Another Release, Another Signal
Astro released [email protected] in June 2026. By itself, a point release of a scaffolding tool is not a headline. In context, it is another data point in a pattern that matters for framework evaluation: Astro has shipped 50 releases in the past year across 2,909 commits from 335 contributors. Framework velocity — measured by release frequency, commit volume, and contributor count — correlates with three outcomes procurement teams care about: security patch speed, feature delivery, and long-term viability.
The Velocity Cohort
Next.js leads the comparison with 5,706 commits in the past year — nearly double Astro's output — driven by Vercel's full-time engineering investment and 427 contributors. Next.js also ships 50 releases per year, matching Astro's release cadence despite a larger codebase. The difference is in backing: Next.js has Vercel's corporate resources. Astro achieves comparable release velocity with a smaller team and community-driven development. Nuxt.js occupies the middle ground at 1,312 commits and 40 releases from 420 contributors. SvelteKit, with 906 commits and 452 contributors, ships at a steady but lower volume.
The Stagnation Signal
Gatsby recorded 179 commits in the past year. Four releases. An activity score of 40. Despite carrying 55,942 GitHub stars — a legacy of its 2019-2021 peak — Gatsby's development pace has declined to maintenance levels. The gap between star count and commit velocity illustrates a procurement trap: GitHub stars measure historical enthusiasm, not current engineering investment. For organizations that adopted Gatsby during its peak, the velocity decline compounds. Security patches arrive slowly. Ecosystem integrations fall behind. The talent pool shrinks.
Adoption Follows Velocity
WebPulse's WARC scan of over 10 million sites detected Astro on 20,080 of them — modest compared to Next.js's 263,488 detections, but meaningful for a framework four years younger with no equivalent corporate sponsor. Astro's WARC footprint has grown in every scan cycle, tracking its release velocity. Release velocity also determines how quickly a framework responds to security disclosures. Astro carries 60 total CVEs, but with 50 releases per year, security patches can ship within days of disclosure. For security teams, framework velocity is not a vanity metric — it is an operational characteristic that determines mean time to patch.


