Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework

Fuzz testing or fuzzing is a commonly used technique for discovering bugs in software, and is useful in many different domains. However, the task of configuring a target to be fuzzed can be a laborious one, often involving refactoring large code bases to enable fuzz testing.

Today we are happy to announce Snapchange, a new open source project to make snapshot-based fuzzing much easier. Snapchange enables a target binary to be fuzzed with minimal modifications, providing useful introspection that aids in fuzzing. Snapchange is a Rust framework for building fuzzers that replay physical memory snapshots in order to increase efficiency and reduce complexity in fuzzing many types of targets. Snapchange utilizes the features of the Linux kernel’s built-in virtual machine manager known as kernel virtual machine or KVM. While Snapchange is agnostic to the target operating system, the included snapshot mechanism focuses on Linux-based targets for gathering the necessary debug information.

Snapchange started as an experiment by the AWS Find and Fix (F2) open source security research team to explore the potential of using KVM in enabling snapshot fuzzing. Snapshot fuzzing is a growing area of interest and experimentation among security researchers. Snapchange has now grown into a project that aims to provide a friendly experience for researchers and developers to experiment with snapshot fuzzing. Snapchange is one of a number of tools and techniques used by the F2 team in its research efforts aimed at creating a secure and trustworthy open source supply chain for AWS and its customers. We have found it sufficiently useful that we are sharing it with the broader research community.

Snapchange is available today under the Apache License 2.0 via GitHub. AWS F2 team is actively supporting Snapchange and has plans for new features, but we hope to engage the security research community to produce a more richly-featured and robust tool over the longer term. We welcome pull requests on GitHub and look forward to discussions that help enable future research via the project. In this blog post we’ll walk through a set of tutorials you’ll find in the repository to help provide a deeper understanding of Snapchange.

Note: Snapchange operates within a Linux operating system but requires direct access to underlying KVM primitives. Thus, it is compatible with EC2 bare metal instance types, which run without a hypervisor, but not with EC2 virtualized instances. While we provide an EC2 AMI to make it easier to get started by launching on a bare metal instance (more information on that provided below), users are free to run Snapchange in other environments that meet the basic hardware requirements.

What is snapshot fuzzing?

Fuzzing uncovers software issues by monitoring how the system behaves while processing data, especially data provided as an input to the system. Fuzzing attempts to answer the question: What happens when the data is structured in a way that is outside the scope of what the software expects to receive? If the software is bug-free, there should be no input, no matter how inappropriate or corrupt, that causes it to crash. All input data should be properly validated and either pass validation and be used, or be rejected with a well-defined error result. Any input data that causes the software to crash shows a flaw and a potential weakness in the software. For example, fuzzing an application that renders JPEGs could involve mutating a sample JPEG file and opening the mutated JPEG in the application. If the application crashes or otherwise behaves in unexpected ways, this mutated file might have uncovered an issue.

The chosen mutations, however, are not truly random. We typically guide a fuzzer using “coverage” techniques. Coverage measures what code path an input from the fuzzer has caused to be executed in the target, and is used to automatically guide a fuzzer to modify its subsequent inputs so that the execution path in the target is changed to include previously-untested portions of the target’s code. Information about the sections of code in the target that were previously executed are cached in an input corpus, and that information is used to guide new inputs to explore additional code paths. In this way, variations on the same inputs will be applied in the expectation of discovering more previously untested code sections in the target, until all parts of the target code which can be reached by a possible execution path have been tested.

A snapshot is a pairing of a physical memory dump of a running VM and its accompanying register state. Fuzzing with a snapshot enables granular execution in order to reach code blocks that are traditionally difficult to fuzz without the complexities of managing state within the target. The only information needed by Snapchange in order to continue the execution of the target in a virtual machine is the snapshot itself. Prior work exploring this technique include brownie, falkervisorchocolate_milk, Nyx, and what the fuzz. Most of these other tools require booting into a custom hypervisor on bare metal or with a modified KVM and kernel module. Snapchange can be used in environments where booting into a custom hypervisor isn’t straightforward. As noted, it can also be used on EC2 on bare metal instances that boot without any hypervisor at all.

How Snapchange Works

Snapchange fuzzes a target by injecting mutated data in the virtual machine and provides a breakpoint-based hooking mechanism, real-time coverage reports in a variety of formats (such as Lighthouse and LCOV), and single-step traces useful for debugging. With Snapchange, you can fuzz a given physical memory snapshot across multiple CPU cores in parallel, while monitoring for crashing states such as a segmentation fault or a call to an Address Sanitizer report.

While Snapchange doesn’t care how a snapshot is obtained, it includes one method which uses a patched QEMU instance via the included qemu_snapshot utility. This snapshot is then used as the initial state of a KVM virtual machine to fuzz a target.

The fuzzing loop starts by initializing the memory of a whole KVM virtual machine with the physical memory and register state of the snapshot. Snapchange then gives the user the ability to write a mutated input in the loaded guest’s memory. The virtual machine is then executed until a crash, timeout, or reset event occurs. At this point, the virtual machine will revert back to a clean state. The guest memory is restored to the original snapshot’s memory in preparation for the next input case. In order to avoid writing the entire snapshot memory on every reset, only pages that were modified during execution are restored. This significantly reduces the amount of memory which needs to be restored, speeding up the fuzzing cycle, and allowing more time to be spent fuzzing the target.

This ability to arbitrarily reset guest memory enables precise choices when harnessing a fuzz target. With snapshots, the harnessing effort involves discovering where in memory the relevant input resides. For example, instead of having to rewrite a networked application to take input packets from command line or stdin, we can use a debugger to break immediately after a recv call. Pausing execution at this point, we can document the buffer that was read into, for example address 0x6000_0000_0100 , and take a snapshot of the system with this memory address in mind. Once the snapshot is loaded via Snapchange, we can write a mutated input packet to address 0x6000_0000_0100 and continue executing the target as if it were a real packet. This precisely mimics what would happen if a corrupt or malicious packet was read off the network in a real-world scenario.

