Most if not all (unfixable) vulnerabilities reported by npm audit originate from Wintersmith. This dependency hasn't been updated in 6 years and seems unmaintained, so it'd be good to replace it with a maintained alternative. Nowadays there likely are better Node.js static site generators that require fewer dependencies, so we should explore which options exist and how easy it is to transform our Wintersmith setup (hopefully this should be fairly simple because we only have a handful of pages).
Most if not all (unfixable) vulnerabilities reported by
npm auditoriginate from Wintersmith. This dependency hasn't been updated in 6 years and seems unmaintained, so it'd be good to replace it with a maintained alternative. Nowadays there likely are better Node.js static site generators that require fewer dependencies, so we should explore which options exist and how easy it is to transform our Wintersmith setup (hopefully this should be fairly simple because we only have a handful of pages).It looks like Metalsmith (see https://www.npmjs.com/package/metalsmith and https://metalsmith.io) might be most similar to Wintersmith and seems maintained, but if other/better alternatives exists those can obviously also be considered.