Get AI summaries of any video or article — Sign up free
HTMX Sucks thumbnail

HTMX Sucks

The PrimeTime·
5 min read

Based on The PrimeTime's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Critics say HTMX’s implementation is shipped as a single, JavaScript-heavy file with older patterns and global namespace side effects, which they view as poor separation of concerns.

Briefing

HTMX is being attacked less for its core idea—using HTML to trigger browser behavior—and more for how it’s packaged: a single-file, JavaScript-heavy approach with minimal modern tooling, limited ecosystem support, and design choices that critics say blur separation of concerns and invite security mistakes. The central claim is that HTMX’s “hypermedia” pitch is mostly rebranding, while the practical tradeoffs (code organization, build workflow, component availability, and scaling) make it a poor default choice for serious web development.

A major line of criticism targets the library’s implementation style. HTMX is described as “one big ball of JavaScript,” relying heavily on older JavaScript patterns (like `var`), polluting the global `window` namespace, and avoiding modular structure. Critics also point to the lack of a conventional build step—arguing that modern tooling (with examples like Vite) improves consistency, maintainability, and developer experience. Even where HTMX appears to “do without” TypeScript, the complaint is that the project resists TypeScript despite its benefits for large codebases, debugging, and source maps; the response is framed as belated patchwork (adding JSDoc annotations later) rather than an upfront commitment to modern development practices.

Beyond code style, the critique expands into ecosystem and product fit. HTMX is portrayed as lacking the component ecosystem that React developers can draw on immediately—UI libraries and ready-made component systems—forcing teams to assemble UI building blocks themselves and integrate them via events. That gap matters because building common UI (like carousels) becomes more work than it would be in a component-first framework.

Security is another recurring objection. Critics argue that HTMX’s design encourages behavior embedded in markup, which can increase exposure to cross-site scripting (XSS) if developers mishandle sanitization. The counterpoint—“if the backend doesn’t sanitize, you’re already doomed”—doesn’t fully land with the critics, who treat XSS as a common, preventable class of mistakes that frameworks shouldn’t make easier.

Career and adoption incentives also enter the debate. With far more job postings for React than HTMX, critics say HTMX knowledge carries less labor-market upside. They also argue that HTMX’s model may not scale cleanly as applications grow, because component-based approaches keep logic compartmentalized and testable.

Finally, the attack broadens into personality and community signals: the library’s creator is portrayed as unprofessional or overly provocative online, and HTMX’s meme-friendly branding is treated as a mismatch for a serious engineering tool. Still, the transcript ends with a more nuanced concession: HTMX may be a good fit for internal tools and situations where the “HTMX usage” is limited to loading the library and letting it attach behavior to the DOM, rather than building full application architectures around it.

Cornell Notes

The transcript argues that HTMX’s biggest weaknesses aren’t just technical—they’re practical tradeoffs in code organization, tooling, ecosystem support, and risk profile. Critics say the project’s implementation leans on older JavaScript patterns, avoids modular structure, and uses ad hoc build scripts rather than standard tooling. They also claim HTMX lacks a mature component ecosystem compared with React, making larger UI work more manual. Security concerns center on how HTMX can encourage behavior in markup, potentially increasing XSS exposure when sanitization is imperfect. Despite the harsh tone, the transcript suggests HTMX can still succeed for internal tools and limited, targeted use cases.

Why do critics focus so much on HTMX’s code style and build workflow?

They treat maintainability and developer experience as core product features. The transcript highlights complaints that HTMX is shipped as a single JavaScript file, uses `var` heavily, and pollutes the `window` namespace. It also criticizes the lack of a conventional build step, arguing that standard tooling (example mentioned: Vite) supports consistency and better workflows. Even when HTMX avoids TypeScript, critics say the project later adds JSDoc/source-map-friendly practices rather than adopting modern modular TypeScript from the start.

What is the argument about TypeScript—does not using it make HTMX worse?