Experimenting with Snapchange

Snapchange, along with several example targets, can be found on GitHub. Because Snapchange relies on KVM for executing a snapshot, Snapchange must be used on a machine that has KVM access. Currently, Snapchange only supports x64 hosts and snapshots. As previously noted, Snapchange can be used in Amazon EC2 on a wide variety of .metal instances based on Intel processors, for example, a c6i.metal instance. There is also a public AMI containing Snapchange, with the examples pre-built and pre-snapshotted. The pre-built AMI is ami-008dec48252956ad5 in the US-East-2 region. For more information about using an AMI, check out the Get started with Amazon EC2 Linux instances tutorial. You can also install Snapchange in your own environment if you have access to supported hardware.

This blog will go over the first example in the Snapchange repository to demonstrate some of the features provided. For a more step-by-step walk-through, check out the full tutorial in the README for the 01_getpid example here.

Example target

We’ll start with the first example in Snapchange to demonstrate some of its features.

There are two goals for this target:

The input data buffer must solve for the string fuzzmetosolveme!

The return value from getpid() must be modified to be 0xdeadbeef

// harness/example1.c

void fuzzme(char* data) {
    int pid    = getpid();

    // Correct solution: data == “fuzzmetosolveme!”, pid == 0xdeadbeef
    if (data[0]  == ‘f’)
    if (data[1]  == ‘u’)
    if (data[2]  == ‘z’)
    if (data[3]  == ‘z’)
    if (data[4]  == ‘m’)
    if (data[5]  == ‘e’)
    if (data[6]  == ‘t’)
    if (data[7]  == ‘o’)
    if (data[8]  == ‘s’)
    if (data[9]  == ‘o’)
    if (data[10] == ‘l’)
    if (data[11] == ‘v’)
    if (data[12] == ‘e’)
    if (data[13] == ‘m’)
    if (data[14] == ‘e’)
    if (data[15] == ‘!’) {
        pid = getpid();
        if (pid == 0xdeadbeef) {
            // BUG
            *(int*)0xcafecafe = 0x41414141;


When taking the snapshot, we logged that the input buffer being fuzzed is located at 0x555555556004.

SNAPSHOT Data buffer: 0x555555556004

It is the fuzzer’s job to write an input test case to address 0x5555_5555_6004 to begin fuzzing. Let’s look at how Snapchange handles coverage with breakpoints.

Coverage Breakpoints

Snapchange gathers its coverage of a target using breakpoints. In the snapshot directory, an optional .covbps file containing virtual addresses in the guest can be created. Because the snapshot is static, we can use hard coded memory addresses as part of the fuzzing process. During initialization, a breakpoint is inserted into the guest memory at every address found in the coverage breakpoint file. If any coverage breakpoint is hit, it means the current input executed a new piece of the target for the first time. The input is saved into the input corpus for future use and the breakpoint is removed. This removal of coverage breakpoints when they are encountered, means that the fuzzer only pays for the cost of the coverage breakpoint once.

One approach using these coverage breakpoints is to trigger on new basic blocks from the control flow graph of a target. There are a few utility scripts included in Snapchange to gather these basic blocks using Binary Ninja, Ghidra, and radare2.

The example coverage breakpoint file of the basic blocks found in example1.bin is in snapshot/example1.bin.covbps

$ head ./snapshot/example1.bin.ghidra.covbps


Writing a fuzzer

To begin fuzzing with Snapchange, we can write the fuzzer specific for this target in Rust.

// src/

pub struct Example1Fuzzer;

impl Fuzzer for Example1Fuzzer {
type Input = Vec<u8>; // [0]
const START_ADDRESS: u64 = 0x5555_5555_5344;
const MAX_INPUT_LENGTH: usize = 16; // [1]
const MAX_MUTATIONS: u64 = 2; // [3]

fn set_input(&mut self, input: &Self::Input, fuzzvm: &mut FuzzVm<Self>) -> Result<()> {
// Write the mutated input
fuzzvm.write_bytes_dirty(VirtAddr(0x5555_5555_6004), CR3, input)?; // [2]



A few notes about this fuzzer:

The fuzzer uses input of type Vec<u8> ([0]). This tells Snapchange to provide the default mutation strategies for a vector of bytes.

Note: This is an abstract type, so the fuzzer can provide a custom mutator/generator if they choose.

The maximum length of a generated input will be 16 bytes ([1])
The fuzzer is passed a mutated Vec<u8> in set_input. This input is then written to the address of the buffer logged during the snapshot (0x5555_5555_6004) via the call to write_bytes_dirty ([2]).

Note: This address is from the printf(“SNAPSHOT Data buffer: %pn”, data); line in the harness

The fuzzer will apply, at most, two mutations per input case ([3])

Snapchange provides an entry point to the main command-line utility that takes an abstract Fuzzer, like the one we have written. This will be the entry point for our fuzzer as well.

// src/

fn main() {
snapchange_main::<fuzzer::Example1Fuzzer>().expect(“Error in Example 1”);

Building this we can verify that the project and snapshot directories are set up properly by attempting to translate the starting instruction pointer address from the snapshot. Snapchange provides a project translate command used for doing virtual to physical memory translations from the snapshot and attempting to disassemble the bytes found at the read physical address. We can disassemble from fuzzme function in the snapshot with the following:

$ cargo run -r — project translate fuzzme

With the confirmation that the project’s directory structure is set up properly, we can begin fuzzing!

Starting fuzzing!

Snapchange has a fuzz command which can execute across a configurable number of cores in parallel. To begin fuzzing, Snapchange will start a number of virtual machines with the physical memory found in the snapshot directory. Snapchange will then choose an input from the current corpus (or generate one if one doesn’t exist), mutate it with a variety of techniques, and then write it into the guest via the set_input() function we wrote. If any new coverage has been seen, the mutated input will be saved in the corpus for future use. If a crash is found, the crashing input will be saved for further analysis.

