@b0rk i very much get the feeling. i have some Old websites i’m scared to look at too closely because those (server-side) web framework versions probably have known vulnerabilities

regarding not using JS build systems, do lock files (specifying precise versions of everything) change the equation for you? as far as i understand npm didn’t always have them