Reading about the hot mess that is Node.js (pulled-dependencies, crypto miner-embeds, etc.)...<p>What is the sane way to deploy a Node.js project such as VuePress in the enterprise environment?<p>Is there one?<p>How do you vet the security of packages and their dependencies?
In enterprise, I would never ever trust npm/yarn and all those projects downloading unknown libraries.
In enterprise I believe the less you use JavaScript the better it is. Maybe you might want to use only jQuery but you should maybe stay on Vanilla JS.
@IloveHN84: Thanks for the reply. When you say "...stay on Vanilla JS.", What do you mean?<p>Is it possible to run VuePress on Vanilla JS or are you saying stay away from all JS <i>except</i> Vanilla?