The example is looking for the password fuzzmetosolveme! by checking each byte in the input one at a time. This pattern creates a new location for coverage to find for each byte. If the mutation randomly finds the next byte in the password, that input is saved in the corpus to be used later to discover the next byte, until the entire password is uncovered.

We began fuzzing with 8 cores for this example.

$ cargo run -r — fuzz –cores 8

The fuzz terminal user interface (TUI) is brought up with several pieces of information used to monitor the fuzzing:

Execution time
Basic core statistics for number of executions per second overall and per core
Amount of coverage seen
Number of crashes seen
Average number of dirty pages needed to reset a guest
Number of cores currently alive
Basic coverage graph

The TUI also includes performance information about where time is being spent in the fuzzer as well as information about the reasons a virtual machine is exiting. This information is useful to have for understanding if the fuzzer is actually spending relevant time fuzzing or if the fuzzer is doing extraneous computation that is causing a performance degradation.

For example, this fuzz run is only spending 14%  of the total execution time in the guest virtual machine fuzzing the target. For some targets, this could present an opportunity to improve the performance of the fuzzer. Ideally, we want the fuzzer to be working in the guest virtual machine as much as possible. This test case is so small, though, that this number is to be expected, but it is still useful to keep in mind for more complex targets.

Lastly, there is a running list of recently-hit coverage to present a quick glance at what the fuzzer has recently uncovered in the target.

When fuzzing, the current coverage state seen by the fuzzer is written to disk, in real time, in a variety of formats: raw addresses, module+offset for usage in tools like Lighthouse, and (if debug information is available) LCOV format used for graphically annotating source code with this coverage information. This allows the developer or researcher to review the coverage to understand what the fuzzer is actually accomplishing to help them iterate on the fuzzer for potentially better results.

LCOV coverage displayed mid-fuzz session

Coverage displayed using Lighthouse in Binary Ninja











After some time, the fuzzer finds the correct input string to solve the first part of the target. We can look at the current corpus of the fuzzer in ./snapshot/current_corpus.

$ xxd snapshot/current_corpus/c2b9b72428f4059c
│00000000│ 66 75 7a 7a 6d 65 74 6f ┊ 73 6f 6c 76 65 6d 65 21 │fuzzmeto┊solveme!│

Snapchange hooks

With the password discovered, the second half of the target revolves around getting getpid() to return an arbitrary value. This value isn’t expected to be returned from getpid(), but we can use Snapchange’s introspection features to force this result to happen. Snapchange includes breakpoint callbacks as a technique to introspect and modify the guest, such as by patching functions. Here is one example of forcing getpid() to always return the value 0xdeadbeef for our fuzzer.

fn breakpoints(&self) -> Option<&[Breakpoint<Self>]> {
Breakpoint {
lookup: BreakpointLookup::SymbolOffset(“!__GI___getpid”, 0x0),
bp_type: BreakpointType::Repeated,
bp_hook: |fuzzvm: &mut FuzzVm<Self>, _input, _fuzzer| {
// Set the return value to 0xdeadbeef
fuzzvm.set_rax(0xdead_beef); // [0]

// Fake an immediate return from the function by setting RIP to the
// value popped from the stack (this assumes the function was entered
// via a `call`)
fuzzvm.fake_immediate_return()?; // [1]

// Continue execution
Ok(Execution::Continue) // [2]

The fuzzer sets a breakpoint on the address for the symbol!__GI___getpid. When the breakpoint is triggered, the bp_hook function is called with the guest virtual machine (fuzzvm) as an argument. The return value for the function is stored in register rax, so we can set the value of rax to 0xdeadbeef via fuzzvm.set_rax(0xdeadbeef) [0]. We want the function to immediately return and not continue executing getpid(), so we fake the returning of the function by calling fuzzvm.fake_immediate_return() [1] to set the instruction pointer to the value on the top of the stack and Continue execution of the guest at this point [2] (rather than forcing the guest to reset).

We aren’t restricted to user space breakpoints. We could also force getpid() to return 0xdeadbeef by patching the call in the kernel in __task_pid_nr_ns. At offset 0x83 in __task_pid_nr_ns, we patch the moment the PID is read from memory and returned to the user from the kernel.

// Single step trace from `cargo run -r — trace ./snapshot/current_corpus/c2b9b72428f4059c`
INSTRUCTION 1162 0xffffffff810d0ed3 0x6aa48000 | __task_pid_nr_ns+0xb3
mov eax, dword ptr [rbp+0x50]
[RBP:0xffff88806c91c000+0x50=0xffff88806c91c050 size:UInt32->0xe6]]
[8b, 45, 50]
Breakpoint {
lookup: BreakpointLookup::SymbolOffset(“__task_pid_nr_ns”, 0xb3),
bp_type: BreakpointType::Repeated,
bp_hook: |fuzzvm: &mut FuzzVm<Self>, _input, _fuzzer| {
// The instruction retrieving the PID is
// mov eax, dword ptr [rbp+0x50]
// Write the 0xdeadbeef value into the memory at `rbp + 0x50`

// Get the current `rax` value
let rbp = fuzzvm.rbp();
let val: u32 = 0xdeadbeef;

// Write the wanted 0xdeadbeef in the memory location read in the
// kernel
fuzzvm.write_bytes_dirty(VirtAddr(rbp + 0x50), CR3, &val.to_le_bytes())?;

// Continue execution

With getpid patched, we can continue fuzzing the target and check the Crashes tab in the TUI.

This looks like we’ve detected a segmentation fault (SIGSEGV) for address 0xcafecafe from the bug found in the target:

// BUG
*(int*)0xcafecafe = 0x41414141;

Single Step Traces

With a crash in hand, Snapchange can give us a single step trace using the crash as an input.

