After running this blog on various platforms since 2007—WordPress, Jekyll, 11ty—I’ve landed on Hugo. The migration wasn’t driven by dissatisfaction with 11ty, which served me well. It was driven by a growing unease with npm.
The npm problem
Every time I ran npm install, I watched dozens of packages download. Dependencies of dependencies of dependencies. Each one a potential supply-chain attack vector. The event-stream incident in 2018 wasn’t an anomaly—it was a preview of an ongoing vulnerability in how we build software.
Building the Slate dashboard revealed a fundamental architectural insight: moving data fetching from browser to build-time solves security, CORS, and reliability problems that plague client-side dashboards. This exploration of server-side generation demonstrates how keeping credentials on servers and eliminating browser-based API calls creates superior security and user experience. read more >
