[shogunpurple]

Hi,

Thanks for the comment. We have just undergone a full security audit as of 2 weeks ago - any infrastructure or code vulnerabilities are currently being worked on.

Many JavaScript projects contain huge dependency trees - it is unfortunately the nature of a 3rd party module-heavy ecosystem, and can be hard to tame the sheer size of the tree. We will update or pin dependencies as needed, to solve the security issues being reported by NPM.

I should also mention that since budibase is self-hostable, it can be run inside all of your existing infrastructure and network - providing additional layers of security that you can control.

Appreciate the feedback, and the information regarding transitive dependencies - interesting article.

Note: Seems like source [0] has a broken link.