server Actions, auth, OWASP
Performance
references/performance.md
CWV, images, fonts, bundle, memory
Middleware
references/middleware.md
Auth, redirects, Edge vs Node

Architecture & Quality

CategoryReferenceWhen
Architecture
references/architecture.md
File structure, feature-sliced design
Shared Components
references/shared_components.md
DRY patterns, composition, reusability
Code Quality
references/code_quality.md
Error handling, testing, accessibility

Features & Integrations

CategoryReferenceWhen
SEO & Metadata
references/seo_metadata.md
generateMetadata, sitemap, OpenGraph
Database
references/database.md
Prisma, Drizzle, queries, migrations
Authentication
references/authentication.md
Auth.js, sessions, RBAC
Forms
references/forms.md
React Hook Form, Zod, file uploads
i18n
references/i18n.md
next-intl, routing, RTL support
Real-Time
references/realtime.md
SSE, WebSockets, polling, Pusher
API Design
references/api_design.md
REST, tRPC, webhooks, versioning

DevOps & Migration

CategoryReferenceWhen
Deployment
references/deployment.md
Vercel, Docker, CI/CD, env management
Monorepo
references/monorepo.md
Turborepo, shared packages, workspaces
Migration
references/migration.md
Pages→App Router, version upgrades
Debugging
references/debugging.md
DevTools, profiling, error tracking

Core Tenets

1. Server-First

Default to Server Components. Use Client only when required.

RSC when: data fetching, secrets, heavy deps, no interactivity
Client when: useState, useEffect, onClick, browser APIs

2. Component Archetypes

PatternRuntimeMust Have
page.tsx
Serverasync, data fetching
*.action.ts
Server"use server", Zod, 7-step security
*.interactive.tsx
Client"use client", event handlers
*.ui.tsx
EitherPure presentation, stateless

3. 7-Step Server Action Security

"use server"
// 1. Rate limit (IP/user)
// 2. Auth verification
// 3. Zod validation (sanitize errors!)
// 4. Authorization check (IDOR prevention)
// 5. Mutation
// 6. Granular revalidateTag() (NOT revalidatePath)
// 7. Audit log (async)

4. Data Fetching Strategy

Static → generateStaticParams + fetch
ISR → fetch(url, { next: { revalidate: 60 }})
Dynamic → fetch(url, { cache: 'no-store' })
Real-time → Client fetch (SWR)

Next.js 15 Change: fetch is UNCACHED by default (opposite of 14).

5. Caching

TypeScopeInvalidation
Request MemoizationRequestAutomatic
Data CacheServerrevalidateTag()
Full Route CacheServerRebuild
Router CacheClientrouter.refresh()

Prefer 

revalidateTag()
over 
revalidatePath()
to avoid cache storms.

6. Feature-Sliced Architecture

For large apps (50+ routes), use domain-driven structure:

src/
├── app/           # Routing only
├── components/    # Shared UI (ui/, shared/)
├── features/      # Business logic per domain
│   └── [feature]/
│       ├── components/
│       ├── actions/
│       ├── queries/
│       └── hooks/
├── lib/           # Global utilities
└── types/         # Global types

7. Component Sharing Rules

Used 3+ places?Contains business logic?Action
YesNoMove to 
components/ui/
or 
shared/
YesYesKeep in 
features/
NoAnyKeep local (
_components/
)

8. State Management Hierarchy

State TypeToolExample
URL StatesearchParamsFilters, pagination
Server StateServer ComponentsUser data, posts
Form StateuseFormStateForm submissions
UI StateuseStateModals, dropdowns
Shared ClientContext/ZustandTheme, cart

Rule: Prefer URL state for shareable/bookmarkable state.

9. DRY with createSafeAction

// lib/safe-action.ts - Reuse for all Server Actions
export const createPost = createSafeAction(schema, handler, {
  revalidateTags: ["posts"]
})

Eliminates duplicate auth/validation/error handling.

Anti-Patterns

Don'tDo
"use client" at tree rootPush boundary down to leaves
API routes for server dataDirect DB in Server Components
useEffect for fetchingServer Component async fetch
revalidatePath('/')Granular revalidateTag()
Trust middleware aloneValidate at data layer too
Prop drill 5+ levelsContext or composition
any
types		Proper types or 
unknown
Barrel exports in featuresDirect imports
localStorage for authhttpOnly cookies
Global caches (memory leak)LRU cache or React cache()

Middleware: Deny by Default

// middleware.ts - Public routes MUST be allowlisted
const publicRoutes = ['/login', '/register', '/api/health']
if (!publicRoutes.some(r => pathname.startsWith(r))) {
  // Require auth
}

CRITICAL: Upgrade to Next.js 15.2.3+ (CVE-2025-29927 fix).

Scripts

ScriptPurpose
scripts/scaffold_route.py
Generate route folder w/ all files

Templates

FilePurpose
templates/page.tsx
Standard async page
templates/layout.tsx
Layout w/ metadata
templates/action.ts
7-step secure Server Action
templates/loading.tsx
Loading UI skeleton
templates/error.tsx
Error boundary

Assets

FilePurpose
assets/next.config.ts
Production config w/ security headers
assets/middleware.ts
Deny-by-default auth (Next.js 15)
assets/proxy.ts
Deny-by-default auth (Next.js 16+)

Quick Reference: Senior Code Review

Before merging any PR, verify:

Performance

  • No unnecessary "use client"
  • Images use next/image with dimensions
  • Heavy components dynamic imported
  • Parallel fetching (Promise.all)

Security

  • Server Actions validate with Zod
  • Auth in actions (not just middleware)
  • IDOR prevention (user owns resource)
  • No secrets in client bundles

Architecture

  • Components in correct layer
  • No cross-feature imports
  • DRY patterns used (createSafeAction)
  • URL state for shareable state

Quality

  • No 
    any
    types
  • Error boundaries present
  • Loading states for async
  • Accessibility (semantic HTML, alt text)