DEV Community

Nikolaj Ivancic
Nikolaj Ivancic

Posted on

Is anyone worried about Gatsby vulnerabilities?

I understand that Gatsby is not the offender here and even more nobody owns this issue, so why does it seem to me that I am the only one constantly concerned about this?

gatsby cd gatsby-starter-blog 
gatsby-starter-blog git:(master) npm install

up to date, audited 2324 packages in 5s

41 vulnerabilities (10 moderate, 31 high)
Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Collapse
 
andreidascalu profile image
Andrei Dascalu

It may depend on how you use it. I used to use it as a static site generator. The packages are needed in the system where you perform the build, they don't translate into runtime (where you just need an nginx instance)