As several recent open issues have indicated, npm and GitHub's dependabot are flagging more and more security issues with the packages that Observable Framework relies on, many of which have actually been fixed in those packages. There hasn't, as far as I can see from commit dates on GitHub, been any updating of the code for the last 11 months. I know that the Observable team is really excited about their new AI canvases, but not all projects use AI (or even want to), and Framework is a phenomenal tool that should at least be properly maintained even if no further development is happening. Please please please at least do a health check on it a couple of times per year!
@Fil @mbostock
As several recent open issues have indicated, npm and GitHub's dependabot are flagging more and more security issues with the packages that Observable Framework relies on, many of which have actually been fixed in those packages. There hasn't, as far as I can see from commit dates on GitHub, been any updating of the code for the last 11 months. I know that the Observable team is really excited about their new AI canvases, but not all projects use AI (or even want to), and Framework is a phenomenal tool that should at least be properly maintained even if no further development is happening. Please please please at least do a health check on it a couple of times per year!
@Fil @mbostock