echox icon indicating copy to clipboard operation
echox copied to clipboard
verified publisher icon labstack

rethinking website generator (constant security advisories from the JavaScript/Node ecosystem)

Open aldas opened this issue 2 months ago • 1 comments

I am creating this as TODO or discussion.

We previously used Hugo - which is written in Go - to generate the Echo website. In PR #290, we migrated to Docusaurus, a Node.js–based framework.

However, since the switch, the constant stream of security advisories from the JavaScript/Node ecosystem has become overwhelming. It feels like nonstop noise. And after reading about the Shai-Hulud npm worm, I’m increasingly cautious about updating dependencies without risking getting compromised.

@vishr do you have time/bandwidth to comment if we could go back to something more stable - like Hugo was?

aldas avatar Dec 04 '25 05:12 aldas

Sure. Let me research more and comment back.

vishr avatar Dec 04 '25 07:12 vishr

@aldas will begin working on it next year.

vishr avatar Dec 14 '25 21:12 vishr