$ cargo run -r — trace ./snapshot/crashes/SIGSEGV_addr_0xcafecafe_code_AddressNotMappedToObject/c2b9b72428f4059c

This will give the state of the system at the time of the reset as well as the single step trace of the execution path. Notice that the guest reset on the force_sig_fault kernel function. This function is hooked by Snapchange to monitor for crashing states.

The single step trace is written to disk containing all instructions executed as well as the register state during each instruction. The trace includes:

Decoded instruction
State of the involved registers and memory for the given instruction
Assembly bytes for the instruction (useful for patching)
Source code where this assembly originated (if debug information is available)

What’s next for Snapchange?

The team is excited to hear from you and the community at large. We have ideas for more features and other analysis that can aid in fuzzing efforts and are interested in hearing what features the community is looking for in their fuzzing workflows. We’d also love feedback from you about your experience writing fuzzers using Snapchange on Snapchange’s GitHub. If this blog has sparked your curiosity, check out the other real-world examples included in the Snapchange repository.

Flatlogic Admin Templates banner

Is React a Framework? Software Engineer Answering

By definition – React is one of the most popular JavaScript UI libraries nowadays. It comes in second place after jQuery among all web frameworks! React’s popularity has grown rapidly thanks to a simple and declarative API that allows you to build high-performance applications, and that momentum keeps growing. Still, there is often discussion and questioning that React is a framework or library.

Firstly, let’s look what the differents between framework and library? 

The framework belongs to the main() function. It executes some functions, e.g. controlling a collection of windows on the screen. The framework can, in principle, work even if you have not set it up in any way. It does something, e.g. it places an empty window with default widgets. The framework defines the general nature of the program, and your code provides a specific setting. These settings can be very significant, as both a word processor and a spreadsheet can be created using the same framework.

The library is the set of tools used by your code. Your code belongs to the main() and provides the overall structure of the program. A library performs some specific task, such as sending traffic over a network, drawing charts, or something else. The library can do big things, like draw a view of a three-dimensional space full of objects, but only after you tell it about those objects.

The framework can call your code, which in turn calls the library. But your code never calls the framework, except perhaps for system() or exec() functions.

But, is React a Framework? 

We asked our Software Engineers Team for their opinion and they were split into two parts: some maintain the view that React is a library, and others assign it as a Framework. Here are the most outstanding opinions:

From my point of view, React is not a framework, it’s just a library with no specific requirements for project structure. It’s about describing the abstractions of your application, logic, routing, data exchange, and so on. And React simplifies the work with this data, and optimizes the work with it

Anton M. – Software Engineer at

From my point of view, React is not a framework, it’s just a library with no specific requirements for project structure. It’s about describing the abstractions of your application, logic, routing, data exchange, and so on. And React simplifies the work with this data, and optimizes the work with it

I know that react calls itself a “library”, and a lot of developers prefer to react to the home page with the title “library”. However, I think that React is more like a framework now, with different targets like web, react native, etc. And the foundation of React is JSX, which is crucial for proper developer experience, and requires a build step, so you can’t just slap a bunch of JSX files into a browser and call it a day. Nowadays when you say “I built this app with React” you don’t mean that you used it on one page or as a modern jquery alternative. You mean that you built everything around react, with its ecosystem, its best practices, etc. And with all those points in mind, I’d rather call react the framework, than a library

Viktor S. – Staff Engineer at

We also conducted the research among others software engineers and would like to share with you the most impressive arguments on this point. 

So, is React a Framework or a Library?

React is a Library

React is a JavaScript library for building user interfaces. It is maintained by Facebook and a community of individual developers and companies. React can be used as a base in the development of single-page or mobile applications.

Now Why Library, not a Framework?

different definitions for library and framework:

a framework is a software where you plug your code into
a library is a software that you plug into your code

In terms of this definition, React is a framework. But some people, especially in the frontend world, say a framework has to bring stuff like routers and/or widgets, etc. 

So Angular, and ExtJS are frameworks, but React isn’t, because it only gives you the means to build components and render them into the DOM.

Let’s make it simple, in React we have to include packages for everything it’s not necessary but yes we can add them, thus React is a Library but if we are not given an option to do so with our code then that’s a framework like Angular and Vue.

React is a library because it’s only supposed to deal with the view part of the eco-system, and you can integrate it easily in any project you’re working on currently, it’s something like jQuery, it only helps you with organizing your views into reusable components, of course, the performance is one of the best things about React, especially with the new Fiber algorithm, things will be faster seeing the scheduler mechanism, unlike Angular, it’s a framework that gives you everything you need, most of the things are already built-in, for React you need to create your own/or grab some modules from npm to add extra functionality as need per your project.

It depends on how you use it. If you’re writing a small program and you structure your program around working with React, you are probably thinking of React as a framework.

If you have a big program and you use React as a small part of it just for handling output, then you’re probably thinking of React as a library.

If your program is 90% user interface, and not only your program structure but your data structures are shaped to fit the React system, then you may even think of React as a language. Hey, if TypeScript can be a language, why not React?

React is a library, cause it has mostly evolved into a vast ecosystem that is barely distinguishable from a framework. A framework protects the edges, whereas a library provides a tool for doing certain tasks. React handles exactly one task: abstracted Web Components. It offers an internal state, lifecycles, and external properties, as well as a renderer for a browser or comparable environment through ReactDOM – and nothing more.

This has a few advantages: it is smaller than a full-featured framework, has fewer opinions on how to address problems, and so provides more options.

I’d say React is a library posing as a framework. It feels like working in a framework (esp. with JSX, though using that is optional), but under the hood, it is just a library. This definition is quite good:

a framework is software that you plug your code into (e.g. you work “inside” it).
a library is software that you plug into your code (e.g. you “hand-off” certain tasks to it, or build “on top” of it).

