I understand that Gatsby is not the offender here and even more nobody owns this issue, so why does it seem to me that I am the only one constantly concerned about this?
gatsby cd gatsby-starter-blog
gatsby-starter-blog git:(master) npm install
up to date, audited 2324 packages in 5s
41 vulnerabilities (10 moderate, 31 high)
Top comments (1)
It may depend on how you use it. I used to use it as a static site generator. The packages are needed in the system where you perform the build, they don't translate into runtime (where you just need an nginx instance)