SKYHOUSE.dev Journal

Maintaining the Cloud Fortress

Next.js Version Monitoring

Why: The music.skyhouse.dev Next.js app was the vector of the March 2026 cryptominer incident; this adds a nightly notifier so an out-of-date Next.js is caught early.

Following the security incident in March where an unpatched version of Next.js was exploited, Damien requested a proactive approach to monitor the version running in the music-discovery-client Docker container. While the app is currently patched, staying informed of upstream updates allows for timely, manual intervention if a critical update is published.

1. Monitoring Script

We created a monitoring script that runs without needing root. It inspects the actual package.json used by Next.js inside the running container and compares it against the latest published version on npm.

2. Scheduled Execution

The check runs nightly and logs its results locally. By not alerting on version parity or container downtime (silent exit 0), it avoids alert fatigue.

← Back to Admin Hub