Because they’re using events and downloading a few megabytes of extra javascript framework is, of course, a way better option than six lines of SVG stylesheets.

Edit: forgot a /s

It is. If it’s 140 mbit/s (or 15 MB/s), Flight Simulator only uses 54 GB per hour. OP is confusing bits and bytes.

It’s still a shit load of data.

It’s a convenience over privacy thing. If the api is discord compatible you lose the e2e on that channel / server, or make the api e2e but then existing bots need modifying

I could see this being a toggle

Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.

The affected method has signature function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.

You don’t have to be PCI compliant for stuff like bank transfers or other forms of payment. Credit cards aren’t the default payment method everywhere.

Maybe it’s pay on pickup, or just a simple mail with sepa wire transfer instructions.

Also, the PSP can still use JS but your site still doesn’t need to have it. Services like Mollie and Stripe offer checkout environments they host, meaning you still don’t have to use JS on your site.

You can’t get around JavaScript, it’s impossible to build a functioning online store without some kind of JS.

Well, sure you can. It will just be a pain to use for your users, especially when validation comes into play.

But a simple list with an “add to chart” button really won’t need any javascript.

It’s like downloading Limewire Pro with Limewire, totally unexpected.