[egberts1]

As a long-time Pelican (CSS, no Javascript, serverless) static site generator, I am intrigued to know if this Javascript-free approach can be continued with this Astro and maybe Sevlte.

It has to be JS-free because I am a vulnerability researcher on JS/WASM-based “file-less” malware.

[VMtest]

I would appreciate if you can share your knowledge on these vulnerabilities

[egberts1]

Only advices (at this critical juncture) are to keep your website’s CSP very tight, your APIs authenticated. and protected by MFA especially to supplant PII with website-specific index/sequence numbers. Also to mandate HTML5 nonce element usages on all things referenced.