React feels like the first, but is the second. The attached video compares React and Angular and hints at the distinction. Since React treats your code as a black box, you can push the data-binding concerns out to the edges of your system, to be “handed off” to React (i.e. how you would use a library). Angular, on the other hand, forces you to work “inside” their “scopes” using their “directives” to handle data-binding. In Angular, you are passing your data through scopes that observe your data model. You are always at the mercy of whichever directives they are building into their framework scaffolding. You are also working “inside” HTML (JS-in-HTML), with all the constraints that impose (giving more of a framework feeling). But with React, you have less of that feeling, since you have freedom (full power of JS), and can build “on top” of React (HTML/JSX-in-JS). This is good since JS is inherently more powerful than HTML.

React is a Framework

React is a framework. Honestly caring about the difference between a library and a framework is a bit pedantic, so I’d say you can call it either. Having said that, my definitions of the two words are that a library is a collection of functions, and a framework is a way of doing things.

By this definition, React is a framework because it forces you to build UI in the React way instead of the Angular, etc. On the other hand, the dash is a perfect example of a library because it’s just a collection of functions, use them however you want.

JavaScript is known for its abundance of new plugins, frameworks, and other things created by its massive community of developers and designers.

You must be wondering what this fact has to do with the React JS framework and other frameworks. The truth is that many of the leading IT firms have already embraced JavaScript and leveraged its benefits.

That should answer the question and not cause any other debates, right? Well, not exactly; the debate over Is React a framework or library? is as strong as ever.

Over the years, developers, software engineers, and developer communities came up with pros and cons related to the status of React as a library or React as a framework. Let’s analyze them together.

React as a library

React can be easily swapped by some other javascript library offering similar functionalities.
React can be easily plugged into an existing technology stack – and that’s the definition of a library.

React as a framework

Related libraries must work in an opinionated way.
Because of its state and lifecycle on the components, you inverted the control to React.

Are you asking why React was designed as a library and not a framework [1] or why it is classified as a library and not a framework [2]?

[1] Why it was built that way. A library is something you can add to an existing project to enhance it. It does not impose any restrictions or conventions on your application design and you can supplement it with other libraries of your choice to flesh out your application. There is also a shorter learning curve (usually) on a library as you can add it incrementally to your project. A framework on the other hand implies structure and convention, you need to follow the conventions of the framework. In many cases a framework limits you to working within these conventions – you cannot (or it is difficult) to mix a framework with other code.

There are use cases for each.

[2] Why it is not classified as a framework. Based on the definition of a framework it does not fit the bill – it is a library that is added to your code – it does not impose structure – beyond the use of the library itself and it can be mixed in with other code.

React does not solve any structural or architectural problems on the app level. It provides us with a set of methods for better (in my opinion) handling of the front-end. I remember when jQuery did that back in the day, and how that started the revolution… React is now doing the same, just better.

Because React is a library eventually we got Flux and Redux. Both of them are handling real-world problems that come alongside Scaling. Mare library does not think about that.

React is a framework because Redux is referencing it as one (Source). Ah, as I started to hope that something in life is going to be easy. With React and Redux there is a clear layer of separation between the view and data. That is why React is not a complete framework to solve the entire problem.


Soft engineers spend a lot of time talking about what React is. The answer is important for any React soft engineer, no matter their skill level. That is because it indicates what they should know and how they should work when developing any React application. Depending on who you are, a beginner or an advanced React soft engineer, I hope this thoughtful research will improve your development process as you build your next React project.

The post Is React a Framework? Software Engineer Answering appeared first on Flatlogic Blog.Flatlogic Admin Templates banner

Next.js vs React: Which One to Choose for Your App?

The burning question today is What’s better: React or Next.js? Let’s have a look closely at both, compare them and see the difference between library and framework. In the React world, Next.js is one of the most popular frameworks for “hitting the ground running.”

What is Next.js?

Next.js is an open-source JavaScript framework for developing fast, lightweight, and easy-to-use web applications and static websites (one-pages) using React. Next.js was created by Vercel in 2016. Next.js requires Node.js and can be initialized using npm. There are a lot of reasons why Next.js has such a strong reputation in the world of application development. They are known for being reliable as they offer image optimization, internationalization, zero-config, Next.js analytics, hybrid: SSR and SGG, fast refresh, API routes, TypeScript support, file-system routing, code-splitting and bundling, incremental static regeneration, and built-in CSS support, etc.

Next.js includes all the features needed to build an application. Moreover, the documentation is excellent and it is becoming very popular among developers for frontend development.Here are the most popular platforms and apps of Next.js:, TikTok, Hulu, Binance, and many others that involve a massive number of users engaging with complex data influxes.

What is React?

React is an efficient, declarative and flexible JavaScript library for building interactive UI, inspired by xHP, the HTML component library for PHP. React was created by Facebook in 2011 and then open-sourced in 2013.React is used to create dynamic, mobile apps, one-pages, visualization tools, and dashboards. Here are some of the most popular platforms and apps created with React: Facebook, Netflix, Atlassian, Airbnb, Dropbox, Reddit, etc.

Next.js vs React

Even in a sea of JavaScript frameworks and libraries, React and NextJS stand out. React is the most popular JavaScript library for frontend developers. NextJS, although smaller than React, has grown continuously over the years and is well on its way to becoming the most-used JavaScript framework. So, let’s compare React and Next.js. React – is a JavaScript library for building UI. Next.js – is the React framework. NextJS is used on top of React, extending its features and optimizing the development process: React doesn’t even have to work with NextJS, but NextJS uses React to deploy applications.

React has a special framework – Create React App, an application used to create React projects and includes tools such as Babel, Webpack, and ESlint. Next.js is a React-based framework that allows you to build applications with server-side rendering. React is still the core of the application, but the structure and navigation mechanisms (architecture) – are defined by Next.js. The difference between a framework and a library is that a framework has more features and focuses on several aspects of development, and gives you rules and guidelines for writing code and structuring files.

