DEV Community

loading...

Is anyone worried about Gatsby vulnerabilities?

Nikolaj Ivancic
・1 min read

I understand that Gatsby is not the offender here and even more nobody owns this issue, so why does it seem to me that I am the only one constantly concerned about this?

gatsby cd gatsby-starter-blog 
gatsby-starter-blog git:(master) npm install

up to date, audited 2324 packages in 5s

41 vulnerabilities (10 moderate, 31 high)
Enter fullscreen mode Exit fullscreen mode

Discussion (1)

Collapse
andreidascalu profile image
Andrei Dascalu

It may depend on how you use it. I used to use it as a static site generator. The packages are needed in the system where you perform the build, they don't translate into runtime (where you just need an nginx instance)