I’m currently handing over a project to a client who wants to self-host the app. Since they’re also using a self-hosted backend, I’m working directly with the raw project files and adjusting plugin settings before building the app.
When I run npm install to install the project dependencies, I receive the following warning report:
To be fair, the high-severity vulnerability shown here is relatively recent (about a month old), so it’s definitely within a reasonable window to be addressed. I’ve already reported this via the official bug report form, but I wanted to bring it up here as well—especially since another security issue I reported roughly four months ago is still unresolved, and I had to find a workaround myself.
Security concerns like these shouldn’t be underestimated. As users of a no-code platform—especially one that many rely on for production use—we have to place a high level of trust in the stability and security of the platform and its dependencies.
Unresolved vulnerabilities can not only affect client projects but also risk damaging WeWeb’s reputation and undermining user confidence in the long term. I hope this can be prioritized accordingly.