As someone who spends a non-zero amount of time trying to explain to developers that, yes actually, the code they’re just randomly importing into the environment from npm is actually a massive, massive security vulnerability and they need an active plan to manage it, this post is basically my nightmare scenario…

Edit: Also, TIL apparently WordPress doesn’t sanitize HTML out of post titles.