React & Create React App (CPA)

Server-Side Rendering (SSR)
Supports different types of SSR.
– Static generation: obtaining data at build time. Best suited for use cases such as blogs or static websites.
– Server-side rendering: sampling data and rendering for each request. May be needed when you need to serve different views to different users.
Doesn’t support SSR out of the box. 
However, you can still set it up. 
It just takes more effort to configure SSR with your preferred server and configuration.

Almost everything is configurable
If you check the example NextJs templates, you can see files like 
babelrc, jest.config, eslintrc etc. that you can configure.
Doesn’t leave you much space to configure it. 
Configurations, such as webpack config, cannot be changed unless you do not deviate from the usual CRA path (eject, rescripts, rewired, craco). 
You should use what is configured in 
react-scripts, which is the core of CRA.

Well maintained. Release regular updates.
Very sensitive. 
If you keep up with updates of CRA releases, it is not difficult to maintain.


Supports typescript out of the box. 
Configurations for TypeScript:
touch tsconfig.json

Supports. You can initialize the CRA app with typescript like this:
npx create-react-app my-app —template typescript

Hooks Support

Redux Support

Incredibly fast apps thanks to static sites and server-side rendering.
Decent, but the lack of code splitting results in poor performance.

Tiny, but friendly
Both huge and friendly

Support static exports, and pre-rendering, and has a lot of features, for example, automatic building size optimization, fast development compilation and preview mode.
Easily extensible, can include routing as well as management patterns with libraries.

Talent pool

Easy to learn

Development costs

Which one is better?

It’s hard to say that one is better than the other. Remember, React.js is a JS library – a set of tools you can use to build UI – and Next.js is a framework – the blueprints and rules you need to build an entire app – based on React so it’s not a pick this one instead of the other situation.

Use React when:

You need a highly dynamic routing
You’re already familiar with JSX
You need offline support

Use Next.js when:

You need an all-inclusive framework
You require backend API endpoints
You need server-side rendering

What do React vs Next.js projects look like


You can get started with React by installing Node.js on your machine and running npx create-react-app react-app. This will create a basic project structure with the src/App.js file as the entry point for the application. You’ll also have a public folder where you can store assets, and the initial scaffold looks like this:


With Next.js, you can get started by running npx create-next-app next-app. This will scaffold out a project that already has a pages folder for the pages or routes and a public directory that hosts your assets. The initial scaffold looks like this:

The files in the pages directory relate to routes in your application. The public directory stores your static files or images that you want to serve and can be directly accessed – no need to use require or other React traditional methods to import images into components.

Building Next.js and React projects with Flatlogic

The Flatlogic platform is a great way to bridge the gap between developing your applications. Applications usually use the same elements and components, when using the same technologies. The main thing that distinguishes them on a technical level is the database schema, which implements different data processing and storage mechanisms. The Flatlogic Platform allows you to create applications by combining parts and creating only those that need to be unique. Here you can see how to use the Flatlogic Platform to create Next.js, React applications, and other options for creating CRUD applications on the React. To generate your Next.js or React application, tap here and let’s go.

Step 1

Name your project and choose the tech stack: React as frontend and No-backend as backend.

Step 2

Choose the Starter Kit. Here you need to decide which starter kit is best for your project: Next.js or Create React App.

Next, you need to connect your GitHub repository and check the stack and starter kit and Finish the creation process.

Then you will be redirected to the project settings where you will need to deploy your application.


React and Next.js are new and useful tools for your project, but only for certain tasks. When you choose Next.js, it offers the best solutions for server-side rendering and static website development. It also makes it easy to manage projects with a variety of tools and features.

On the other hand, React is the best choice for developing UIs for one-page applications. Being mobile and web-enabled, it works with a layer of mobile and web applications to create more appealing and intuitive ones. In a nutshell, Next.js offers various tools and features to minimize the development process while React has better resources for the frontend development of your mobile and web applications.

Suggested Articles

What is Next.js? Top 7+ Next.js Templates
Angular vs React: Which One to Choose for Your Web App
Best Ways to Deploy React Apps

The post Next.js vs React: Which One to Choose for Your App? appeared first on Flatlogic Blog.Flatlogic Admin Templates banner

React Material Admin Full Update

As Material UI and React continue to grow and develop it has become clear that React Material Admin can’t live with the outdated versions of those libraries.

What products are affected by the update?

Currently, the updates were released on 2 products:

React Material Admin Full
React Material UI Admin Node.js

What has changed?

The main change is that now those templates are now using React 17 and Material UI 5, previously it was 16 and 4 versions accordingly.

And also we made several minor changes that make this admin dashboard template up-to-date.

Fullcalendar was updated to the 5.11 version
Added Datefns as datepicker library
Updated Apexcharts to version 3.35
Updated Formik library to the latest stable version
Mui-datatables library was updated to version 4
We have added Redux for management CRUD functions and authorization

As a result, the speed and usability of the React Material Admin template increased. Additionally, you don’t need to spend your time updating all those technologies by yourself, so you can focus on developing business features.

Moving forward and Summing Up

The ecosystem of our templates will be constantly updating. Next in line are Vue Material Admin and Angular Material Admin. Additionally, we are working on integrating some of the existing UI components from React Material Admin to the Flatlogic Platform generated react app.

For the rest of our React templates, check our marketplace. If you face any difficulties setting up this or that template or admin dashboard, please feel free to leave us a message on our forumTwitter or Facebook. We will respond to your inquiry as quickly as possible!

Happy developing!

The post React Material Admin Full Update appeared first on Flatlogic Blog.Flatlogic Admin Templates banner

React vs Vue: What to Choose in 2022?

React and Vue are the two most popular and widely used JavaScript frontend frameworks today. These frameworks allow developers to create a wide variety of web applications with JavaScript. Choosing between the two can be confusing if you are building a new application. Each has its own use case and serves different business needs. 

Most web developers prefer to use Vue.js and React frameworks. Using React or Vue.js provides a quality approach to web development that is consistent and performant. Both Vue and React have their own best scripts and meet different kinds of business needs.

In this article, we will learn about each and explore which is best suited for your business.

