Because the same “web development” done with v0, downloaded, put in a Docker container, deployed to Lambda, with fine grain access control on the attached IAM role (all of which I’ve done) wouldn’t have that problem.

Oh and I never download random npm packages to my computer. I build and run everything locally within Docker containers

It has absolutely nothing to do with “the modern state of web development”, it’s a piss poor security posture.

Again, I know how the big boys do this…