The transcript includes a debate. One side treats the absence of TypeScript as a red flag because TypeScript improves debuggability (via source maps), maintainability, and correctness. Another side pushes back that consumers don’t necessarily care whether the library itself is written in TypeScript as long as it provides usable type definitions. The transcript’s overall thrust remains skeptical, implying that resisting TypeScript signals broader resistance to modern development practices.

How do critics compare HTMX to React in terms of UI components and developer effort?

React is framed as having an ecosystem of ready-made component libraries (examples named: MUI, Next UI, Chakra UI, ShadCN). HTMX, by contrast, is described as having no comparable component ecosystem, forcing developers to assemble UI and integrate it using events. The transcript argues that this makes common UI work (like carousels) more time-consuming than in a component-first framework.

What security concern is raised, and how is it justified?

The transcript warns about cross-site scripting (XSS). The core claim is that HTMX’s design encourages behavior embedded in markup, which can violate separation of concerns (HTML vs CSS vs JavaScript). Critics argue that if developers fail to sanitize input properly, attackers can inject behavior. A common rebuttal—“backend sanitization is required anyway”—is acknowledged but treated as insufficient, since XSS is still a frequent, preventable failure mode.

Why does the transcript bring up job market data?

It uses employment volume as a practical adoption argument. The transcript claims HTMX job postings are extremely rare (examples given: Microsoft and Oakridge National Laboratory), while React has orders of magnitude more listings. The implication is that choosing HTMX may reduce hiring flexibility and career upside compared with skills aligned to mainstream frameworks.

Where does the transcript soften its stance on HTMX?

It ends with conditional support. One view is that HTMX may disappoint if treated as a full application architecture, but could be “really happy” for internal tools where complexity is lower and HTMX usage is limited. Another concession is that some security concerns are more about developer skill than the framework alone, and that HTMX can be effective when used in targeted ways.

Review Questions

  1. Which specific implementation choices (file structure, JavaScript patterns, namespace usage, build approach) does the transcript cite as evidence of HTMX’s maintainability problems?
  2. How does the transcript connect HTMX’s markup-driven behavior model to the XSS risk argument?
  3. What practical adoption factors—ecosystem components, scaling concerns, and job market availability—are used to argue against HTMX as a default choice?

Key Points

  1. 1

    Critics say HTMX’s implementation is shipped as a single, JavaScript-heavy file with older patterns and global namespace side effects, which they view as poor separation of concerns.

  2. 2

    The lack of a standard build pipeline is framed as a developer-experience and maintainability drawback, even if ad hoc scripts exist.

  3. 3

    Skepticism about TypeScript centers on the belief that modern tooling (including source maps) should be adopted upfront rather than patched in later via JSDoc.

  4. 4

    HTMX is portrayed as lacking a mature component ecosystem, increasing the effort required to build and integrate UI compared with React’s library landscape.

  5. 5

    Security objections focus on XSS exposure when behavior is embedded in markup and sanitization is imperfect, even though backend validation is still essential.

  6. 6

    Career and hiring incentives are used as a practical argument: React skills have far more job postings than HTMX skills.

  7. 7

    The transcript’s more balanced takeaway is that HTMX may work well for internal tools and limited, targeted use rather than as a full-scale application architecture.

Highlights

HTMX is criticized as “hypermedia” rebranding for HTML, with the practical tradeoffs (tooling, modularity, ecosystem) treated as the real problem.
A central technical complaint is that HTMX encourages behavior in markup, which critics link to XSS risk when sanitization isn’t airtight.
The transcript argues that HTMX’s lack of off-the-shelf components makes UI assembly more manual than in React’s ecosystem.
Despite the harsh verdict, HTMX is suggested as a strong fit for internal tools where its usage stays narrow and pragmatic.

Topics

  • HTMX Criticism
  • Build Tooling
  • TypeScript Debate
  • XSS Security
  • React Ecosystem

Mentioned

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library