What is React?

React.js combines a high degree of concentration with simplicity when it comes to user experience. It was developed by Facebook as an open-source JavaScript library to help developers build user interfaces. React follows a declarative programming style and a component-based approach. It allows for the creation of complex web applications with the highest flexibility and speed. 

React.js is the most used web framework in 2021 with 40.14% of the software developers globally using React. 

React holds the top spot for the fourth year. Popular companies that are currently using React.js are AirBnB, Netflix, Instagram, and Udemy.


What is Vue.js?

Vue.js is a progressive JavaScript framework that developers use to build interfaces. Unlike the Angular framework, Vue is incrementally adaptable by design. It scales easily between a library and a fully-featured framework. Companies using Vue.js include GitLab, Behance, Upwork, and Grammarly.

Here are a few Vue.js statistics

Vue.js is used by 0.8% of all the websites amongst JavaScript libraries.
Vue.js is used by 1.2% of all the websites amongst the JavaScript library we know and that rank in the top 1,000,000.
In 2021, 42% of the developers admitted that they used Vue in their company. 55% of the developers are of the view that Vue will get more popular in their organization. 

What are the Similarities between React and Vue?

Before looking at the differences between the two, let us look at some similarities. Both React and Vue possess component-based architecture. Also, both the frameworks are lightweight and have an exposure to lifecycle methods. Their performance is fairly similar. Both technologies work with any existing web application, even if it’s not a Single Page Application.

Below are some similarities:

They have composable and reactive view components
They use virtual DOM
JavaScript Code and PWA support
They concentrate on a core library. They also involve handling of routing and global state management with companion libraries
Possibility of working with any existing web applications
Both React and Vue have large proactive communities and plenty of libraries and tools available.

Comparison between React and Vue

You can pick one after knowing how they differ. The most obvious distinction: React is a library, whereas Vue is a framework.

Let us compare them taking into account some essential parameters. 

Data Binding 

Vue uses two-way data binding. It means whenever you change any interface element, your model state automatically changes with it. It may look simple to read about it. However, for a large project, it is not. If you want a good data overview and want easy debugging, you may prefer React as it has one-way data binding. After the model state is updated, React then renders the change in the interface element.

Desktop and Mobile Development 

React Native is the perfect platform for you if you want to build mobile apps that work on Android or iOS. Developers can use their existing skills to get started. The biggest advantage of using React is that you can reuse 99% of code between Android and iOS.

On the other hand, Vue does not have a dedicated platform like React Native. However, it does not mean you cannot develop native applications. Vue developers can use a cross-platform UI framework or plugins and write Vue applications and compile them into native apps – iOS and Android.

Major Differentiator – Syntax

One of the major differences between them is the way the view layer is built. Vue uses HTML templates by default, and there is no option to write in JavaScript Expressions (JSX). On the other hand, React solely uses JSX. Vue is easier to use even for beginner frontend developers as it uses only HTML. React’s JavaScript Expressions combine CSS and HTML into JavaScript. The XML-like syntax allows developers to create self-contained UI components with view-rendering instructions included.


React provides third-party tools to help developers create React apps, and it allows them to speed up app development by adding scripts. Earlier, React developers had to copy the files from previous apps and configure everything from zero. It was not only time-consuming but a boring task that no developer liked doing. 

Vue, on the other hand, uses a tool called Vue CLI. It enables the user to create any project quickly. It comes with many benefits like easy improvements, adding plugins anytime during the project, etc.


It is not easy to pick a winner on popularity, but if you check online communities, React wins this battle. It is mainly because it is backed by Facebook. The Vue community is smaller compared to React with fewer packages and resources. However, it is maintained by the creator himself – Evan You and his team.

Template and Styling

The UI library is incomplete without templates and styles. Additionally, they’re the places where the difference between React and Vue is most apparent, since the code design is different. The approaches both Vue and React take are also quite different.

While Vue has a more declarative approach, React is more functional. Since the logic and markup are both considered as one, they are mixed. It is accomplished with JSX, which is an abstraction of React.createElement, which is used to create Virtual DOM entities. 

Templates and styles are treated separately with Vue – a more conservative approach. Here, the templates are viewed as old-fashioned HTML elements.


If you want to make the decision of choosing anyone between Vue and React based on performance, you will not be able to since both frameworks have remarkable speed. However, as mentioned at the start, you can check for specific use cases to decide which is a better option for you.

Learn more about Vue.js Best Use Cases 

Vue has to be integrated into an existing project incrementally. This means there is a per project requirement since it is a progressive framework. For example, you can use Vue.js as a lightweight library to add some interactivity to a web app. Ease of integration is one of Vue’s top assets. 

You can hire Vue js developer to easily implement Vue.js into a project – it is a lot faster. The learning curve is easy, and tools like Vue UI and CLI make it a great tool to use for quick MVP delivery and start-up ideas. It is a cost-effective solution for all small to medium applications. However, it does not mean it is not good for large web apps. It has a vast ecosystem of tools and companion libraries, allowing the framework to respond to the complex needs of enterprise-grade applications.

Learn more about React.js Best Use Cases 

React was initially created for large-scale web projects, and hence using it for a small and simple app would not justify its usage. Setting up a project using React.js is not easy, and you need some level of expertise to do it, but its architecture ultimately pays off in the long run.

JSX is powerful, and it gives developers a range of powers – flow controls and advanced IDE features such as auto-completion or listing are included in the component view templates. React does not have official packages for routing or state management like Vue. If you are developing complex apps, you have to use third-party solutions in many places. It gives a range of choices to developers. If you have experienced developers, they will know better which libraries are optimum and can be used to meet the business demands of a particular web application.

Choose a framework/library according to your needs

React is a library, and hence the users gain more control, such as the manual re-rendering control. The library heavily utilizes functional programming principles, which is evident in how it handles state and communicates between components. On the contrary, Vue is a framework that brings to the table many more built-in features and companion libraries which come from the core team. Hence, this helps in making the development experience smoother for the user.

Both Vue and React are great tools for building interactive user interfaces. You cannot pick one randomly, you will need to take into account many factors like your business needs, developers’ experience, budget, timeframe to deliver the project, and much more. Performance-wise both are at par, and you won’t be disappointed in this aspect whether you choose React or Vue.

Suggested Articles

Vue vs React: What is Easier? What is Trending? [Detailed Guide with +/-]
What is Vue?
12 Best React Admin Templates Under $100

The post React vs Vue: What to Choose in 2022? appeared first on Flatlogic Blog.Flatlogic Admin Templates banner

.NET Framework February 2022 Cumulative Update Preview

Today, we are releasing the February 2022 Cumulative Update Preview for .NET Framework.


The February Security and Quality Rollup Update does not contain any new security fixes. See January 2022 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements.

NET Libraries

Addresses an issue when Ssl negotiation can hang indefinitely when client certificates are used when TLS 1.3 is negotiated. Before the change renegotiation (PostHandshakeAuthentiction) would fail and SslStream or HttpWebRequest would observe a timeout.


Addresses a leak of IRawElementProviderSimple objects which was introduced in .NET Framework 4.8. This is an opt-in fix, add the following compatibility switch to the app.config file in order to dispose the accessible objects:
<!– AppContextSwitchOverrides values are in the form of ‘key1=true|false;key2=true|false –>
<AppContextSwitchOverrides value=”Switch.System.Windows.Forms.DisconnectUiaProvidersOnWmDestroy=true”/>
Note: When the accessibility server application opts into this fix, the accessibility client will receive errors when accessing the disconnected provider. This is expected because the corresponding control window is destroyed. Previous behavior where the provider was returning information for destroyed controls was incorrect.

Getting the Update

The Cumulative Update Preview is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version
Cumulative Update

Windows 11

.NET Framework 3.5, 4.8

Microsoft server operating systems version 21H2

.NET Framework 3.5, 4.8

Windows 10 21H2

.NET Framework 3.5, 4.8

Windows 10 21H1

.NET Framework 3.5, 4.8

Windows 10, version 20H2 and Windows Server, version 20H2

.NET Framework 3.5, 4.8

Windows 10 1809 (October 2018 Update) and Windows Server 2019


.NET Framework 3.5, 4.7.2

.NET Framework 3.5, 4.8

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

.NET Framework February 2022 Security and Quality Rollup
.NET Framework January 2022 Cumulative Update Preview
.NET Framework January 2022 Security and Quality Rollup Updates

The post .NET Framework February 2022 Cumulative Update Preview appeared first on .NET Blog.Flatlogic Admin Templates banner

What is Laravel?


Laravel is a PHP (Hypertext Preprocessor) backend development framework. With it, you can build an application in a short time with well-structured code. Laravel offers a high level of security for the user and allows you to easily add new features in the future. In addition, its numerous packages of functionalities can give your application the features required to provide high-quality services to your clients or to run your internal processes efficiently. A strong command line and easy-to-use features are just some of the many examples. There’s a variety of plugins with specific functions for Laravel. All of them help in simplifying and speeding up web application development.

PHP is an open-source general-purpose scripting language with weak dynamic typing. It handles multitasking, including HTML routing and templates, as well as authentication, which is often the hard part to build. Weak dynamic typing means that PHP automatically performs a lot of implicit conversions, even if there may be a loss of accuracy or the conversion is ambiguous. In version 8 of PHP, released in 2020, there is a JIT (Just-In-Time) Compilation, which sped up the work of PHP multiple times.

How does it work? 

MVC (Model-View-Controller) is an architectural template for Laravel. MVC divides your software into three parts: data (Model), an interface to view and modify data (View), and operations you can perform on the data (Controller).

Structuring your application in the MVC manner is useful because you can divide everything into logical areas. This lets you structure your code, make it more flexible, less fragile, and easier to debug. MVC uses the blade templating engine to break down the HTML and control the control block. Everything starts with routes set up by web.php, which handles HTTP requests based on the requested location.

Importance of Laravel

Laravel has features such as ORM, a command-line interface (CLI), automatic testing, a portable virtual programming environment, and modular packaging with support for dependency management, so you can build new features in your applications without starting from scratch in a snap. Laravel enables you to build custom packages for code you use frequently. Alternatively, you can use Composer to install out-of-the-box packages, or Artisan – a built-in tool that includes several utilities to speed up the development process. Plus, you’ll find everything in Laravel, from database migration to cloud storage, that you can’t get from any other PHP framework.

Why use Laravel?

Here’s a list of some top features of Laravel:

User-friendly code. Laravel has a variety of available tools, templates, and libraries. That makes development tremendously flexible and user-friendly. 

Security. Laravel had built-in security functionality in the framework, which allows it to eliminate all kinds of online threats because it has CSRF tokens. 

ORM maps tables of the database as classes for rapid data manipulation and access. 

Unit Testing. The PHP framework features unit testing, which allows PHP developers to write unit tests in their code.

No need to install new packages. The hired E-Commerce developer doesn’t need to install these packages. Laravel can install, after discovery, any package that fits the user’s exact needs. Web applications are aided by an automated process maintained by multiple programs. Information management is also simpler with the user’s Composer as a dependency manager. 

Migration of Database. The database migration feature simplifies swapping databases if necessary, saving a lot of time and making the process of building an application quick and easy.

Configuration with an integrated library. The Logging Library Monologue supports a lot of important log handlers.

Community. Laravel has its community portal, where developers share their knowledge and experience working with it.

How to create your application with Laravel backend on Flatlogic Platform

Flatlogic Platform offers you the opportunity to create a CRUD application with the Laravel backend literally in a few minutes. As a result, you will get DataBase models, Laravel CRUD admin panel, and API.

The post What is Laravel? appeared first on Flatlogic Blog.Flatlogic Admin Templates banner